Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there were security vulnerabilities. These vulnerabilities stemmed fr...

📄 MiniCMS 1.11 Exploitation Toolkit

This toolkit focuses on validating and demonstrating the impact of a known and documented design flaw in MiniCMS 1.11 related to its build process CVE-2018-1000638. MiniCMS relies on an insecure build.php script that blindly packages filesystem contents into install.php without enforcing integrit...

Blurams Flare Camera 安全漏洞

Blurams Flare Camera is a camera from Blurams USA. A security vulnerability exists in Blurams Flare Camera 24.1114.151.929 and earlier versions, which stems from a flaw in the boot process and could lead to the disclosure of sensitive information...

CVE-2025-12789

The CVE-2025-12789 issue affects Red Hat Single Sign-On and is an Open Redirect vulnerability during the logout process. The root cause is that the redirect_uri parameter used in the openid-connect logout flow is not properly validated, enabling potential redirection to a malicious URL. Documents...

EUVD-2013-0921

Malware in sbrugna...

EUVD-2024-31871

Malicious code in bioql PyPI...

EUVD-2021-32634

Malicious code in bioql PyPI...

PT-2025-48445

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon affected versions not specified Description A flaw exists in Qualcomm Snapdragon chipsets related to insufficient input validation during buffer copying. Specifically, a corrupted ELF image with an oversized file size can b...

Studio 3T 安全漏洞

Studio 3T is a native cross-platform MongoDB management tool open-sourced by Studio 3T. A security vulnerability exists in Studio 3T 2025.1.0 and earlier versions, which stems from improper handling of a specially crafted payload by the childprocess module and could lead to arbitrary code executi...

The vulnerability of the Data Loss Prevention module of Trend Micro Apex One and Apex One as a Service allows a perpetrator to execute arbitrary code.

The vulnerability of the Data Loss Prevention module in Trend Micro Apex One and Apex One as a Service antivirus software is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code using a...

The vulnerability of the msg_process() function in TOTOLINK CA600-PoE router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the msgprocess function in TOTOLINK CA600-PoE router microprogramming software is related to the lack of measures taken at the control level during the processing of the URL parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

CVE-2024-6030

Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code within the sandbox on the target system in order to exploit this...

CVE-2025-24973 Concorde not removing authentication tokens after logging out

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker ...

Astro's server source code is exposed to the public if sourcemaps are enabled

Summary A bug in the build process allows any unauthenticated user to read parts of the server source code. Details During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible folder...

WordPress plugin Crypto 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

The vulnerability of the Okta Verify multi-factor authentication application update service for Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Okta Verify multi-factor authentication application update service for Windows operating systems is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

Cisco Access Point 安全漏洞

Cisco Access Point is a network access point device from Cisco, Inc. It provides high-density wireless connectivity for small offices. A security vulnerability exists in Cisco Access Point Software, which stems from a flaw in the boot process that could allow an unauthenticated physical attacker ...

WordPress Plugin Web3 Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Vulnerability fixed in Veritas NetBackup

Symantec has fixed a vulnerability in Veritas NetBackup. The vulnerability is located the BPCD process and allows an unauthenticated malicious person to upload and execute with permissions from the backup process. No CVE ID has been disclosed for this vulnerability yet. Symantec has released...

AVG Technologies AVG Antivirus 安全漏洞

AVG Technologies AVG Antivirus is a suite of antivirus software from the Czech company AVG Technologies. A security vulnerability exists in AVG Technologies AVG Antivirus that stems from a security issue in the Quarantine process that results in the creation of arbitrary files...