CVE-2026-9057

A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available...

EUVD-2023-34819

Malicious code in bioql PyPI...

FreshRSS 代码注入漏洞

FreshRSS is a free, self-hosted RSS aggregator from the FreshRSS open source. A code injection vulnerability exists in FreshRSS versions 1.26.1 and earlier, which stems from an administrator being able to modify the update URL, potentially leading to arbitrary code execution...

Debian: Security Advisory (DLA-4127-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-28146

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fotaurl in /boafrm/formLtefotaUpgradeQuectel...

CVE-2024-35114

creationtimestamp| type| source ---|---|--- 2025-01-25 13:35:57+00:00| seen| https://infosec.exchange/users/cve/statuses/113889257542244683 2025-01-25 14:05:19+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3080 2025-01-25 17:06:22+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3105...

CVE-2024-27060 thunderbolt: Fix NULL pointer dereference in tb_port_update_credits()

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix NULL pointer dereference in tbportupdatecredits Olliver reported that his system crashes when plugging in Thunderbolt 1 device: BUG: kernel NULL pointer dereference, address: 0000000000000020 PF: supervisor read...

BIT-MOODLE-2024-25982 Msa-24-0005: csrf risk in language import utility

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk...

DEBIAN-CVE-2021-47077

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add pointer checks in qedfupdatelinkspeed The following trace was observed: 14.042059 Call Trace: 14.042061 14.042068 qedflinkupdate+0x144/0x1f0 qedf 14.042117 qedlinkupdate+0x5c/0x80 qed 14.042135...

GHSA-7PJP-FM93-P6PJ Cross-Site Request Forgery in moodle

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk...

CVE-2024-25982

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk...

CVE-2024-25982 Msa-24-0005: csrf risk in language import utility

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk...

moodle security breach

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in moodle that stems from a link to update all installed language packs not containing a token require...

CVE-2023-31478

creationtimestamp| type| source ---|---|--- 2023-05-10 02:14:01+00:00| seen| https://t.me/cibsecurity/63715 2025-03-25 09:20:26+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-31478.yaml 2025-03-26 21:02:10+00:00| seen|...

GARO Wallbox GLB/GTB/GTC 安全漏洞

The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A security vulnerability exists in versions prior to GARO Wallbox GLB/GTB/GTC v189, which stems from an insecure permission in the settings page that allows an attacker to redirect the user to a crafted...

BageCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-00135)

BageCMS is a cross-platform content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in BageCMS version 3.1.3. A remote attacker can exploit this vulnerability to modify user accounts with the help of the upload/index.php?r=admini/admin/ownerUpdate U...

Haystack Arq for Mac Local Elevation of Privilege Vulnerability

Haystack Arq for Mac is a Mac-based file backup software from Haystack Software, USA. auto-updater binary is one of the auto-updater components. A security vulnerability exists in the arqupdater binary in Haystack Arq 5.10 and earlier versions for Mac. A local attacker can exploit the vulnerabili...

Fedora 17 : asterisk-10.3.1-1.fc17 (2012-6704)

The Asterisk Development Team has announced security releases for Asterisk 1.6.2, 1.8, and 10. The available security releases are released as versions 1.6.2.24, 1.8.11.1, and 10.3.1. These releases are available for immediate download at...

Solaris 7 (x86) : 110071-01

SunOS 5.7x86: security: libcurses:setupterm has buffer overflow. Date this patch was last updated by Sun : Mar/09/01 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network...

Solaris 8 (x86) : 109329-07

SunOS 5.8x86: ypserv, ypxfr and ypxfrd patch. Date this patch was last updated by Sun : Feb/20/07 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...