CVE-2026-6956

ATutor is vulnerable to a Reflected XSS in the /install/install.php endpoint. An attacker can supply a crafted URL that, when opened, causes arbitrary JavaScript execution in the victim’s browser. The issue has been tested only on version 2.2.4; other versions were not tested but might also be vu...

K000160908: Linux kernel vulnerability CVE-2019-15902

Security Advisory Description A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in...

Malicious code in product-status (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b87ef85e41f2a3ee4d9e8e898f2131e8ea1b5d03c9e44368af02a6c45af73a7 The package product-status was found to contain malicious code...

MAL-2026-2385 Malicious code in product-status (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b87ef85e41f2a3ee4d9e8e898f2131e8ea1b5d03c9e44368af02a6c45af73a7 The package product-status was found to contain malicious code...

CVE-2025-53508

CVE-2025-53508 affects iND Co.,Ltd embedded devices including HL330-DLS (MC7700/MC7330 variants), HL320-DLS, LM-100, LM-200 (AMP570/EC25-J variants), L2X Assist, L2X Assist-RS-A/E, F2L Assist-SS-A/E. Root cause is OS command injection allowing an arbitrary OS command to be executed, potentially l...

CVE-2025-53507

CVE-2025-53507 affects multiple iND Co.,Ltd products (e.g., HL330-DLS, HL320-DLS, LM-100/LM-200, L2X Assist(-RS-A), F2L Assist(-SS-A/E)) due to insecure storage of sensitive information, mainly configuration data such as admin passwords. Root cause: storing credentials insecurely within affected ...

PT-2025-35184

Name of the Vulnerable Software and Affected Versions: iND Co.,Ltd products affected versions not specified Description: Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information issue. Exploitation may lead to the disclosure of configuration information, such...

CVE-2023-49225

A cross-site-scripting vulnerability exists in Ruckus Access Point products ZoneDirector, SmartZone, and AP Solo. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see...

CVE-2023-35872

The Message Display Tool MDT of SAP NetWeaver Process Integration - version SAPXIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The...

CVE-2023-35872

The Message Display Tool MDT of SAP NetWeaver Process Integration - version SAPXIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The...

SA40021 - GHOST glibc gethostbyname() buffer overflow (CVE-2015-0235)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A buffer overflow vulnerability has been discovered in the glibc library. This issue is known as CVE-2015-0235 and is commonly referred to as "GHOST". The issue was found in the...

Micro Focus Enterprise Developer and Enterprise Server Authentication Bypass Vulnerability

Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company.Micro Focus Enterprise Developer is a set of integrated development environments for the mainframe.Enterprise Server is a production deployment platform for mainframe programs. Enterprise...

DigitalSellz: The product/status method CSRF

When we use the "on/off" buttons to set the products to be shown on the products page, a POST-request to https://www.digitalsellz.com/product/status is sent with only the product id as a parameter no other security tokens. So the idea is to make my rival visit a web page with a code like this:...

DownlevelDefender: Product Enabled

Detects whether the DownlevelDefender product is enabled...

Defender: Product Enabled

Detects whether the Defender product is enabled...