EUVD-2026-30993

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

CVE-2026-27495

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On...

MiracleLinux 8 : grub2-2.02-156.el8.ML.1 (AXSA:2024-8448:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8448:04 advisory. grub2: grub2-set-bootflag can be abused by local pseudo-users CVE-2024-1048 grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code...

CVE-2025-42939 Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statements)

SAP S/4HANA Manage Processing Rules - For Bank Statements allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should...

EUVD-2023-32654

Malicious code in bioql PyPI...

CVE-2025-53709

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

CVE-2025-53709

The CVE-2025-53709 entries describe a privilege/authorization issue in Palantir Secure-upload, a data submission service installed on a limited set of environments. Affected component: Secure-upload before version 0.815.0. Reported problems include: privileged users could select email templates n...

CVE-2025-53709 Access control issues impacting secure-upload service

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

CVE-2021-45841

In Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users disabled by default can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest...

CVE-2021-45335

Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files...

SolarWinds Access Rights Manager 代码问题漏洞

SolarWinds Access Rights Manager is a lightweight review management system from SolarWinds, Inc. A code issue vulnerability exists in SolarWinds Access Rights Manager that originates from allowing an authenticated user to abuse the service, which could result in remote code execution...

ChurchCRM 跨站请求伪造漏洞

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version v4.5.3. An attacker exploited the vulnerability to set a person as a user and set that user as an administrator...

User can abuse tight stop losses and high leverage to make risk free trades

Lines of code Vulnerability details Impact User can abuse how stop losses are priced to open high leverage trades with huge upside and very little downside Proof of Concept function limitClose uint id, bool tp, PriceData calldata priceData, bytes calldata signature external checkDelayid, false;...

DEBIAN-CVE-2021-35938

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system...

CVE-2021-45335

CVE-2021-45335 affects Avast Antivirus: the sandbox component prior to version 20.4 has an insecure permission, enabling a local user to influence scan outcomes and potentially evade detection or delete arbitrary system files. Affected product is Avast Antivirus (sandbox module); root cause is an...

Informatica: Html injection on ██████.informatica.com via search.html?q=1

hello dear I have found HTML injection on ██████.informatica.com parameters injectable search.html?q=1 URL : https://████████.informatica.com/search.html?q=1%22%3E%3Cimg%20src=https://www.no-gods-no-masters.com/imagesdesigns/anonymous-gandhi-d001001207265.png%3E%E2%80%[email protected]%20%22 payload ; 1"”@x...

RFCpwn - An Enumeration And Exploitation Toolkit Using RFC Calls To SAP

An SAP enumeration and exploitation toolkit using SAP RFC calls This is a toolkit for demonstrating the impact of compromised service accounts. This PoC is not for use in production environments, no guarantee of stability or support. RFCpwn relies on the pyrfc and the libraries provided by SAP in...

PYSEC-2017-11

Cross-site request forgery CSRF vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors...

Why Care About Data-Centric Security?

It’s no surprise that data breaches are evolving and becoming increasingly more complex. According to the Verizon 2017 Data Breach Investigation Report, data breaches are “complex affairs often involving some combination of human factors, hardware devices, exploited configurations or malicious...

kernel: ptrace: Crash on PTRACE_{ATTACH,DETACH} race

Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux RHEL 4, allows local users to cause a denial of service oops via a long series of PTRACEATTACH ptrace calls to another user's process that trigger a conflict between...