CVE-2018-4374

A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8...

Proving DNSSEC Correctness: A Formal Approach to Secure Domain Name Resolution

The Domain Name System Security Extensions DNSSEC are critical for preventing DNS spoofing, yet its specifications contain ambiguities and vulnerabilities that elude traditional "break-and-fix" approaches. A holistic, foundational security analysis of the protocol has thus remained an open proble...

EUVD-2019-14831

Malware in sbrugna...

EUVD-2024-32750

Malicious code in bioql PyPI...

EUVD-2025-4445

Malicious code in bioql PyPI...

EUVD-2024-50838

Malicious code in bioql PyPI...

EUVD-2024-21352

Malicious code in bioql PyPI...

BIT-ELK-2025-25016 Kibana Unrestricted Upload of File

Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation...

PT-2025-9162 · WordPress · Authors List

Name of the Vulnerable Software and Affected Versions: The Authors List plugin for WordPress versions up to and including 2.0.6 Description: The issue arises from the software's failure to properly validate a value before executing the do shortcode action, allowing unauthenticated attackers to...

CGA-J3CG-WMH6-VWFX

Bulletin has no description...

Grin Insufficient Validation

Grin through 2.1.1 has Insufficient Validation...

openshift-origin-node Improper Input Validation vulnerability

Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly...

GSD-2021-1001213 cgroup: verify that source is a string

cgroup: verify that source is a string This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.4 by commit a41573667b39152176f6b08d10b4deb171e541c...

CVE-2021-22440

There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly...

Design/Logic Flaw

P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193C00E190R2P1, versions earlier than VOGUE-AL00A 9.1.0.193C00E190R2P1, versions earlier than Hima-AL00B 9.1.0.135C00E133R2P1 and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade...

ZipperDown Vulnerability

react-native-code-push is susceptible to zipperdown vulnerability. The vulnerability exists because it does not validate the folder of the zip file before performing the extraction of files and directly writing the content to arbitrary folder...

CVE-2019-1885 Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the Redfish protocol of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by th...

CVE-2019-1821 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because t...

CVE-2019-1823

CVE-2019-1823 affects Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager web-based management interface. The issue allows an authenticated, remote attacker to execute code with root-level privileges on the underlying OS by uploading a crafted file via the adminis...

Race condition

A vulnerability in the handling of Inter-Access Point Protocol IAPP messages by Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability exist because the software improperly validates input on field...