CVE-2025-69600

CVE-2025-69600 affects RayVentory Raynet RVIA 12.6.4392.49-amd64.deb. Root cause is Argument Injection in an improperly terminated find command used to locate Java, enabling local attackers to execute arbitrary code via commands injected through getconfig, upload, or oracle options (and inventory...

Multiple vulnerabilities in LogonTracer

Overview LogonTracer provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC is a tool to investigate malicious Windows logons by visualizing and analyzing Windows event logs. LogonTracer contains multiple vulnerabilities listed below. OS command injection CWE-78 -...

CVE-2026-35559 Out-of-bounds write in query processing components in Amazon Athena ODBC driver

Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0...

CVE-2026-32730

CVE-2026-32730 affects ApostropheCMS: the bearer token authentication flow can bypass MFA/TOTP if a password-verification token (incompleteToken) is used as a bearer token. The root cause is a MongoDB query bug in the getBearer() logic: it checks for requirementsToVerify with $ne: [] (not equal t...

EUVD-2026-12975

ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware...

MiracleLinux 9 : aardvark-dns-1.14.0-1.el9 (AXSA:2025-10147:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10147:01 advisory. containers/aardvark-dns: TCP Query Handling Flaw in Aardvark-dns Leading to Denial of Service CVE-2024-8418 Tenable has extracted the preceding description...

CVE-2024-44648

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php...

EUVD-2020-7604

Malware in sbrugna...

aardvark-dns security update

An update is available for aardvark-dns. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Authoritative DNS server for A/AAAA container records Forwards other...

RLSA-2025:7094 Moderate: aardvark-dns security update

Authoritative DNS server for A/AAAA container records Forwards other request to configured resolvers. Read more about configuration in src/backend/mod.rs. Security Fixes: containers/aardvark-dns: TCP Query Handling Flaw in Aardvark-dns Leading to Denial of Service CVE-2024-8418 For more details...

CVE-2012-10047

CVE-2012-10047 concerns Cyclope Employee Surveillance Solution, version 6.x. A SQL injection flaw in the login flow (auth-login) arises because the username parameter is not properly sanitized, enabling an attacker to inject arbitrary SQL. According to connected documents, this can be leveraged t...

The vulnerability in the WeGIA web manager’s script /html/funcionario/dependente_editarInfoPessoal.php allows a perpetrator to disclose confidential information, increase their privileges, or execute arbitrary code.

The vulnerability of the WeGIA web manager’s script /html/funcionario/dependenteeditarInfoPessoal.php is related to the lack of protection for the SQL query structure during the processing of the parameter idatendidofamiliares. Exploiting this vulnerability can allow an attacker to disclose...

The vulnerability of the ExportCertificate method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the ExportCertificate method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allo...

The vulnerability of the LockUser method in software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the LockUser method in software for managing and monitoring removed objects in telemetry and telemechanics systems related to the TeleControl Server Basic is associated with the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a...

CVE-2022-34872

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of ...

ALSA-2025:7094 Moderate: aardvark-dns security update

Authoritative DNS server for A/AAAA container records Forwards other request to configured resolvers. Read more about configuration in src/backend/mod.rs. Security Fixes: containers/aardvark-dns: TCP Query Handling Flaw in Aardvark-dns Leading to Denial of Service CVE-2024-8418 For more details...

RHEL 9 : aardvark-dns (RHSA-2025:7094)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:7094 advisory. Authoritative DNS server for A/AAAA container records Forwards other request to configured resolvers. Read more about configuration in...

The vulnerability of the graphical interface of the Fortinet FortiPorta security analysis and management tool allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Fortinet FortiPortal graphical interface for security analysis and management lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to protected information by...

The vulnerability of the EdOnline EMS system allows a perpetrator to disclose protected information.

The vulnerability of the EdOnline EMS educational process management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

PT-2024-39246 · Syscom · Omflow

Name of the Vulnerable Software and Affected Versions: OMFLOW from The SYSCOM Group affected versions not specified Description: The issue is related to the data query functionality in OMFLOW, which does not properly restrict the query range. This allows remote attackers with regular privileges t...