CVE-2026-8216

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendo...

MAL-2026-2578 Malicious code in @bokehjs/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c6f4339e19ee914380a69c5c69b600db7df1412b41db50a539eb87db984f68c The package @bokehjs/core was found to contain malicious code. Source: ghsa-malware 6e18981ac8adec7cb489a1be8841f5f6862c8f1298c570346d5210c99dd275fe...

CVE-2025-15260 MyRewards – Loyalty Points and Rewards for WooCommerce <= 5.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Loyalty Rule Modification

The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax' function. This makes it...

CVE-2018-10283

CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar action...

CVE-2025-8711

CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote unauthenticated attacker to execute limited actions on behalf of th...

CVE-2011-5270

wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publishposts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role...

Malicious code in actions-languageservices (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6468057d6ae17756ec02b7293da5160697424f26a39e172bce32c38a2b2337b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in gradient-tiny (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 072e069157bae3a21204a965538030cd1d107c5a79c9574cc9b663c06225b36a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-3708 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc6fc47a2dcce93df310ec5813c39993ce73a5e2949117a7a179b84f11700468 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fc-configuration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9b68086fd0051292bc67463fb3958df8135c5e3f16b9ad8298c813e9053357b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in aae-stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36e873811e988aacce5a1b80244d157a56da0753c128f1d7581878716119c230 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-474 Malicious code in @nexthink/remote-action-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86698731809005faec3205f9983a58ba0618524c630cd71a9da2ed96bf1c8582 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mailru-toolkit-lego-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ad7f34dc30e8c7b2d7ac5ce792161ffaa94305473c6cbfc016f30ff1d89916b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-40350

webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate...

Google Android April 2021 Security Patch Vulnerabilities: Discover and Take Remote Response Action Using VMDR for Mobile Devices

The recently released Android Security Bulletin for April 2021 addresses 36 vulnerabilities, out of which 2 are rated as critical vulnerabilities. The vulnerabilities affect open-source components such as the Android Framework, Android Media Framework, Android System, and Android’s Linux Kernel...

Siemens 44x-1 RNA CP Remote Administrative Action Execution

Binary data 153.prm...

Securifi Almond Cross-Site Request Forgery Vulnerability

Securifi Almond is a wireless router product from Securifi. Securifi Almond uses a default password and suffers from a cross-site request forgery vulnerability that allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious actions in the context...

Serv-U 4.x "site chmod" Remote Buffer Overflow Exploit

No description provided by source. include stdio.h include sys/types.h include sys/socket.h include netinet/in.h define exploitlength 511 define NOP 'A' define SEHhandleroffset 400 char SEHhandler = \x41\x41\xEB\x04; // 3 jmp over next four bytes char retaddress4004 = \xab\x1c\x5f\x01; // 1...