EUVD-2022-5764

Malicious code in bioql PyPI...

EUVD-2022-52273

Malicious code in bioql PyPI...

EUVD-2025-13920

Malicious code in bioql PyPI...

CVE-2025-20312

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when parsing a specific SNMP...

CVE-2025-54391

A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration ZCS allows an attacker with valid user credentials to bypass Two-Factor Authentication 2FA protection. The attacker can configure an additional 2FA method either a third-party authenticator app or email-based...

Brute Force

Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Brute Force via insufficient protections on the authentication process. An attacker can gain unauthorized access to user accounts by performing automated credential...

CVE-2025-20287 Cisco Evolved Programmable Network Manager Arbitrary File Upload Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based...

CVE-2025-20342

Cisco IMC vKVM stored XSS (CVE-2025-20342) arises from insufficient input validation in the web-based management interface. An authenticated user with vKVM privileges can inject code via a data field, potentially executing script in the interface context or exposing browser data. Affected product...

Liferay Portal Login Bypass Vulnerability

Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid...

Cisco Unified Intelligence Center Arbitrary File Upload (cisco-sa-cuis-file-upload-UhNEtStm)

The version of Cisco Unified Intelligence Center installed on the remote host is prior to tested version. It is, therefore, affected by an arbitrary file upload vulnerability as referenced in the cisco-sa-cuis-file-upload-UhNEtStm advisory: - A vulnerability in the web-based management interface ...

Exploit for CVE-2025-1094

I have written this exploit with reference to the PoC available...

CVE-2025-39240

Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command...

CVE-2025-39240

Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command...

CVE-2025-20267

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...

CVE-2024-20336

A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...

CVE-2024-47571

An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials...

CVE-2023-52324

An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any...

CVE-2022-46649

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device...

CVE-2019-19988

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vameditXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the...

CVE-2012-4701

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging 1 valid credentials or 2 the guest feature...