858 matches found
CVE-2025-55265
HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks...
CVE-2026-27091
Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through = 3.5.09...
EUVD-2026-16076
A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protected Share Handler. Performing a manipulation results in improper authentication. The attack is...
Malicious code in @universeorg/dotenv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e1bca28be318e644a718c57c724dac6b6b480889b772e317cda8bb23512515c The package @universeorg/dotenv was found to contain malicious code. Source: ghsa-malware...
SUSE CVE-2026-27945
ZITADEL is an open source identity management platform. Zitadel Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs...
CVE-2026-4616 bolo-blog Article Title article cross site scripting
A security flaw has been discovered in bolo-blog up to 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulation of the argument articleTitle results in cross site scripting. It is possible to initiate the...
CVE-2026-4548
CVE-2026-4548 affects mickasmt next-saas-stripe-starter 1.0.0. The vulnerable component is the function updateUserrole in actions/update-user-role.ts, where manipulation of arguments userId/role leads to improper authorization. The impact is described as remote exploit with network access; the vu...
EUVD-2026-14258
A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/httpproxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation ...
Linux Distros Unpatched Vulnerability : CVE-2026-4115
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc- ssh.c of the component Ed25519 Signature Handler. The...
MAL-2026-1945 Malicious code in cryptopapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8115fdc278d0fa50691d9381670d65784c4e58c7350c6f039f4cc48900003832 The package cryptopapi was found to contain malicious code. Source: ghsa-malware 36add754a3a299e4d93abe760b631b4a294d017297d11825b1fc1e2363030172 Any...
MAL-2026-1489 Malicious code in asset-delivery (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff566136dd4e76e6bc8da12a23345712a57b375d3d0586ee36922cc0ffbbf880 The package asset-delivery was found to contain malicious code. Source: ghsa-malware ce9daf86327543018f44899bd8967bf2b927d6f1d9267b6726281b5ea0765868...
CVE-2026-4221
A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has...
Malicious code in vtimmmmmm-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f98c647bcb6a277d8ef94407b1287e79a9840e0956aa955ff01ea19778219c7 The package vtimmmmmm-test was found to contain malicious code. Source: ghsa-malware 7f04d92a8262ba75c225fb58633a5dfbe7c1d4a750b88f634dde448a81e13b63...
Malicious code in dazaar-cli (npm)
The package 'dazaar-cli' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...
PT-2026-25611
A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The...
CVE-2026-4194
CVE-2026-4194 affects multiple D-Link DNS devices (e.g., DNS-120, DNS-320 family, DNS-1550-04, others) with the vulnerable element in the CGI: /cgi-bin/system_mgr.cgi, function cgi_set_wto. The issue is improper access controls due to manipulating this function, enabling remote exploitation. Mult...
simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption
Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts...
CVE-2026-3967 Alfresco Activiti Process Variable Serialization System SerializableType.java createObjectInputStream deserialization
A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization...
CVE-2026-3762
A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmindeletemanager.php of the component Endpoint. The manipulation of the argument managerid leads to improper authorization. It is possible to initiate th...
CVE-2026-3715
A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument delflag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made publ...