Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control inadequate authorization checks in the POST /api/agents/:id/keys, GET /api/agents/:id/keys, and DELETE /api/agents/:id/keys/:keyId routes. An attacker can gain unauthorized access to sensitive...

CVE-2026-29522

ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion LFI vulnerability in the /server/nodeupgradesrv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to...

EUVD-2025-120896

Malicious code in upgrade-spawn-server-inquirer npm...

EUVD-2024-2530

Malicious code in bioql PyPI...

PT-2025-31002 · Chancms · Chancms

Name of the Vulnerable Software and Affected Versions: ChanCMS versions up to 3.1.2 Description: A critical server-side request forgery SSRF vulnerability exists in the getPages function of the /cms/collect/getPages file. Manipulation of the targetUrl argument can lead to unauthorized access to...

CVE-2023-35748

D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit...

B&R Industrial Automation Studio Security Breach

B&R Industrial Automation Studio is a suite of integrated development environments IDEs from B&R Industrial Automation, an Austrian company that develops and programs its automation solutions. A security vulnerability exists in B&R Industrial Automation Studio versions prior to 4.6, BR Technology...

postgresql:10 security update

10.23-2.0.1 - Fixed postgresql port binding issue during bootup Orabug: 35103668 10.23-2 - Backport fixes for CVE-2023-2454 and CVE-2023-2455 - Update postgresql-setup to 8.7 https://github.com/devexp-db/postgresql-setup/pull/35 - Resolves: 2207931 10.23-1 - Resolves: CVE-2022-2625 - Rebase to...

Citrix Workspace App Fails to Upgrade with an Error 0x800951C2

Citrix Workspace App fail to upgrade with an error 0x800951C2 when upgrading Server VDA from 1912 CU4 to 2203 CU2...

Design/Logic Flaw

A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6.4 and 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server...

Code Execution Vulnerability in Yongzhong Office Personal Edition for Windows

Yongzhong Software Co., Ltd. is a basic office software developer and service provider. With Yongzhong Office as the core, the company provides a wide range of products and solutions such as desktop office, mobile office, cloud office and document conversion services. A code execution vulnerabili...

Web Server HTTP OPTIONS Method URL Handling Remote Overflow

It may be possible to make the web server crash or even execute arbitrary code by sending it a too long URL through the OPTIONS method. C Tenable Network Security, Inc. Some vulnerable servers: VisNetic WebSite 3.5.13.1 References: Date: Fri, 13 Dec 2002 09:25:00 +0100 From:"Peter Kruse" Subject:...

Netscape Messaging Server IMAP LIST Command Remote Overflow

There is a buffer overflow in the remote imap server which allows an authenticated user to obtain a remote shell. A way to reproduce the overflow is to issue the command : list AAAAA...AAAA / %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc...