480 matches found
PT-2026-42811
An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process...
CVE-2026-41255
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect,...
GHSA-MCVF-JXCW-VJ73 CKAN has CSRF exemption primed by anonymous requests
Views can be marked as exempt from CSRF protection Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect, which was stored as a module level variable in the flaskapp...
CVE-2026-30662
ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...
CVE-2026-29771
Netmaker (WireGuard-based) prior to version 1.2.0 is affected: the /api/server/shutdown endpoint can terminate the Netmaker server process via syscall.SIGINT, enabling an attacker to repeatedly shut down the server and trigger cyclic denial of service with ~3-second restarts. This vulnerability i...
CVE-2026-24002 pyodide sandbox option is insecure
Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...
CVE-2023-29004
hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI 6.3.9.0 at the moment of writing this report. The vulnerability can be exploited via an HTTP request to /app/options.py and the...
EUVD-2004-1012
Malware in sbrugna...
EUVD-2018-17508
Malware in sbrugna...
EUVD-2023-3319
Malicious code in bioql PyPI...
EUVD-2023-52744
Malicious code in bioql PyPI...
EUVD-2025-21110
Malicious code in bioql PyPI...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loghandler function of the Ping Handler component in the server process. An attacker can execute arbitrary code or manipulate application behavior by sending specially crafted data to be...
UTT Progressive 750W Buffer Overflow Vulnerability (CNVD-2026-02643)
The UTT Progress 750W is an enterprise-grade dual-band wireless router from Atech Technology UTT, which is aimed at SMB network environments. The UTT Progress 750W suffers from a buffer overflow vulnerability that originates from improper handling of the parameter ssid in the file...
CVE-2025-30025
The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation...
CVE-2025-30025
CVE-2025-30025 affects Axis devices (Camera Station Pro, Camera Station, and Device Manager). A flaw in the communication protocol between the server process and the service control could lead to local privilege escalation. Reported fixes: Camera Station Pro 6.8, Camera Station 5.58, and Device M...
CVE-2025-30025
The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation...
CVE-2025-30025
The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation...
File Browser: Command Execution not Limited to Scope
Summary In the web application, all users have a scope assigned, and they only have access to the files within that scope. The Command Execution feature of Filebrowser allows the execution of shell commands which are not restricted to the scope, potentially giving an attacker read and write acces...
CVE-2025-42995
CVE-2025-42995: SAP MDM Server is affected by a vulnerability in the Read function where specially crafted packets can trigger a memory read access violation, causing the server process to fail and exit. The documented impact is high availability disruption with no confidentiality or integrity im...