PT-2026-42209

Name of the Vulnerable Software and Affected Versions Boxlite versions prior to 0.9.0 Description Boxlite is a sandbox service that allows users to create lightweight virtual machines and launch OCI containers to run untrusted code. The software fails to properly enforce read-only mounts for host...

CVE-2025-59920

When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...

CVE-2025-59920

When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...

CVE-2025-59920

CVE-2025-59920 affects time@work v7.0.5: when hours are entered, a query to display a user’s assigned projects can be exposed. Copying the query URL and opening it in a new browser window makes the ‘IDClient’ parameter vulnerable to blind authenticated SQL injection. If the attacker uses a TWAdmi...

CVE-2025-59920 SQL injection in time@work from systems@work

When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...

D-Link DCS-931L 操作系统命令注入漏洞

The D-Link DCS-931L is a wireless camera from the D-Link company. Versions of D-Link DCS-931L prior to 1.13.0 have a vulnerability related to operating system command injection. This vulnerability arises from manipulating the parameter AdminID in the file/goform/setSysAdmin, which may lead to...

EUVD-2025-200320

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures...

CVE-2025-62575

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures...

CVE-2025-62575

CVE-2025-62575 concerns NMIS/BioDose software (V22.02 and earlier) that relies on a Microsoft SQL Server database. The root cause is that the default SQL account nmdbuser (and other created accounts) has the sysadmin role, enabling potential remote code execution through certain built‑in stored p...

PT-2025-48778

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures...

SUSE-SU-2025:20905-1 Security update for kernel-livepatch-MICRO-6-0_Update_6

This update for kernel-livepatch-MICRO-6-0Update6 fixes the following issues: - CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 - CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM bypass bsc1247158 - CVE-2025-38471: kernel: tls: always refresh the queue wh...

EUVD-2019-3331

Malware in sbrugna...

EUVD-2019-9156

Malware in sbrugna...

EUVD-2023-34240

Malicious code in bioql PyPI...

EUVD-2024-21977

Malicious code in bioql PyPI...

Incorrect Authorization

Overview edu.internet2.middleware.grouper:grouper is an Internet2 Groups Management Toolkit Affected versions of this package are vulnerable to Incorrect Authorization via improper job scheduling in the loader jobs configuration process. A group administrator who is not a member of the Grouper...

CVE-2025-59714

In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs...

CVE-2025-59714

The CVE-2025-59714 entry concerns Internet2 Grouper. Affected: Grouper versions 5.17.1 up to 5.20.4 (before 5.20.5). Issue: group admins who are not Grouper sysadmins can configure loader jobs, enabling potential unauthorized loader job creation. Root cause: mis-validation/configuration of loader...

CVE-2023-2784

Mattermost fails to verify if the requestor is a sysadmin or not, before allowing install requests to the Apps allowing a regular user send install requests to the Apps...

CVE-2022-22831

An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header...