CVE-2020-36888

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

DEBIAN-CVE-2025-40326

In the Linux kernel, the following vulnerability has been resolved: NFSD: Define actions for the new timedeleg FATTR4 attributes NFSv4 clients won't send legitimate GETATTR requests for these new attributes because they are intended to be used only with CBGETATTR and SETATTR. But NFSD has to do...

CVE-2025-40326

CVE-2025-40326 affects Linux kernel NFSD: time_deleg FATTR4 attributes are valid only for CB_GETATTR/SETATTR, not GETATTR. If a GETATTR queries these attributes, NFSD returns nfserr_inval, as per RFC guidance; this resolves the issue without exposing a documented exploit path in the provided sour...

CVE-2025-40326 NFSD: Define actions for the new time_deleg FATTR4 attributes

In the Linux kernel, the following vulnerability has been resolved: NFSD: Define actions for the new timedeleg FATTR4 attributes NFSv4 clients won't send legitimate GETATTR requests for these new attributes because they are intended to be used only with CBGETATTR and SETATTR. But NFSD has to do...

CVE-2025-13494

The CVE covers the WordPress plugin SSP Debug (WordPress SSP Debugging) with versions up to and including 1.0.0. Root cause: the plugin stores PHP error logs in a web-accessible location (wp-content/uploads/ssp-debug/ssp-debug.log) without access controls. Impact: unauthenticated attackers can vi...

RockyLinux 8 : container-tools:4.0 (RLSA-2023:2802)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2802 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-196...

Information Exposure

Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to Information Exposure via the handling of malformed session cookies. An attacker can obtain sensitive internal backend information, such as framework details, database engine...

PT-2025-47571

Name of the Vulnerable Software and Affected Versions LimeSurvey version 6.13.0 Description A flaw exists that allows an external user to trigger a 500 error within the survey system by submitting a crafted session cookie. This results in the disclosure of internal backend details, including the...

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Denial of Service Vulnerabilities (CNVD-2025-29074)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A denial of service vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which originates from an internal syste...

CVE-2025-12515

Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12515 Systemic Internal Server Errors - HTTP 500 Response

Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12515 Systemic Internal Server Errors - HTTP 500 Response

Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12515

CVE-2025-12515 affects Azure Access Technology BLU-IC2 and BLU-IC4 (firmware through 1.19.5). The issue is a systemic internal server error that can yield HTTP 500 responses. This is a networked vulnerability stemming from an internal server condition, leading to a total impact on availability an...

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A denial of service vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which originates from an internal syste...

PT-2025-44415

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software experiences systemic internal server errors, resulting in HTTP 500 responses. Recommendations Update BLU-IC2 to a version later than 1.19.5. Update BLU-IC...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Out-of-bounds Read (CVE-2022-48827)

NFSD: vulnerability caused by lofft overflow on the server when a client reads near the maximum offset, causing the server to return an EINVAL error, which the client retries indefinitely, instead of handling out-of-range READ requests by returning a short result with an EOF flag. This plugin onl...

EUVD-2019-4214

Malware in sbrugna...

EUVD-2017-10531

Malware in sbrugna...

EUVD-2014-4740

Malware in sbrugna...