CVE-2026-40546

SOPlanning (affected versions 1.55 and earlier) is vulnerable to SQL Injection across multiple endpoints and parameters. An attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control of the database. This is documented under CVE-2026-40546; related CVEs descr...

WordPress plugin Simple History 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Cross-site Scripting (XSS)

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Cross-site Scripting XSS via the processing of uploaded .html files. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading .html files...

EUVD-2012-2334

Malware in sbrugna...

EUVD-2023-31246

Malicious code in bioql PyPI...

CVE-2023-27470

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportServiceN-Central\PushUpdates, leading to arbitrary file deletion...

Ubiquiti UniFi Protect Cameras 安全漏洞

Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. Ubiquiti UniFi Protect Cameras suffers from a Firmware Update Validation Insufficiency vulnerabilit...

UBUNTU-CVE-2024-40638

GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17...

UBUNTU-CVE-2024-29889

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15...

CVE-2023-32328

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957...

N-Able's Take Control Agent Vulnerability Exposes Windows Systems to Privilege Escalation

A high-severity security flaw has been disclosed in N-Able's Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges. Tracked as CVE-2023-27470 CVSS score: 8.8, the issue relates to a Time-of-Check to Time-of-Use TOCTOU race condition vulnerability,...

CVE-2023-27470

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportServiceN-Central\PushUpdates, leading to arbitrary file deletion...

CVE-2023-27470

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportServiceN-Central\PushUpdates, leading to arbitrary file deletion...

Race condition

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportServiceN-Central\PushUpdates, leading to arbitrary file deletion...

N-able Take Control Agent Security Vulnerability

N-able Take Control Agent is a cloud-based remote control solution from N-able USA. Built for MSPs and IT service organizations that need to securely access and troubleshoot endpoint devices. A security vulnerability exists in N-able Take Control Agent version 7.0.41.1141 and prior versions, whic...

CVE-2023-27470

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportServiceN-Central\PushUpdates, leading to arbitrary file deletion...

CVE-2023-27470

CVE-2023-27470 affects BASupSrvcUpdater.exe in N-able Take Control Agent up to version 7.0.41.1141 (before 7.0.43). The issue is a TOCTOU race condition via a pseudo-symlink in the directory %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, which can lead to arbitrary file deletion on Window...

CVE-2023-33375

Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices...

Oracle Releases Security Updates

Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for July 2023 to address vulnerabilities affecting multiple products. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users a...

Fortinet Releases June 2023 Vulnerability Advisories

Fortinet has released its June 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Fortinet June 2023 Vulnerabilit...