ROS-20260508-73-0007

Vulnerability in roundcubemail related to the use of an insecure alternate channel. Exploitation of the vulnerability could allow an attacker acting remotely to modify user projects and/or device configuration via cip commands...

CVE-2026-33951

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT...

CVE-2026-33951

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT...

CVE-2026-33951 signalk-server: Unauthenticated Source Priorities Manipulation

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT...

CVE-2026-33951

Signal K Server (boat hub) exposes an unauthenticated HTTP endpoint PUT /signalk/v1/api/sourcePriorities that directly assigns user input to the server configuration, enabling attackers to modify navigation data source priorities. The issue is triggered by missing authentication/authorization and...

Ubuntu: Security Advisory (USN-8139-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-31849

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an...

CVE-2026-1670

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address...

CVE-2024-41162

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only...

CVE-2025-13158

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

CVE-2025-13158 apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

CVE-2025-13158 apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

CLSA-2025-1765386044 Fix CVE(s): CVE-2025-53057, CVE-2025-53066, CVE-2025-61748

OpenJDK 8u472 release - CVE-2025-53057: fix unauthorized remote data-modification - CVE-2025-53066: fix unauthorized remote data access - CVE-2025-61748: fix limited remote unauthorized data modification - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2025-October/thread.html...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : OpenJDK 17 vulnerabilities (USN-7883-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7883-1 advisory. Jinfeng Guo discovered that the Security component of OpenJDK 17 did not correctly handle certain...

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions prior to 7.12.6 that stems from a type confusion when handling the module parameter in the deleteAttachment function, which could allow an unauthenticated, remote...

EUVD-2019-7763

Malware in sbrugna...

EUVD-2017-7310

Malware in sbrugna...

CVE-2025-35431 CISA Thorium LDAP injection

CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1...

Linux Distros Unpatched Vulnerability : CVE-2009-4495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly...

The vulnerability of the Cisco Identity Services Engine (ISE) platform, which relates to the use of strictly encrypted login credentials, allows a hacker to alter the software configuration.

The vulnerability of the Cisco Identity Services Engine ISE platform relates to the use of strictly encrypted login credentials. Exploiting this vulnerability could allow a malicious actor to remotely modify the software configuration...