ETQ Reliance - Authentication Bypass via Trailing Space

An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...

SUSE CVE-2026-43176

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate release report content before using for RTL8922DE The commit 957eda596c76 "wifi: rtw89: pci: validate sequence number of TX release report" does validation on existing chips, which somehow a release...

NetBird has Race Condition on UpdateUser Function, Resulting in Privilege Escalation From Admin to Owner

Summary A race condition vulnerability allows authenticated admin-privileged users to escalate to owner privilege. Details The vulnerability exists in the updateUser function, which is connected to the /users/userId PUT request. This function then calls the SaveOrAddUsers function, which checks t...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the URL validation logic due to improper handling of underscores in hostnames. An attacker can access internal resources or sensitive endpoints by submitting specially crafted URLs containing...

EUVD-2026-10408

Pocket ID: OIDC authorization code validation uses AND instead of OR, allowing cross-client token exchange...

ImageMagick has Division-by-Zero in YUV sampling factor validation, which leads to crash

A logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. coders/yuv.c:210:47: runtime error: division by zero AddressSanitizer:DEADLYSIGNAL...

CVE-2025-40206 netfilter: nft_objref: validate objref and objrefmap expressions

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit at 000000008bda5b8c...

CVE-2025-61775

Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address...

EUVD-2021-31262

Malicious code in bioql PyPI...

EUVD-2025-2021

Malicious code in bioql PyPI...

EUVD-2024-54694

Malicious code in bioql PyPI...

CVE-2025-6198 Supermicro BMC firmware update validation bypass

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image...

CVE-2025-34143 ETQ Reliance CG Authentication Bypass via Trailing Space RCE

An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...

CVE-2024-45347

An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access to the victim’s device...

CVE-2024-45347

CVE-2024-45347 affects Xiaomi Mi Connect Service App. Multiple connected sources indicate the root cause is flawed validation in the authentication/authorization flow, enabling unauthorized access to a victim’s device. CVSS 3.1 base score 9.6 (Adjac ent attack, no user interaction, high impact on...

CVE-2024-45347 Mi Connect Service APP protocol flaws lead to unauthorized access

An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access to the victim’s device...

PT-2025-26583 · Xiaomi · Xiaomi Mi Connect Service App

Name of the Vulnerable Software and Affected Versions: Xiaomi Mi Connect Service APP affected versions not specified Description: An unauthorized access issue exists due to flawed validation logic in the Xiaomi Mi Connect Service APP, allowing attackers to gain unauthorized access to devices...

Improper Authentication

salt is vulnerable to Improper Authentication. The vulnerability is due to improper validation logic in the salt.auth.pki module, which treats the presence of a valid public certificate as sufficient for authentication without requiring the corresponding private key, allows an attacker to bypass...

CVE-2025-29785

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

CVE-2022-28783

Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name...