EUVD-2021-23749

Malware in sbrugna...

EUVD-2025-14523

Malicious code in bioql PyPI...

Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive

Impact When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bur...

Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver

CVE-2025-31324-File-Upload A totally unauthenticated file-uplo...

PT-2025-17984 · Unknown · Withstars Books-Management-System

Name of the Vulnerable Software and Affected Versions: withstars Books-Management-System version 1.0 Description: A critical issue affects an unknown functionality of the file /allreaders.html in the Background Interface component, leading to missing authorization. The attack can be launched...

PT-2025-4203 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows Kerberos affected versions not specified Description: The issue is related to a security-feature bypass vulnerability in the implementation of the Kerberos protocol in Windows operating systems. This vulnerability is associated with t...

Exploit for OS Command Injection in Zimbra Collaboration

CVE-2024-45519 - Zimbra Postjournal Exploit Setup 🛠️ !img/...

Oracle Linux 9 : bind (ELSA-2023-5689)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5689 advisory. 32:9.16.23-11.2 - stack exhaustion in control channel code may lead to DoS CVE-2023-3341 Tenable has extracted the preceding description block directly from the...

CVE-2023-33237

TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs ar...

PT-2022-25141 · WordPress · Terawallet

Name of the Vulnerable Software and Affected Versions: TeraWallet plugin for WordPress versions up to, and including, 1.4.3 Description: The issue is due to insufficient validation of the user-controlled key on the "lock unlock terawallet" AJAX action. This allows authenticated attackers with...

PT-2022-15492 · Carlo Gavazzi · Carlo Gavazzi Uwp3.0

Name of the Vulnerable Software and Affected Versions: Carlo Gavazzi UWP3.0 affected versions not specified CPY Car Park Server version 2.8.3 Description: A remote, unauthenticated attacker could use hard-coded credentials to gain full access to the device. This issue affects Carlo Gavazzi UWP3.0...

Yelp: Unauthorized Use of Victim Credit Card

SUMMARY Yelp user's credit cards are at risk of being compromised There's a way by which a malicious attacker can make unauthorized purchases from the victim's credit card. Just by getting the victim to some external website and clicking on it, the victim would have eventually paid for some...

Matt Wright FormMail 1.x - Cross-Site Request Forgery

Matt Wright FormMail 1.x - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/2080/info FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. A web server can use a remote site's FormMail script without authorization...