CVE-2026-10584

Graph Explorer before 3.0.1 uses an HTTP fallback when certificate files are missing, exposing potential interception of HTTPS requests. The vulnerability affects the proxy component of Graph Explorer and can lead to disclosure of sensitive information. The recommended remediations are to upgrade...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a buffer overflow vulnerability. This vulnerability stemmed from out-of-bounds read operations in Headless mode, which could allow remote attackers with compromised rendering...

EUVD-2026-31657

A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely...

CVE-2026-8745

A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogstimeradd in the library /src/ausf/nausf-handler.c of the component AUSF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available an...

CVE-2026-7706 Open5GS AMF gmm-handler.c gmm_handle_service_request denial of service

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function gmmhandleservicerequest of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public a...

CVE-2026-7461 OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

CVE-2026-7219

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entryname can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

PT-2026-31471

Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse compressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server...

CVE-2026-20093

A vulnerability in the change password functionality of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An...

CVE-2026-1597

A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument cisession leads to improper authorization. The attack may be performed from remote. The exploit has been disclos...

Huawei EulerOS: Security Advisory for avahi (EulerOS-SA-2025-2605)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-14117

A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure...

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2025-2274)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2018-9665

Malware in sbrugna...

EUVD-2024-17581

Malicious code in bioql PyPI...

EUVD-2024-50366

Malicious code in bioql PyPI...

CVE-2025-11032

A flaw has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This issue affects some unknown processing of the file /Profilers/PriProfile/COUNT3s6.php. Executing manipulation of the argument CPU can lead to sql injection. The attack may be performed from...

PT-2025-36499

Name of the Vulnerable Software and Affected Versions: code-projects Online Event Judging System version 1.0 Description: A weakness exists in code-projects Online Event Judging System 1.0. The issue impacts an unknown function of the file /home.php. Manipulation of the main event argument can le...

ROS-20250904-05

Vulnerability of DNS load balancer and proxy for DNS traffic DNSdist is related to insufficient checking of incoming TCP connections from the client. of incoming TCP connections from the client. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

The vulnerability of the fromadvsetlanip() function (/goform/AdvSetLanip) in the Tenda AC6 router software allows a hacker to trigger a service failure.

The vulnerability of the fromadvsetlanip function /goform/AdvSetLanip of the Tenda AC6 router’s microprogramming software is related to the copying of buffers without checking the size of the input data when processing the lanMask parameter. Exploiting this vulnerability could allow a remote...