CVE-2025-51414

In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page...

EUVD-2020-20694

Malware in sbrugna...

EUVD-2021-32479

Malicious code in bioql PyPI...

EUVD-2022-7773

Malicious code in bioql PyPI...

CVE-2025-26210

DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior...

CVE-2025-26210

DeepSeek R1 through V3.1 are affected by a Cross-Site Scripting (XSS) vulnerability described as enabling JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. The CVE-2025-26210 entry explicitly states XSS for versions R1–V3.1; third-party sources note that this behavi...

CVE-2024-41797

CVE-2024-41797 affects Siemens industrial devices including RUGGEDCOM RST2428P and multiple SCALANCE lines (XC316-8, XC324-4, XC332, XC416-8, XC424-4, XC432, XCH328, XCM324/328/332, XR302-32/322-12/326-8, XRH334, XRM334, XR502-32, XR522-12, XR526-8, XR...); root cause is an incorrect authorizatio...

CVE-2024-41797

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V3.1, SCALANCE XC316-8 6GK5324-8TS00-2AC2 All versions V3.1, SCALANCE XC324-4 6GK5328-4TS00-2AC2 All versions V3.1, SCALANCE XC324-4 EEC 6GK5328-4TS00-2EC2 All versions V3.1, SCALANCE XC332 6GK5332-0GA00-2AC2 All...

CVE-2022-32258

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure...

CVE-2021-45761

ROPium v3.1 was discovered to contain an invalid memory address dereference via the find function...

[SECURITY] Fedora 40 Update: python-openapi-core-0.19.4-3.fc40

Openapi-core is a Python library that adds client-side and server-side support for the OpenAPI v3.0 and OpenAPI v3.1 specification...

Security Bulletin: NVIDIA GPU Display Driver - October 2024

NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...

Siemens SINEC Security Monitor

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2024-4350

Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave...

CVE-2024-4350

Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave...

CVE-2024-4350 Concrete CMS version 9 below 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer

Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave...

CVE-2024-7394

Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName. A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVSS v4.0 rank of 4.6 with vector...

CVE-2024-7394 Concrete CMS version 9.0.0 through 9.3.2 and below 8.5.18 - Stored XSS in getAttributeSetName()

Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName. A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVSS v4.0 rank of 4.6 with vector...

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

A high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be exploited to execute common industrial protocol CIP programming and configuration commands. The flaw, which is assigned the CVE identifier CVE-2024-6242, carries a CVSS...

CVE-2024-4353

Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board instance functionality. The Name input field does not check the input sufficiently letting a rogue administrator have the capability to inject malicious JavaScript code. The Concre...