CVE-2026-28785

Ghostfolio prior to version 2.244.0 is vulnerable to arbitrary SQL execution via the getHistorical() method due to symbol validation bypass, potentially allowing read/modify/delete of sensitive financial data for all users. Affected software: Ghostfolio open source wealth management. Root cause: ...

CVE-2026-22426

creationtimestamp| type| source ---|---|--- 2026-01-22 17:46:11+00:00| seen| https://gist.github.com/Darkcrai86/1dd9289803bef694101f7f5241b901ce...

EUVD-2025-202301

Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245...

CVE-2025-64289

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through = 2.2.5...

CVE-2025-64290

CVE-2025-64290 is a CSRF vulnerability in the WordPress plugin Premmerce Product Search for WooCommerce (premmerce-search), affecting versions up to 2.2.4. The issue is described as Cross-Site Request Forgery that could allow an attacker to perform actions on behalf of an authenticated user. The ...

Linux Distros Unpatched Vulnerability : CVE-2022-24755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director = 18.2 = 18.2 but prior to 21.1.0, 20.0.6...

CVE-2022-45969

Alist v3.4.0 is vulnerable to Directory Traversal,...

CVE-2022-40690

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...

Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass

Exploit Title: Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass Date: 2022-10-10 Exploit Author: Zach Hanley, SC Vendor Homepage: https://www.fortinet.com Version: 7.0.0 Tested on: Linux CVE : CVE-2022-40684 This module requires Metasploit:...

Linux Distros Unpatched Vulnerability : CVE-2022-24805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of...

CVE-2022-24897

APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem...

PT-2025-3698 · Siwx91X · Siwx91X

Name of the Vulnerable Software and Affected Versions: SiWx91x devices affected versions not specified Description: The issue is related to the SHA2/224 algorithm, which returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, causing a Denial of...

PT-2024-30423 · Unknown · Clearfy Cache

Name of the Vulnerable Software and Affected Versions: Clearfy Cache versions 2.2.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Clearfy Cache versions...

SUSE CVE-2024-29903

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...

CVE-2022-2244

creationtimestamp| type| source ---|---|--- 2022-07-01 20:42:50+00:00| seen| https://t.me/cibsecurity/45488...

CVE-2022-24787

creationtimestamp| type| source ---|---|--- 2022-04-06 07:11:50+00:00| seen| https://t.me/cibsecurity/40110...

golang: crypto/elliptic: incorrect operations on the P-224 curve

A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity...

UBUNTU-CVE-2019-2556

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

H2O Buffer Overflow Vulnerability (CNVD-2018-16256)

H2O is a set of open source Web server software . A buffer overflow vulnerability exists in H2O 2.2.4 and earlier versions. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service...

CVE-2024-4224

creationtimestamp| type| source ---|---|--- 2000-12-31 23:00:00+00:00| seen| http://takeonme.org/cve/ 2024-07-15 17:34:53+00:00| seen| http://takeonme.org/cves/cve-2024-4224/ 2024-07-16 00:22:56+00:00| seen| https://t.me/cvedetector/908...