CVE-2026-45685 OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetr...

CVE-2025-10573

Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required...

PT-2025-45128

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine versions prior to 3.4 Patch 4 or version 3.5 Description A flaw in the RADIUS setting of Cisco Identity Services Engine ISE allows an unauthenticated, remote attacker to cause the system to restart unexpectedly,...

EUVD-2020-26815

Malware in sbrugna...

EUVD-2021-18296

Malware in sbrugna...

EUVD-2023-48659

Malicious code in bioql PyPI...

EUVD-2025-12419

Malicious code in bioql PyPI...

CVE-2025-34021 Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery

A server-side request forgery SSRF vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON...

CVE-2023-47536

An improper access control vulnerability CWE-284 in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny...

CVE-2022-34822

Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite...

CVE-2019-3978

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning...

CVE-2025-24339

CVE-2025-24339 involves the web application of ctrlX OS. The vulnerability allows a remote, unauthenticated attacker to perform various attacks against users of the vulnerable system, including web cache poisoning and Man-in-the-Middle (MitM) via a crafted HTTP request. The CVSS 3.1 base metrics ...

CVE-2025-25280

CVE-2025-25280 describes a buffer overflow in Century Systems FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine). An unauthenticated remote attacker could reboot the device by sending a specially crafted request. Affected firmware/IDs are referenced across multip...

CVE-2024-6762

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory...

CVE-2024-1916

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet...

Mitsubishi Electric MELSEC WS Series Ethernet Interface Module Authentication Bypass By Capture-Replay (CVE-2023-6374)

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote...

Design/Logic Flaw

RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility RVToolsPasswordEncryption.exe and main application RVTools.exe. A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially...

CVE-2023-2846

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets...

CVE-2022-30304

FortiAnalyzer contains a cross-site scripting (XSS) vulnerability (CWE-79) that can be exploited remotely by an unauthenticated attacker via a URL parameter observed in the FortiWeb attack log view. Affects FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8; successful exploitation leads to s...

CVE-2022-41993

DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier is affected by CVE-2022-41993, a Cross-site Scripting (CWE-79) vulnerability. The issue allows a remote unauthenticated attacker to inject arbitrary scripts, potentially impacting users who log in or access the system. Connected sources confirm the af...