SUSE CVE-2026-33065

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

GO-2026-4481 Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise in github.com/milvus-io/milvus

Milvus: Unauthenticated Access to Restful API on Metrics Port 9091 Leads to Critical System Compromise in github.com/milvus-io/milvus. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

CVE-2023-31585

Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php...

EUVD-2019-0308

Malware in sbrugna...

EUVD-2021-19573

Malware in sbrugna...

EUVD-2022-1868

Malicious code in bioql PyPI...

EUVD-2023-35882

Malicious code in bioql PyPI...

CVE-2025-32896

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

CVE-2025-32896

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

CVE-2025-32896 Apache SeaTunnel: Unauthenticated insecure access

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

CVE-2025-32802

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

CVE-2023-31585

Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php...

CVE-2023-31585

Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to a file upload flaw via /admin/add-category.php. The issue, confirmed across multiple sources, permits uploading arbitrary files, with CVSS v3.1 indicating Network attack, no privileges required, no user interaction, and high impact to confidential...

CVE-2023-31585

Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php...

F5 NGINX Unit 安全漏洞

F5 NGINX Unit is a multilingual dynamic application server from F5 Corporation. The product supports a RESTful JSON API to run applications built using multiple languages and frameworks. A security vulnerability exists in F5 NGINX Unit prior to version 1.34.2, which stems from an infinite loop th...

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 CVSS score: 9.8, the vulnerability impacts all versions of the software before 1.3.0. It has been describ...

CVE-2024-27488

ZLMediaKit versions 1.0–8.0 are affected by an Incorrect Access Control vulnerability that enables remote attackers to escalate privileges and obtain sensitive information. The issue stems from the application enabling the HTTP API interface by default and using a secret parameter for authenticat...

Commander - A Command And Control (C2) Server

Commander is a command and control framework C2 written in Python, Flask and SQLite. It comes with two agents written in Python and C. Under Continuous Development Not script-kiddie friendly Features Fully encrypted communication TLS Multiple Agents Obfuscation Interactive Sessions Scalable Base6...