362 matches found
EUVD-2022-24901
Malicious code in bioql PyPI...
EUVD-2024-39556
Malicious code in bioql PyPI...
EUVD-2023-33991
Malicious code in bioql PyPI...
EUVD-2024-22396
Malicious code in bioql PyPI...
CVE-2025-55050
CWE-1242: Inclusion of Undocumented Features...
JVN#50585992: Multiple vulnerabilities in multiple iND products
Multiple products provided by iND Co.,Ltd contain multiple vulnerabilities listed below. Insecure storage of sensitive information CWE-922 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2025-53507 OS...
CVE-2025-54883 Vision UI's security-kit Contains Cryptographic Weakness
Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the getSecureRandomInt function in security-kit versions prior to 3.5.0 packaged in Vision-ui = 1.4.0 contains a critical cryptographic weakness. Due to a silent 32-bit...
curl: Default Minimum TLS Version Set to TLS v1.0 (Cryptographic Weakness)
Summary: Curl sets TLS v1.0 as the default minimum version, which is outdated and vulnerable to attacks like BEAST, posing a risk to data integrity and confidentiality. This was found through manual code review. No AI was used in identifying the issue or generating this report. Affected Version:...
CVE-2024-49783
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability t...
CVE-2024-49783 IBM OpenPages with Watson information disclosure
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability t...
The vulnerability of the cet.c component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the cet.c component in the Linux operating system’s kernel is related to the lack of data security mechanisms. Exploiting this vulnerability can allow an attacker to cause a service failure...
nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery
New research has uncovered continued risk from a known security weakness in Microsoft's Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service SaaS applications. Identity security company Semperis, in an analysis of 104 SaaS applications,...
CVE-2025-47725 Out-of-bounds Write in CNCSoft
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...
CVE-2023-31759
Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack...
CVE-2023-38738
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit...
CVE-2023-43018
IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163...
The vulnerability of the /adv_arpspoofing.php file, a component of the ARP Spoofing Prevention software for D-Link DAP-2695 wireless access points, allows attackers to execute cross-site scripting attacks.
The vulnerability of the /advarpspoofing.php file, a component of the ARP Spoofing Prevention software for D-Link DAP-2695 wireless access points, is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site...
CVE-2022-33097
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campusjob...
CVE-2025-4280
Poedit on macOS is affected by CVE-2025-4280 due to a bundled Python interpreter inheriting the app’s TCC permissions. A local attacker can invoke the interpreter to run arbitrary commands using those granted permissions to access files in privacy-protected folders without user prompts, potential...
CVE-2019-15496
MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...