IBM Guardium Data Protection 路径遍历漏洞

IBM Guardium Data Protection is a data security and compliance monitoring platform for database activity monitoring, vulnerability assessment and sensitive data discovery. A directory traversal vulnerability exists in IBM Guardium Data Protection. The vulnerability stems from a failure to properl...

CVE-2026-3478

The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3 via the reduxp AJAX action in the bundled ReduxFramework library. The plugin registers a proxy endpoint wpajaxnoprivreduxp that is accessible to...

CVE-2025-40742

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions V11.0, SIPROTEC 5 6MD85 CP200 All versions, SIPROTEC 5 6MD85 CP300 All versions V11.0, SIPROTEC 5 6MD86 CP200 All versions, SIPROTEC 5 6MD86 CP300 All versions V11.0, SIPROTEC 5 6MD89 CP300 All versions V11.0, SIPROTEC 5...

PT-2026-3411

Summary Unsafe pickle deserialization allows unauthenticated attackers to read arbitrary server files and perform SSRF. By chaining io.FileIO and urllib.request.urlopen, an attacker can bypass RCE-focused blocklists to exfiltrate sensitive data example: /etc/passwd to an external server. Details...

EUVD-2018-11336

Malware in sbrugna...

EUVD-2002-1968

Malware in sbrugna...

EUVD-2001-0593

Malware in sbrugna...

EUVD-2007-0071

Malware in sbrugna...

EUVD-2016-9738

Malware in sbrugna...

EUVD-2025-20427

Malicious code in bioql PyPI...

CVE-2025-40742

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions V11.0, SIPROTEC 5 6MD85 CP200 All versions, SIPROTEC 5 6MD85 CP300 All versions V11.0, SIPROTEC 5 6MD86 CP200 All versions, SIPROTEC 5 6MD86 CP300 All versions V11.0, SIPROTEC 5 6MD89 CP300 All versions V11.0, SIPROTEC 5...

CVE-2025-40742

CVE-2025-40742 affects Siemens SIPROTEC 5 devices (a wide list including 6MD84/85/86/89, 6MU85, 7KE85, 7SA82/86/87, 7SD82/86/87, 7SJ81/82/85/86, 7SK82/85, 7SL82/86/87, 7SS85, 7ST85/86, 7SX82/85, 7SY82, 7UM85, 7UT82/85/86/87, 7VE85, and Compact 7SX800). The root cause is exposure of session identi...

PT-2025-28400 · Siemens · Siprotec 5 7Sa82 +16

Name of the Vulnerable Software and Affected Versions: SIPROTEC 5 6MD84 CP300 All versions SIPROTEC 5 6MD85 CP300 All versions SIPROTEC 5 6MD86 CP300 All versions SIPROTEC 5 6MD89 CP300 All versions SIPROTEC 5 6MD89 CP300 V9.6 All versions SIPROTEC 5 6MU85 CP300 All versions SIPROTEC 5 7KE85 CP30...

CVE-2024-13618

The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

IBM InfoSphere Information Server Directory Traversal Vulnerability

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A directory traversal vulnerability exists in IBM InfoSphere Information Server version 11.7,...

Design/Logic Flaw

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attac...

ECOA BAS controller arbitrary file upload vulnerability

ECOA BAS controller is a BAS controller developed by Ecoa Technologies Corp in Taiwan, China. ECOA BAS controller is vulnerable to arbitrary file uploads, which can be exploited to send specially crafted URL requests to the /upload URI with the file name and rbt parameters containing The "dot"...

IBM Security Access Manager path traversal vulnerability

IBM Security Access Manager is a product of IBM Corporation for information security management. The product enables access management control through integrated Web-, mobile-, and cloud-oriented devices.IBM Security Access Manager Docker is vulnerable to a path traversal vulnerability that...

CVE-2018-15136

TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application...

Input validation

TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application...