UBUNTU-CVE-2026-46053

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those...

CVE-2026-46053

CVE-2026-46053 affects the Linux kernel RDS memory-registration cleanup. In net/rds, __rds_rdma_map() transfers ownership of sg/pages after get_mr(); if copying the cookie back to user space fails, resources could be freed more than once. The fix removes a duplicate unpin/free in the put_user() f...

Malicious code in ignite-market-contractstest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9babd9b088785649368dbf885050b6a15b218a6b38d2dcd058f0c9eda5109da package.json declares a preinstall lifecycle hook that runs wget --quiet...

CVE-2026-43881 WWBN AVideo: Unauthenticated User Enumeration in `objects/users.json.php` via `isCompany` Parameter Flips `$ignoreAdmin = true` and Defeats Admin-Only Listing Guard

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/users.json.php exposes two unauthenticated paths that disclose the full set of registered user accounts. The isCompany request parameter causes the handler to set $ignoreAdmin = true for any non-admin call...

PT-2026-37297

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.1 Description An issue in the 'objects/users.json.php' endpoint allows unauthenticated remote attackers to disclose the full set of registered user accounts. This occurs through two distinct paths: First, the...

CVE-2026-30269

Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manageusers permission check for self-updates, enabling privileg...

CVE-2026-26708

Affected product: sourcecodester Pharmacy Point of Sale System v1.0. The vulnerability is SQL Injection in /pharmacy/manage_user.php due to improper input sanitization. Impact is described as CRITICAL (C/H, I/H, A/H; CVSS 3.1: 9.8) with Network attack vector, no privileges, no user interaction re...

PT-2026-22655

Name of the Vulnerable Software and Affected Versions sourcecodester Pharmacy Point of Sale System version 1.0 Description The sourcecodester Pharmacy Point of Sale System version 1.0 is susceptible to SQL Injection through the /pharmacy/manage user.php file. The manage user.php script does not...

CVE-2024-39721

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely even after the HTTP request is aborted...

CVE-2020-36902

CVE-2020-36902 affects UBICOD Medivision Digital Signage 1.5.1. Affected component: authorization logic accessible via the /html/user endpoint. Root cause: manipulation of the ft[grp] parameter allows normal users to escalate privileges to super admin without authentication. Impact: unauthorized ...

PT-2025-50523

Name of the Vulnerable Software and Affected Versions UBICOD Medivision Digital Signage version 1.5.1 Description A flaw exists in UBICOD Medivision Digital Signage that allows normal users to gain elevated privileges. This is achieved by manipulating the ftgrp parameter. Specifically, sending a...

CVE-2025-57521

Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a...

EUVD-2021-10086

Malware in sbrugna...

EUVD-2019-11469

Malware in sbrugna...

EUVD-2021-24414

Malware in sbrugna...

EUVD-2024-2247

Malicious code in bioql PyPI...

CVE-2025-8968

Summary: CVE-2025-8968 affects itsourcecode Online Tour and Travel Management System 1.0. A vulnerable function in the admin path (/admin/disapprove_user.php) allows SQL injection through the ID parameter. Exploitation is described as remote, with the exploit disclosed publicly. What’s affected: ...

PT-2025-32532 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP versions prior to 3.6 Description: A flaw exists in jshERP up to version 3.5 related to improper authorization. The issue affects unknown processing of the file /jshERP-boot/user/addUser within the Endpoint component. This manipulation...

SUSE CVE-2025-27151

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlenfilepath when copying a user-supplied file path into a fixed-size stack buffer. This allo...

CVE-2021-27278

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...