PT-2026-48434

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check app/routes/smon/routes.py:117-138 gates only on roxywi common.check user group for flask — which validates that the caller has some group, not that the target chec...

CVE-2026-42248

Affected product : Ollama for Windows. Vulnerabilities covered : CVE-2026-42248 (Missing signature verification for updates) and CVE-2026-42249 (Path traversal in update mechanism). Root cause : Windows update flow does not verify integrity/authenticity of downloaded update executables (CVE-2026-...

CVE-2026-1442

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...

EUVD-2022-51058

Malicious code in bioql PyPI...

EUVD-2025-24006

Malicious code in bioql PyPI...

CVE-2025-7965

The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CGA-R45Q-2469-85Q9

Bulletin has no description...

CVE-2023-22315

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network LAN protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code...

Photon OS 5.0: Libsoup PHSA-2025-5.0-0522

An update of the libsoup package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0522. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Linux PHSA-2025-4.0-0790

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0790. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-21396

creationtimestamp| type| source ---|---|--- 2025-01-29 23:10:59+00:00| seen| https://infosec.exchange/users/cve/statuses/113914167879704115 2025-01-29 23:16:04+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgw3z6parg2c 2025-01-30 01:11:55+00:00| seen|...

Ubuntu: Security Advisory (USN-7236-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Visteon Infotainment 操作系统命令注入漏洞

Visteon Infotainment is an automotive infotainment system from Visteon Corporation. Visteon Infotainment suffers from an operating system command injection vulnerability that stems from an improper system call to the REFLASHDDUFindFile function when handling a specially crafted software update...

SwitchBot 安全漏洞

SwitchBot is a smart switch program from SwitchBot, Inc. A security vulnerability exists in SwitchBot version 5.0.4, which stems from the inclusion of a vulnerability that would allow a remote attacker to obtain sensitive information through the firmware update process...

Plug n Play Camera com.wisdomcity.zwave 安全漏洞

Plug n Play Camera com.wisdomcity.zwave is a camera driver from Plug n Play. A security vulnerability exists in Plug n Play Camera com.wisdomcity.zwave version 1.1.0, which stems from contains a vulnerability that allows remote attackers to obtain sensitive information through the firmware update...

PT-2022-36185 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.80 Description: The issue is related to an unpaired pm runtime put sync in omap8250 remove, which may potentially lead to security vulnerabilities. The actual impact and attack plausibility have not yet be...

CVE-2022-1612

The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Cybozu Desktop for Windows vulenerable to arbitrary code execution

Overview Cybozu Desktop for Windows provided by Cybozu, Inc. contains an arbitrary code execution vulnerability due to the improper data processing when applying the software update. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to Cybozu, Inc. and...

bind: An error in TSIG authentication can permit unauthorized dynamic updates

A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG0 signature for a dynamic update request...

RealNetworks, Inc. Releases Security Updates for RealPlayer

RealNetworks, Inc. has released security updates to address a vulnerability affecting Windows RealPlayer 14.0.1 and earlier versions and RealPlayer Enterprise 2.1.4 and earlier versions. Exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the...