PT-2026-44726

Summary go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it; repeated parsing in a long-running process can exhaust the process file...

CVE-2026-39112

Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...

MiracleLinux 4 : ipa-3.0.0-47.0.1.AXS4 (AXSA:2015-419:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-419:01 advisory. IPA is an integrated solution to provide centrally managed Identity machine, user, virtual machines, groups, authentication credentials, Policy...

EUVD-2019-18526

Malware in sbrugna...

EUVD-2020-13457

Malware in sbrugna...

EUVD-2024-36822

Malicious code in bioql PyPI...

EUVD-2023-55392

Malicious code in bioql PyPI...

EUVD-2021-30598

Malicious code in bioql PyPI...

CVE-2024-37768

14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id...

CVE-2024-37769

Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request...

CVE-2024-46215

A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub445BDC function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the string, leading to a buffer overflow...

CVE-2023-50614

An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci...

CVE-2025-45612

Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index...

CVE-2025-45612

Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index...

fronsetia 1.1 Cross Site Scripting

Exploit Title: Reflected XSS - fronsetiav1.1 Date: 11/2024 Exploit Author: Andrey Stoykov Version: 1.1 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/2024/11/friday-fun-pentest-series-14-reflected.html Reflected XSS 1 - "showoperations.jsp" Steps to Reproduce: 1. Visit main page of th...

CVE-2024-48270

An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack...

CVE-2024-48270

The CVE-2024-48270 entry concerns oasys v1.1, specifically the /logins component. The issue allows an attacker to access sensitive information via a burst attack, with the NVD/CVE details listing a high-severity CVSS 3.1 vector (Network access, Low attack complexity, No privileges required, No us...

CVE-2024-48270

An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack...

CVE-2024-48270

An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack...

CVE-2024-46215

A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub445BDC function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the string, leading to a buffer overflow...