Progress Software MOVEit 安全漏洞

Progress Software MOVEit is a secure hosted file transfer software developed by Progress Software Corporation in the United States. Versions of Progress Software MOVEit prior to 2025.0.11, as well as versions from 2025.1.0 to 2025.1.7, contained security vulnerabilities. These vulnerabilities wer...

Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component 代码注入漏洞

The Mesalvo Meona Client Launcher Component and the Mesalvo Meona Server Component are both products of the Mesalvo company. The Mesalvo Meona Client Launcher Component is a component designed for launching clients of medical information systems and facilitating application access. The Mesalvo...

Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component 安全漏洞

The Mesalvo Meona Client Launcher Component and the Mesalvo Meona Server Component are both products of the Mesalvo company. The Mesalvo Meona Client Launcher Component is a component designed for launching clients of medical information systems and facilitating application access. The Mesalvo...

BIT-AUTHENTIK-2026-25922 authentik has a Signature Verification Bypass via SAML Assertion Wrapping

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under...

CVE-2026-1768

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...

CVE-2025-7630 OTP Password Brute Forcing in DorukNet's Wispotter

Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force. This issue affects Wispotter: from 1.0 before v2025.10.08.1...

CVE-2026-24874

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30...

CVE-2026-24874

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30...

EVerest security vulnerabilities

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions of EVerest prior to 2025.12.1 contain security vulnerabilities. These vulnerabilities stem from a vulnerability that allows bypassing sequence state verification and authentication, potentiall...

Everest-core authorization issue vulnerability

Everest-core is a major component of the open-source electric vehicle charging software stack developed by EVerest. Versions of Everest-core prior to 2025.12.1 contained an authorization vulnerability. This vulnerability stemmed from the default configuration of...

CVE-2025-61916 Spinnaker vulnerable to SSRF due to improper restrictions on http from user input

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...

EUVD-2025-26059

Malicious code in bioql PyPI...

CVE-2025-8875

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1...

CVE-2025-52385

An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the childprocess module...

Salesforce OmniStudio 安全漏洞

Salesforce OmniStudio is a digitization platform from US-based Salesforce, Inc. A security vulnerability exists in versions of Salesforce OmniStudio prior to 2025, which stems from an improper privilege retention issue that could lead to the disclosure of encrypted data...

Merkur Software B2B Login Panel SQL注入漏洞

Merkur Software B2B Login Panel is a B2B login panel from Merkur Software. A SQL injection vulnerability exists in Merkur Software B2B Login Panel versions prior to 15.01.2025 that stems from the presence of SQL injection...

CVE-2024-57773

A cross-site scripting XSS vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...