CVE-2022-42376

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

EUVD-2021-24287

Malware in sbrugna...

EUVD-2025-4638

Malicious code in bioql PyPI...

EUVD-2022-1443

Malicious code in bioql PyPI...

CVE-2025-7215

CVE-2025-7215 affects FNKvision FNK-GU2 (firmware up to 40.1.7). The issue involves a problematic functionality in /rom/wpa_supplicant.conf that leads to cleartext storage of sensitive information. The attack can be launched on a physical device; attack complexity is high, and exploitability is t...

D-Link DI-7003GV2 /H5/state_view.data File Information Disclosure Vulnerability

The D-Link DI-7003GV2 is a router from China-based AUO D-Link. The D-Link DI-7003GV2 suffers from an information disclosure vulnerability that originates in the file /H5/stateview.data function sub41E304, which is not sufficiently protected for sensitive information and can be exploited by an...

IBM SPSS Statistics Encryption Problem Vulnerability

IBM Spss Statistics is a software package from International Business Machines IBM, Inc. It is used for interactive or batch statistical analysis. An encryption issue vulnerability exists in IBM SPSS Statistics versions 26.0, 27.0.1, 28.0.1, and 29.0.2, which stems from the use of a weak encrypti...

CVE-2025-20231

Affected software: Splunk Enterprise (versions below 9.4.1, 9.3.3, 9.2.5, 9.1.8) and Splunk Secure Gateway app (Splunk Cloud Platform) below 3.8.38 and 3.7.23. Description: a low-privileged user without admin/power roles can perform a search using the permissions of a higher-privileged user, risk...

CVE-2024-49781

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

SQL Injection Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-46176)

Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...

Adobe InDesign Out-of-Bounds Read Vulnerability (CNVD-2024-38535)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to obtain sensitive information...

IBM Engineering Requirements Management DOORS Web Access XML External Entity Injection Vulnerability

IBM Engineering Requirements Management DOORS Web Access is an engineering requirements management software from International Business Machines IBM. An XML external entity injection vulnerability exists in IBM Engineering Requirements Management DOORS Web Access version 9.7.2.8, which can be...

Path Traversal Vulnerability in Sonatype Nexus Repository

Nexus Repository Manager is a repository management system. A path traversal vulnerability exists in Sonatype Nexus Repository Manager that can be exploited by an attacker to obtain sensitive information...

CVE-2023-50614

An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci...

IBM Cloud Pak for Security and IBM QRadar Suite Software Information Disclosure Vulnerability

IBM Cloud Pak for Security is an application from International Business Machines IBM, Inc. an open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster. An information disclosure vulnerability exists in IBM Clou...

Information leakage vulnerability in Jishikai PLM

Jishikai Industrial Software Ltd. is an enterprise mainly engaged in software and information technology service industry. An information disclosure vulnerability exists in Jishikai PLM, which can be exploited by attackers to obtain sensitive information...

TOTOLINK X5000R suffers from weak password vulnerability

The TOTOLINK X5000R is a Gigabit dual-band WiFi6 router. TOTOLINK X5000R suffers from a weak password vulnerability that can be exploited by attackers to obtain sensitive information...

ASUS RT-N12 suffers from a weak password vulnerability

The ASUS RT-N12 is a router device. The ASUS RT-N12 suffers from a weak password vulnerability that can be exploited by an attacker to obtain sensitive information...

Arbitrary File Download Vulnerability in WS5302 of Beijing StarNet Ruijie Network Technology Co.

The WS5302 is a wireless controller. The WS5302 has an arbitrary file download vulnerability that can be exploited by an attacker to download bin files and obtain sensitive information...

YYCMS has an overstepping vulnerability

YYCMS is a movie and television system. YYCMS has an overstepping vulnerability that can be exploited by attackers to obtain sensitive information...