57 matches found
EUVD-2026-31061
A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available...
CVE-2026-9057 Security fix for Qlik Talend Administration Center URL access control vulnerability
A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available...
CVE-2026-9057
A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available...
CVE-2026-9057 Security fix for Qlik Talend Administration Center URL access control vulnerability
A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available...
Talend Administration Center 安全漏洞
Talend Administration Center is a web-based application developed by Talend Corporation in the United States. It allows for centralized management of workspaces. There is a security vulnerability in Talend Administration Center, which stems from ineffective access control. This vulnerability may...
CVE-2026-7085
A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...
CVE-2026-7085
Technical details about CVE-2026-7085 are not publicly available in the provided documents. Monitor for updates on the Toonflow-app downloadApp endpoint path traversal; no specifics on affected versions, exploitability, or fixes are provided.
Exploit for CVE-2026-27180
MajorDoMo RCE !Authorhttps://img.shields.io/badge/Author-Mo...
CVE-2026-27180
MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...
CVE-2026-27180
CVE-2026-27180 — MajorDoMo supply chain RCE : Affected MajorDoMo allows unauthenticated remote code execution via a poisoned update URL. The saverestore admin endpoint at /objects/?module=saverestore is exposed because gr('mode') reads from $_REQUEST instead of the framework’s mode, enabling an a...
CVE-2026-27180 MajorDoMo Supply Chain Remote Code Execution via Update URL Poisoning
MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...
PT-2026-20516
MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...
CVE-2026-1624
A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...
EUVD-2025-205580
A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fotaurl leads to command injection. The attack can be executed remotely. The exploit has been...
CVE-2025-15192 D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection
A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fotaurl leads to command injection. The attack can be executed remotely. The exploit has been...
Fedora: Security Advisory (FEDORA-2025-387540db1f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EUVD-2020-5134
Malware in sbrugna...
EUVD-2025-23380
Malicious code in bioql PyPI...
CVE-2025-54593
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.1 and below, an authenticated administrator user can execute arbitrary code on the FreshRSS server by modifying the update URL to one they control, and gain code execution after running an update. After successfully executing code...
CVE-2025-54593 FreshRSS is vulnerable to RCE attacks by authenticated admin
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.1 and below, an authenticated administrator user can execute arbitrary code on the FreshRSS server by modifying the update URL to one they control, and gain code execution after running an update. After successfully executing code...