CVE-2025-67851

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to...

CVE-2025-67851 Moodle: moodle: formula injection allows arbitrary formula execution via unescaped data export

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to...

CVE-2025-58382 Privilege escalation in Brocade Fabric before 9.2.1c2 and 9.2.2 through 9.2.2a

A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload...

ASUSTOR ADM 安全漏洞

ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1, and from version 5.0.0 to 5.1.1.RCI1 of ASUSTOR ADM. These vulnerabilities stem from improper validation of input parameters...

PT-2026-5963

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A remote attacker could exploit a reflected Cross-Site Scripting XSS vulnerability in the policy tool return URL. This issue stems from inadequate sanitization of URL parameters, enabling...

PT-2026-5957

Name of the Vulnerable Software and Affected Versions TOTOLINK A950RG version 4.1.2cu.5204 B20210112 Description A buffer overflow issue exists in the setParentalRules interface. The urlKeyword parameter does not undergo proper validation. The system concatenates multiple user-supplied values int...

EUVD-2025-206713

A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204B20210112. The issue resides in the setRadvdCfg interface of the /lib/cstemodules/ipv6.so module. The function fails to properly validate the length of the user-controlled radvdinterfacename parameter, allowing remote attacker...

openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 an...

CVE-2022-50977 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via HTTP

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP...

CVE-2026-20422

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...

CVE-2026-20401

CVE-2026-20401 affects Modem. It describes a crash caused by an uncaught exception that could allow remote denial of service when a User Equipment connects to a rogue base station, with no additional execution privileges or user interaction required. A patch is listed as MOLY01738310 (MSV-5933). ...

EUVD-2026-5095

A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit is...

CVE-2026-1744

A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sppppoeuser.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotely. The exploit has been made public and coul...

CVE-2026-1741 EFM ipTIME A8004T Debug d.cgi httpcon_check_session_url backdoor

A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpconchecksessionurl of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an...

CVE-2026-1738

A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwctunneladd of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. The attack can be executed remotely. The exploit has been published...

CVE-2026-1736

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwcs11handlecreateindirectdataforwardingtunnelrequest of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. The attack may be launched remotely. The...

Innomic VibroLine Series 访问控制错误漏洞

The Innomic VibroLine Series is a professional vibration measurement and analysis system developed by the German company Innomic. The Innomic VibroLine Series contains a security access control vulnerability. This vulnerability arises from the possibility for unverified remote attackers to use th...

PT-2026-6446

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle MITM attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in...

FreshRSS 1.11.1 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in FreshRSS version 1.11.1. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

PT-2026-5601

A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit vpncli file upload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploi...