2065 matches found
EUVD-2026-42148
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...
EUVD-2026-41451
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up to and...
PYSEC-2026-402 Remote Code Execution via path traversal bypass in lollms
CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...
SUSE CVE-2026-46523
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue...
AutoSUT: The Environment Semantics Gap in Structured CTI for Adversary Emulation
Structured Cyber Threat Intelligence CTI is increasingly used for adversary emulation, detection evaluation, and cyber range design. However, these workflows still require a target System Under Test SUT whose environment is not fully described by public CTI. We measure how much of that environmen...
PT-2026-47135
Name of the Vulnerable Software and Affected Versions OptinCraft – Drag & Drop Optins & Popup Builder for WordPress versions prior to 1.2.1 Description The plugin is subject to generic SQL Injection, a flaw where an attacker can interfere with the queries that an application makes to its database...
CVE-2025-31975
HCL BigFix Service Management SM is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities...
Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale Management GUI, Cloudkit or HDFS layer are now fixed in 5.2.3.7 and 6.0.1.0 or higher
Summary The following vulnerabilities, which can affect IBM Storage Scale Management GUI CVE-2026-26996, CVE-2026-27903, CVE-2026-27904, CVE-2026-2739 , Cloudkit used to provision Storage Scale in supported cloud providers CVE-2026-24051 or HDFS layer for Hadoop deployments CVE-2025-33042 are now...
CVE-2019-25723
CVE-2019-25723 describes an improper input handling vulnerability in Dräger Perseus A500 software 2.00–2.02 . An external attacker can cause a DoS by sending specially crafted, non-Medibus‑compliant data through the Medibus interface , flooding the internal processor and triggering a warm restart...
EUVD-2019-20159
Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal...
CVE-2019-25722
The CVE-2019-25722 entry concerns Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL). Affected component: source code contains hard-coded plaintext credentials that can be used by a local attacker to access service and clinical accounts; a remote attacker can send m...
CVE-2019-25722 Dräger SC Monitoring Devices Hard-coded Credentials and DoS
Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...
PT-2026-45815
Name of the Vulnerable Software and Affected Versions Dräger Atlan A350 versions 1.00 through 1.01 Description Improper input handling allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Transmitting malformed dat...
PT-2026-45811
Name of the Vulnerable Software and Affected Versions Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL affected versions not specified Description These devices contain hard-coded plaintext credentials in the source code and are susceptible to a denial-of-service...
EUVD-2026-33229
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...
CVE-2026-5065
CVE-2026-5065: IBM Controller versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contain hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. Affected products: IBM Controller 11.0.1–11.1.2. Severity is high (CVSS v3.1: 8.8, NETWORK attack vector, ...
CVE-2026-8606
A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...
GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum. "While we currently have no evidence of impact to customer...
GitLab 安全漏洞
GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were security vulnerabilities in versions prior to GitLab EE...
CVE-2026-40629 BIG-IP SSL/TLS vulnerability
When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...