Exploit for CVE-2025-39247

CVE-2025-39247 - Target: HikCentral Professional HCMP, c...

GO-2026-4751 Zitadel is missing enforcement of organization scopes in github.com/zitadel/zitadel

Zitadel is missing enforcement of organization scopes in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

CVE-2026-31839

Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered...

GO-2026-4573 ZITADEL's truncated opaque tokens are still valid in github.com/zitadel/zitadel

ZITADEL's truncated opaque tokens are still valid in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

EUVD-2021-32726

Malicious code in bioql PyPI...

CVE-2023-44322

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.0, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.0, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.0, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.0, SCALANCE...

CVE-2024-57724

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component grayrecordcell...

CVE-2024-57724

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component grayrecordcell...

CVE-2024-57721

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovgpathaddpath...

CVE-2024-57724

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component grayrecordcell...

CVE-2024-57720

CVE-2024-57720 affects lunasvg v3.0.0 with a segmentation fault in the plutovg_blend component. The CVSSv3.1 base score is 6.5 (MEDIUM) with network attack vector, low attack complexity, no privileges required, user interaction required, and high impact to availability. Fedora advisories describe...

CVE-2024-57723

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component compositionsourceover...

CVE-2024-57722

lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovgsurfacecreate...

CVE-2024-57719

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component blendtransformedtiledargb.isra.0...

CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...

CVE-2024-52288 RMAC revert to the beginning of the session in libosdp

libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. In affected versions an unexpected REPLYCCRYPT or REPLYRMACI may be introduced into an active stream when they should not be. Once RMACI message can...

CVE-2024-47186 Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting

Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting XSS vulnerability. If values passed to a ColorColumn or ColumnEntry are not valid and contain a specific set of characters,...

CVE-2024-34905

FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-34905

FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-34905

FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...