CVE-2026-46693

A flaw was found in ImageMagick. An attacker able to connect to a magick -distribute-cache service could exploit a race condition to hijack a file descriptor in the server process. This could lead to unauthorized access to sensitive information...

CVE-2026-39455

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not evaluat...

PT-2026-46394

Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.221 Description A path traversal issue allows attackers to escape the workspace boundary by providing symlinks that resolve to files or directories outside the designated workspace root. By exploiting the...

PT-2026-42811

Name of the Vulnerable Software and Affected Versions ImageMagick affected versions not specified Description An attacker capable of connecting to a magick -distribute-cache service can trigger a heap buffer over-write within the server process. A heap buffer over-write occurs when a program writ...

CVE-2026-41255

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect,...

GHSA-MCVF-JXCW-VJ73 CKAN has CSRF exemption primed by anonymous requests

Views can be marked as exempt from CSRF protection Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect, which was stored as a module level variable in the flaskapp...

CVE-2026-30662

ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...

CVE-2026-29771

Netmaker (WireGuard-based) prior to version 1.2.0 is affected: the /api/server/shutdown endpoint can terminate the Netmaker server process via syscall.SIGINT, enabling an attacker to repeatedly shut down the server and trigger cyclic denial of service with ~3-second restarts. This vulnerability i...

CVE-2026-24002 pyodide sandbox option is insecure

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

CVE-2023-29004

hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI 6.3.9.0 at the moment of writing this report. The vulnerability can be exploited via an HTTP request to /app/options.py and the...

EUVD-2018-17508

Malware in sbrugna...

EUVD-2004-1012

Malware in sbrugna...

EUVD-2023-52744

Malicious code in bioql PyPI...

EUVD-2023-3319

Malicious code in bioql PyPI...

EUVD-2025-21110

Malicious code in bioql PyPI...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loghandler function of the Ping Handler component in the server process. An attacker can execute arbitrary code or manipulate application behavior by sending specially crafted data to be...

UTT Progressive 750W Buffer Overflow Vulnerability (CNVD-2026-02643)

The UTT Progress 750W is an enterprise-grade dual-band wireless router from Atech Technology UTT, which is aimed at SMB network environments. The UTT Progress 750W suffers from a buffer overflow vulnerability that originates from improper handling of the parameter ssid in the file...

CVE-2025-30025

The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation...

CVE-2025-30025

CVE-2025-30025 affects Axis devices (Camera Station Pro, Camera Station, and Device Manager). A flaw in the communication protocol between the server process and the service control could lead to local privilege escalation. Reported fixes: Camera Station Pro 6.8, Camera Station 5.58, and Device M...

CVE-2025-30025

The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation...