CVE-2026-1014

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation...

EUVD-2021-8238

Malicious code in bioql PyPI...

EUVD-2022-26446

Malicious code in bioql PyPI...

CVE-2025-54136

Cursor is an AI code editor where CVE-2025-54136 affects versions

CVE-2025-52922

Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: 1 fully map the filesystem structure via the /api/filemanager/files?basefolder= endpoint, 2 create arbitrary directories on the server via...

CVE-2022-3192

Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6...

CVE-2021-37177

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system...

CVE-2019-12764

An issue was discovered in Joomla! before 3.9.7. The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...

CVE-2025-27095 JumpServer has a Kubernetes Token Leak Vulnerability

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server...

ABB Cylon Aspect 3.08.02 (webServerUpdate.php) Input Validation Config Poisoning

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from improper input validation on...

CVE-2024-42347 URL preview setting for a room is controllable by the homeserver in matrix-react-sdk

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM DevOps Code ClearCase.

Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM DevOps Code ClearCase. CVE-2023-46219, CVE-2023-46218 Vulnerability Details CVEID:CVE-2023-46219 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw...

CVE-2023-5403

Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning...

VulnCheck KEV: CVE-2023-5830

A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack...

CVE-2023-45723

HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path including the file name where these files are stored on the server...

CVE-2023-45723 Path Traversal which allows file upload capability affects DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path including the file name where these files are stored on the server...

Rocky Linux 8 : ruby:2.6 (RLSA-2022:0543)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0543 advisory. - Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that...

Companymaps 8.0 SQL Injection Vulnerability

Exploit Title: Unauthenticated SQL injection - Exploit Author: Lucas Noki 0xPrototype - Vendor Homepage: https://github.com/vogtmh - Software Link: https://github.com/vogtmh/cmaps - Version: 8.0 - Tested on: Mac, Windows, Linux - CVE : CVE-2023-29809 Description: The vulnerability found is an SQL...

Input validation

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk = 2.1.0p19, Checkmk = 2.0.0p32, and all versions of Checkmk 1.6.0 EOL are affected...

CVE-2023-0284 Improper validation of LDAP user IDs

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk = 2.1.0p19, Checkmk = 2.0.0p32, and all versions of Checkmk 1.6.0 EOL are affected...