CVE-2018-4353

A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14...

CVE-2019-18412

JetBrains IDETalk plugin before version 193.4099.10 allows XXE...

CVE-2017-18810

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS...

CVE-2025-14026

Forcepoint One DLP Client, version 23.04.5642 and possibly newer versions, includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface FFI for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code...

EUVD-2018-13050

Malware in sbrugna...

EUVD-2019-14990

Malware in sbrugna...

EUVD-2024-52912

Malicious code in bioql PyPI...

EUVD-2024-36947

Malicious code in bioql PyPI...

EUVD-2025-11356

Malicious code in bioql PyPI...

EUVD-2022-52834

Malicious code in bioql PyPI...

CVE-2025-2411

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.This issue affects TaskPano: from s1.06.04 before v1.06.06...

CVE-2025-7036 CleverReach WP <= 1.5.20 - Unauthenticated SQL Injection via title Parameter

The CleverReach® WP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘title’ parameter in all versions up to, and including, 1.5.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

CVE-2025-53840

Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. However, the name of an object will not b...

CVE-2025-53840

Icinga DB Web contains an exposure in versions 1.2.0–1.2.1 where users with access to Dependency Views could see hosts and services they should not, due to improper access control on dependency views (filter/hosts and filter/services). The object name is not revealed and access to a host or servi...

CVE-2025-30403

CVE-2025-30403 affects mvfst, where a heap-buffer-overflow can be triggered by a specially crafted QUIC message. Affected versions are mvfst prior to v2025.07.07.00. The issue stems from how mvfst handles certain input during QUIC sessions, potentially enabling a crash or memory corruption. Publi...

PT-2025-26942 · Unknown · Iroha Board

Name of the Vulnerable Software and Affected Versions: iroha Board versions v0.10.12 and earlier Description: A cross-site request forgery issue exists. If a user accesses a specially crafted URL while logged in to the affected product, arbitrary learning histories may be registered...

PT-2025-23882 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 versions up to 15.03.06.47 Description: A critical issue was found in the HTTP Handler component, specifically affecting the formSetPPTPServer function of the /goform/SetPptpServerCfg file. The manipulation of the startIp and endIp...

PT-2025-24611 · NetGear · Netgear Ex3700

Name of the Vulnerable Software and Affected Versions: Netgear EX3700 versions 1.0.0.0 through 1.0.0.88 Description: A critical issue has been found, affecting the function sub 41619C of the file /mtd. This issue leads to a stack-based buffer overflow and can be exploited remotely. The problem ha...

CVE-2024-5959

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Eliz Software Panel allows Stored XSS. This issue affects Panel: before v2.3.24...

CVE-2024-22170

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102...