CVE-2025-40552 SolarWinds Web Help Desk Authentication Bypass Vulnerability

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication...

CVE-2026-0779

ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw...

CVE-2025-64180

The vulnerability CVE-2025-64180 affects Manager-io/Manager Desktop and Server (versions 25.11.1.3085 and earlier). The issue stems from a TOCTOU race condition in the DNS validation mechanism, allowing an attacker to bypass network isolation and access internal resources, cloud metadata endpoint...

CVE-2025-35062

Newforma Info Exchange (NIX) before version 2023.1 allows anonymous authentication by default, enabling an unauthenticated attacker to exploit additional vulnerabilities that require authentication. Related sources describe bypass and file-read/upload issues tied to authenticated access and the p...

EUVD-2024-26063

Malicious code in bioql PyPI...

CVE-2025-9273

CVE-2025-9273 refers to a misconfiguration in CData API Server where MySQL connections are allowed to request local files from the MySQL client, enabling information disclosure in NETWORK SERVICE contexts. The flaw is tied to how the server handles MySQL connection options and does not indicate e...

CVE-2025-41362 Code injection vulnerability in IDF and ZLF

Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that...

CVE-2025-27914

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting XSS vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token...

PT-2024-37073 · Simofa · Simofa

Name of the Vulnerable Software and Affected Versions: Simofa versions prior to 0.2.7 Description: Simofa is a tool to help automate static website building and deployment. Due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require...

PT-2024-1656 · Solarwinds · Solarwinds Orion Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: A SQL Injection Remote Code Execution issue was discovered in the SolarWinds Platform, specifically using an update statement. This issue requires user authentication to b...

CVE-2023-23892

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Jamie Poitra M Chart plugin = 1.9.4 versions...

SUSE CVE-2017-9774

Remote Code Execution was found in HordeImage 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication...

PT-2022-24848 · Orckestra · Orckestra C1 Cms

Name of the Vulnerable Software and Affected Versions: Orckestra C1 CMS versions prior to 6.13 Description: A vulnerability in Orckestra C1 CMS allows remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this issue. The authenticated user may...