276256 matches found
CVE-2025-7015
Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Session Fixation.This issue affects QR Menu: before s1.05.12...
CVE-2025-7016
Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse.This issue affects QR Menu: before s1.05.12...
CVE-2020-37005
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...
CLEANSTART-2026-LP38773 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
CLEANSTART-2026-YM28538 Prometheus Blackbox Exporter through 0
Multiple security vulnerabilities affect the prometheus-blackbox-exporter package. Prometheus Blackbox Exporter through 0. See references for individual vulnerability details...
CVE-2026-1683 Free5GC SMF PFCP handler.go HandlePfcpSessionReportRequest denial of service
A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. Remote exploitation of the attack is possible...
CVE-2026-1682 Free5GC SMF PFCP UDP Endpoint handler.go HandlePfcpAssociationReleaseRequest null pointer dereference
A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The...
CLEANSTART-2026-GY69323 Moby is an open-source project created by Docker for software containerization
Multiple security vulnerabilities affect the docker package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details...
Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup
A former Google engineer accused of stealing thousands of the company's confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice DoJ announced Thursday. Linwei Ding aka Leon Ding, 38, was convicted by a federal jury on seven counts of economic...
IBM Db2 安全漏洞
IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from improper neutralization of...
HotCRP Conference Review Software Cross-Site Script Vulnerabilities
HotCRP Conference Review Software is a software developed by Eddie Kohler. It is used to manage review processes, especially for academic conferences. The version of HotCRP Conference Review Software dated October 2025 to January 2026 contained a cross-site scripting vulnerability. This...
PT-2026-5431
Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description A flaw exists in the User Management component of the software, specifically within the file /admin/operation/user.php. Manipulation of the group id argument can lead to...
Drive Software Atomic Alarm Clock: Code-related vulnerabilities
Drive Software Atomic Alarm Clock is a desktop enhancement tool developed by Drive Software. Version 6.3 of Drive Software Atomic Alarm Clock contains a code vulnerability caused by a local privilege escalation issue in service configurations. This vulnerability could allow attackers to execute...
Uncovering Hidden Inclusions of Vulnerable Dependencies in Real-World Java Projects
Open-source software OSS dependencies are a dominant component of modern software code bases. Using proven and well-tested OSS components lets developers reduce development time and cost while improving quality. However, heavy reliance on open-source software also introduces significant security...
CVE-2025-7714
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection.This issue affects Content Management System CMS: through 21072025...
CVE-2020-37005
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...
CVE-2020-37010
CVE-2020-37010 affects BearShare Lite 5.2.5. The issue is a buffer overflow in the Advanced Search keywords input that can allow arbitrary code execution by crafting a payload to overwrite the EIP and run shellcode when content is pasted into the search keywords field. Documented impact is high (...
CVE-2020-37005 TimeClock Software 1.01 Authenticated Time-Based SQL Injection
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...
CVE-2020-37005 TimeClock Software 1.01 Authenticated Time-Based SQL Injection
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...
CVE-2020-37005
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...