CVE-2026-0401

A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall...

CVE-2019-25258

LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to...

CVE-2025-8078

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...

EUVD-2012-6605

Malware in sbrugna...

EUVD-2024-54137

Malicious code in bioql PyPI...

EUVD-2022-47206

Malicious code in bioql PyPI...

EUVD-2022-47202

Malicious code in bioql PyPI...

EUVD-2021-7507

Malicious code in bioql PyPI...

EUVD-2024-54138

Malicious code in bioql PyPI...

CVE-2025-41452

Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions...

CVE-2025-41452

Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions...

CVE-2025-41452

Danfoss AK-SM8xxA Series before 4.3.1 contains a post-authenticated external control of the system Web interface configuration, with improper handling of exceptional conditions that could cause a DoS. CVSS 6.8 (Network, high attack complexity, high impact on availability). Remediation: update to ...

CVE-2012-10059

Dolibarr ERP/CRM versions = 3.1.1 and = 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sqlcompat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code...

CVE-2025-49214

CVE-2025-49214 concerns Trend Micro Endpoint Encryption PolicyServer with an insecure deserialization flaw that could enable post-auth remote code execution. Affected component/behavior: deserialization function in PolicyServer; root cause described as insecure deserialization. Impact: high acros...

Microhard Bullet-LTE和Microhard IPn4Gii-NA2 安全漏洞

The Microhard Bullet-LTE and Microhard IPn4Gii-NA2 are both products of Microhard Canada.The Microhard Bullet-LTE is an industrial serial gateway. It utilizes a 4G / HSPA + / LTE network infrastructure to provide a compact, rugged, and powerful industrial-strength wireless solution Microhard...

CVE-2024-45884

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMGroup...

CVE-2024-45891

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletewlanprofile...

CVE-2023-46683

A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated...

CVE-2022-44258

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function...

CVE-2022-44257

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function...