83 matches found
EUVD-2026-27974
Inappropriate implementation in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
📄 Vienna Assistant 1.2.542 macOS Privilege Escalation
A macOS helper service interface implemented via NSXPC was observed exposing methods that may allow privileged operations such as file writing and command execution through a remote proxy connection...
CVE-2026-6942 radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass
radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2cmdstr. Attackers can inject shell metacharacters throu...
Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization
Summary A missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a different node. This issue stems from missing logic to verify that the node...
GHSA-G7VW-F8P5-C728 Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization
Summary A missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a different node. This issue stems from missing logic to verify that the node...
PT-2026-20331
Name of the Vulnerable Software and Affected Versions Pterodactyl Panel versions prior to 1.12.1 Description A missing authorization check allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a...
CVE-2025-0980
Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials...
Exploit for CVE-2025-9074
CVE-2025-9074 Docker Container Command Execution Tool A power...
Qualcomm Chipsets 输入验证错误漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An input validation error vulnerability exists in Qualcomm Chipsets, which arises from a memory corruption when processing large input data from a communication interface from a remote source...
EUVD-2025-36355
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextlinkrmtitfaddr function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...
Improper Access Control
com.liferay.portal, release.portal.bom is vulnerable to improper access control. The vulnerability is due to the failure to restrict API access before a user changes their initial password, which allows an attacker to remotely access and modify content via the API...
EUVD-2012-3004
Malware in sbrugna...
EUVD-2012-2988
Malware in sbrugna...
EUVD-2007-3253
Malware in sbrugna...
CVE-2025-7388
It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...
CVE-2025-52545
E3 Site Supervisor Control firmware version 2.31F01 RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services...
CVE-2025-52545 Privilege escalation in the application services
E3 Site Supervisor Control firmware version 2.31F01 RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services...
Linux Distros Unpatched Vulnerability : CVE-2025-5067
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page...
Linux Distros Unpatched Vulnerability : CVE-2017-7153
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTun...
Linux Distros Unpatched Vulnerability : CVE-2024-20919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions...