EUVD-2024-18682

Malicious code in bioql PyPI...

EUVD-2025-6878

Malicious code in bioql PyPI...

EUVD-2023-50529

Malicious code in bioql PyPI...

CVE-2012-10024

XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw ...

Linux Distros Unpatched Vulnerability : CVE-2022-32296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4...

PT-2025-31523 · Copyparty · Copyparty

Name of the Vulnerable Software and Affected Versions: Copyparty versions 1.18.6 and below Description: Copyparty is a portable file server susceptible to a reflected Cross-Site Scripting XSS issue. When accessing the recent uploads page at /?ru, the application does not properly escape...

CVE-2025-30133

An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device Pairing/Registration can occur. It requires device registration via the "IROAD X View" app for authentication, but its HTTP server lacks this restriction. Once connected to the dashcam's Wi-Fi network via the default password...

CVE-2025-6260 Network Thermostat X-Series WiFi Thermostats Missing Authentication for Critical Function

The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset us...

CVE-2025-3740

The School Management System for Wordpress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 93.1.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary...

CVE-2025-29009

Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce medical-prescription-attachment-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Medical Prescription Attachment Plugin for WooCommerce...

PT-2025-29654

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 8.0.0 through 8.0.42 Oracle MySQL versions 8.4.0 through 8.4.5 Oracle MySQL versions 9.0.0 through 9.3.0 Description A vulnerability exists in the Server: Optimizer component of Oracle MySQL Server. A high-privileged...

Security Bulletin: A denial-of-service attack, heap use after free, network server exploit, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to denial-of-service attack, heap use after free, network server exploit, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-32873 DESCRIPTION: An issue was discovered in Django 4.2 before 4.2.2...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

CVE-2025-47812 - Wing FTP Server RCE Exploit This repository...

CVE-2025-34065

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls...

CVE-2025-34053 AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints...

CVE-2025-49071

CVE-2025-49071 : Flozen WordPress theme (Flozen

CVE-2021-36581

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server...

CVE-2021-22502

Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter OBR product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server...

CVE-2021-25669

A vulnerability has been identified in SCALANCE X200-4P IRT All versions 5.5.1, SCALANCE X201-3P IRT All versions 5.5.1, SCALANCE X201-3P IRT PRO All versions 5.5.1, SCALANCE X202-2 IRT All versions 5.5.1, SCALANCE X202-2P IRT incl. SIPLUS NET variant All versions 5.5.1, SCALANCE X202-2P IRT PRO...

CVE-2020-26264

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly...