USN-8321-1: Papers vulnerability

It was discovered that Papers incorrectly handled PDF /GoToR actions. If a user were tricked into opening a specially crafted PDF file, an attacker could use this issue to manipulate command lines and possibly execute arbitrary code...

CVE-2026-32006

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. Remote attackers can send messages and reactions as DM-paired identities...

CVE-2025-70146

Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations e.g.,adding records, deleting records via direct HTTP requests to affected endpoints without a...

PT-2026-20461

Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations e.g.,adding records, deleting records via direct HTTP requests to affected endpoints without a...

EUVD-2013-5563

Malware in sbrugna...

EUVD-2007-5743

Malware in sbrugna...

EUVD-2012-1838

Malware in sbrugna...

EUVD-2021-24932

Malware in sbrugna...

EUVD-2022-28154

Malicious code in bioql PyPI...

CVE-2025-8711

CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote unauthenticated attacker to execute limited actions on behalf of th...

CVE-2025-55147

CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote unauthenticated attacker to execute sensitive actions on behalf of...

CVE-2025-55147

CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote unauthenticated attacker to execute sensitive actions on behalf of...

CVE-2025-33099

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation...

📄 Mouselink 5.0.1 Unauthenticated Remote System Control

Mouselink version 5.0.1 is vulnerable to JWT authentication bypass, allowing remote attackers to perform system-level actions such as shutdown, restart, sleep, and logout without valid credentials. Exploit Title: Mouselink 5.0.1 - Unauthenticated Remote System Control Date: 26/06/25 Exploit Autho...

MAL-2025-4656 Malicious code in remote-actions (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 602ccb0c9280efaed9bc494cf89db45c8fd4d77619a8b621c339d44dc6479bf5 Any computer that has this package installed or running should be considered...

CVE-2021-29995

A Cross Site Request Forgery CSRF issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user including script execution. The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1...

CVE-2025-30512

Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely e.g., on/off...

PT-2025-2608 · Ibm · Ibm Cognos Dashboards

Name of the Vulnerable Software and Affected Versions: IBM Cognos Dashboards versions 4.0.7 through 5.0.0 Description: The issue is related to dependency confusion, allowing a remote attacker to perform unauthorized actions. This could potentially lead to privilege escalation. Recommendations: Fo...

PT-2024-34627 · Ethereum · Ethereum

Name of the Vulnerable Software and Affected Versions: PepeGxng smart contract affected versions not specified Ethereum version 1.12.2 Description: An issue in the PepeGxng smart contract, which can be run on the Ethereum blockchain, allows remote attackers to have an unspecified impact via the...

CVE-2024-20252

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers...