4D Server 代码问题漏洞

4D Server is a database server platform developed by the French company 4D. There are code vulnerabilities in 4D Server. These vulnerabilities stem from weaknesses in the XML parser function of the SOAP endpoint, allowing unauthenticated attackers to gain read access to files on the application...

CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

SQL Injection

devcode-it/openstamanager is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the display parameter in API requests, which allows an attacker to execute arbitrary SQL queries and compromise the database...

EUVD-2026-11691

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...

CVE-2026-0504 Insufficient Input Handling in JNDI Operations of SAP Identity Management

Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. This may lead to limited disclosure or modification...

CVE-2019-2829

Vulnerability in the Oracle iSupport component of Oracle E-Business Suite subcomponent: Service Requests. Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

CVE-2025-14277 Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the importelementortemplate AJAX action. This makes it possible for authenticated attackers, with subscriber level access and above, to make we...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2025-59287 ⚠ This tool is created solely for education...

CVE-2025-9066

Summary: CVE-2025-9066 affects Rockwell Automation’s FactoryTalk ViewPoint. Unauthenticated attackers can abuse SOAP requests to trigger XML External Entity (XXE) processing, resulting in a temporary denial-of-service. The vulnerability is documented across multiple sources (NVD, Rockwell advisor...

EUVD-2021-13143

Malware in sbrugna...

EUVD-2004-0773

Malware in sbrugna...

EUVD-2025-2505

Malicious code in bioql PyPI...

CVE-2025-32932

An Improper neutralization of input during web page generation 'cross-site scripting' vulnerability CWE-79 in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remo...

CVE-2025-32932

An Improper neutralization of input during web page generation 'cross-site scripting' vulnerability CWE-79 in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remo...

CVE-2025-32932

CVE-2025-32932 is an XSS vulnerability in FortiSOAR web UI caused by improper input neutralization (CWE-79). Affected are FortiSOAR versions 6.4 and all 7.x releases up to 7.6.1. The impact is stored XSS that can be triggered by authenticated remote attackers via stored malicious service requests...

CVE-2025-32932

An Improper neutralization of input during web page generation 'cross-site scripting' vulnerability CWE-79 in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remo...

CVE-2022-40324

SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR 67258...

CVE-2023-53131

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak Fix a race where kthreadstop may prevent the threadfn from ever getting called. If that happens the svcrqst will not be cleaned up...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a deadlock risk during pdr service processing, which could lead to a failure in service request processing...

CVE-2024-9870 Unintended Proxy or Intermediary ('Confused Deputy') in GitLab

An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services...