CVE-2025-55018

An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request...

EUVD-2018-15574

Malware in sbrugna...

EUVD-2018-20052

Malware in sbrugna...

EUVD-2021-30708

Malicious code in bioql PyPI...

CVE-2025-41100

CVE-2025-41100 describes an incorrect authentication vulnerability in ParkingDoor. The issue allows operating the device without a logged-in session and even when access permissions have been revoked. The related sources confirm ParkingDoor as the affected product and identify the underlying flaw...

WordPress WP File Download plugin < 6.2.6 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Kevin Camus in WordPress Plugin WP File Download versions 6.2.6...

CVE-2021-43828

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management IDOR has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format o...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unlogged v4l2device, which could lead to a reference count leak...

Moodle 跨站请求伪造漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from a lack of cross-site request forgery protection that allows an...

PT-2024-36340 · Kurmi · Kurmi Provisioning Suite

Name of the Vulnerable Software and Affected Versions: Kurmi Provisioning Suite versions prior to 7.9.0.35 Kurmi Provisioning Suite versions 7.10.x through 7.10.0.18 Kurmi Provisioning Suite versions 7.11.x through 7.11.0.15 Description: An issue was discovered in the sendPasswordReinitLink actio...

Kurmi Provisioning Suite 安全漏洞

Kurmi Provisioning Suite is an infrastructure management suite from Kurmi, Inc. A security vulnerability exists in Kurmi Provisioning Suite versions prior to 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15, which stems from an observable response in the sendPasswordReinitLink...

PT-2024-3984 · Unknown · Minmax Cms

Name of the Vulnerable Software and Affected Versions: MinMax CMS affected versions not specified Description: The issue is related to a hidden administrator account with a fixed password in MinMax CMS. This account cannot be removed or disabled from the management interface, allowing remote...

PT-2024-40204 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue concerns default Administrator accounts not having the same brute force protection as other Member accounts. Specifically, failed login counts were not logged for default admin...

CVE-2024-2291

In Progress MOVEit Transfer versions released before 2022.0.11 14.0.11, 2022.1.12 14.1.12, 2023.0.9 15.0.9, 2023.1.4 15.1.4, a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which result...

CVE-2022-43712

POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965...

CVE-2021-43828

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management IDOR has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format o...

CVE-2021-43828

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management IDOR has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format o...

CVE-2021-43828 Improper Privilege Management in Patrowl

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management IDOR has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format o...

Improper Privilege Management in patrowl/patrowlmanager

Description Hi there, I would like to report an improper privilege management in PatrowlManager - it's an IDOR. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format of import, for example: import11639213059582.json This filename is...

Salesforce DX command line interface (CLI) does not adequately protect sfdxurl credentials

Overview The default security configuration in Salesforce allows an authenticated user with the Salesforce-CLI to create URL that will allow anyone, anywhere access to the Salesforce GUI with the same administrative credentials without a log trace of access or usage of the API. Description The...