CVE-2026-40893 Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

EUVD-2022-35447

Malicious code in bioql PyPI...

CVE-2025-48784

A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization...

PT-2024-7516 · Rockwell Automation · Rockwell Automation Thinmanager

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ThinManager affected versions not specified Description: An authentication issue exists in the affected product, allowing a threat actor with network access to send crafted messages to the device, potentially resulting in...

Diebold Nixdorf Vynamic View Console 代码问题漏洞

Diebold Nixdorf Vynamic View Console is a Diebold Nixdorf system that allows remote changes to all PC-based devices via Intel Active Management Technology AMT BIOS management. A code issue vulnerability exists in Diebold Nixdorf Vynamic View Console versions prior to 5.9.5 that stems from an...

PT-2023-9106 · D Link · D-Link Dap-2622

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2622 affected versions not specified Description: The issue is related to the lack of authentication for a critical function in the DDP service of the D-Link DAP-2622 wireless access point's firmware. This allows a remote attacker ...

Design/Logic Flaw

Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the...

PrinterLogic Client Multiple Vulnerabilities (May 3, 2019)

The version of PrinterLogic Client installed on the remote host is affected by the following vulnerabilities: - The PrinterLogic Print Management software does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious,...

Router ONO Hitron CDE-30364 - CSRF Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Router ONO Hitron CDE-30364 - CSRF Vulnerability Date: 14-9-2013 Exploit Author: Matias Mingorance Svensson - matias.msatowasp.org Vendor Homepage:...

Medium: cups

Issue Overview: It was discovered that CUPS administrative users members of the SystemGroups groups who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary...