GHSA-94F4-HR76-P5J6 vLLM: OpenAI auth bypass

Summary A vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware, which was discovered during @x41sec's source code audit. It allows to use the API without providing the configured VLLMAPIKEY or...

SEMCMS 访问控制错误漏洞

SEMCMS is an open-source content management system CMS for foreign trade websites that supports multiple languages. Version SEMCMS 5.0 has a access control vulnerability, which stems from an unauthorized access vulnerability in the SEMCMScopy.php file...

OESA-2026-2573 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Incorrect Authorization vulnerability in Erlang OTP ine...

WordPress plugin DesignThemes Directory Addon 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

CVE-2021-22488

There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups...

CVE-2023-53896

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration informatio...

EUVD-2020-13258

Malware in sbrugna...

EUVD-2021-23571

Malware in sbrugna...

EUVD-2018-17242

Malware in sbrugna...

EUVD-2023-45369

Malicious code in bioql PyPI...

EUVD-2023-38265

Malicious code in bioql PyPI...

EUVD-2022-51213

Malicious code in bioql PyPI...

EUVD-2023-31349

Malicious code in bioql PyPI...

EUVD-2022-49921

Malicious code in bioql PyPI...

EUVD-2022-42681

Malicious code in bioql PyPI...

EUVD-2023-36739

Malicious code in bioql PyPI...

EUVD-2025-8285

Malicious code in bioql PyPI...

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 50. Security issues fixed: Oracle July 15 2025 CPU bsc1247754. CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java applications th...

CVE-2025-26709

CVE-2025-26709 affects ZTE F50 with an unauthorized access vulnerability due to improper permission control in the Web module interface. The root cause is insufficient access controls, allowing an attacker with adjacent access and low exploit complexity to obtain sensitive information via the Web...

CVE-2025-52950

A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Security Director appliance do not validate authorization and...