CVE-2026-24035 Horilla has Improper Access Control Issue that Allows Unauthorized Document Upload on Behalf of Another Employee

Horilla is a free and open source Human Resource Management System HRMS. An Improper Access Control vulnerability exists in Horilla HR Software starting in version 1.4.0 and prior to version 1.5.0, allowing any authenticated employee to upload documents on behalf of another employee without prope...

CVE-2021-33217

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root...

EUVD-2016-0037

Malware in sbrugna...

EUVD-2021-24972

Malware in sbrugna...

EUVD-2020-0097

Malware in sbrugna...

EUVD-2011-3309

Malware in sbrugna...

EUVD-2017-6667

Malware in sbrugna...

EUVD-2020-30559

Malware in sbrugna...

EUVD-2025-7052

Malicious code in bioql PyPI...

EUVD-2025-0129

Malicious code in bioql PyPI...

EUVD-2022-24847

Malicious code in bioql PyPI...

EUVD-2022-6922

Malicious code in bioql PyPI...

CVE-2025-5846 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...

CVE-2023-50450

CVE-2023-50450 affects Sensopart VISOR Vision Sensors prior to version 2.10.0.2. The issue allows local users to perform unspecified actions with elevated privileges (local-privilege escalation). Root cause details are not provided in the documents; remediation is to upgrade to 2.10.0.2 or later....

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to improper ownership management (CVE-2025-3629)

Summary A vulnerability due to improper ownership management in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-3629 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to delete another user's comments due to improper ownership...

Authd 安全漏洞

Authd is a cloud-based authentication daemon for identity providers in the Ubuntu open source. A security vulnerability exists in Authd versions prior to 0.5.4, which stems from a temporary user logging issue that could result in a user being incorrectly recognized as the root group...

EulerOS 2.0 SP12 : containerd (EulerOS-SA-2025-1579)

According to the versions of the containerd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers...

CVE-2023-36543

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected...

CVE-2022-24819

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1...

CVE-2025-4648

Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from...