CVE-2023-43017

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155...

CVE-2025-23779

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in web-mv ResAds resads allows SQL Injection.This issue affects ResAds: from n/a through = 2.0.5...

CVE-2025-23565

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Taylor Wibstats wibstats-statistics-for-wordpress-mu allows Reflected XSS.This issue affects Wibstats: from n/a through = 0.5.5...

CVE-2025-23448

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dastan800 visualslider Sldier visual-slider allows Reflected XSS.This issue affects visualslider Sldier: from n/a through = 1.1.1...

CVE-2026-21409

Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC OpenID...

Dell PowerProtect Data Domain 操作系统命令注入漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. The Dell PowerProtect Data Domain suffers from an operating system command injection vulnerability that originates from improper...

aws-sqs-create-queue (=0.1.0), cobalt-aws (>=0.3.0 <=0.7.0) +4 more potentially affected by unknown CVE via aws-sdk-sqs (>=0.11.0 <=0.9.0)

aws-sdk-sqs CARGO version =0.11.0, =0.3.0, =1.3.0, =0.1.0, =0.1.3 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

aws-manager (>=0.0.1 <=0.21.2), aws-sdk-manager (>=0.0.0 <=0.0.10) +2 more potentially affected by unknown CVE via aws-sdk-cloudwatchlogs (>=0.10.1 <=0.31.2)

aws-sdk-cloudwatchlogs CARGO version =0.10.1, =0.0.1, =0.0.0, =1.0.0, =1.0.4 - tracing-cloudwatch =0.1.4 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

@accounter/client (>=0.0.3 <=0.0.9-alpha-20260108115520-32a9af5faa8ef0a01fc31a81c85715be41f0f63f), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +75 more potentially affected by CVE-2026-21884 via react-router (>=7.0.0 <=7.12.0-pre.0)

react-router NPM version =7.0.0, =0.0.3, =0.0.2, =1.1.0, =0.1.9, =2.0.1-alpha, =0.0.5, =1.8.1, =1.5.0, =16.0.12, =0.1.0, =12.81.0, =8.0.254, =12.72.0, =12.86.0 and more Source cves: CVE-2026-21884 Source advisory: SNYK:JS-REACTROUTER-14908293...

@buttery/tokens (>=0.1.2 <=0.1.10), @common-stack/frontend-stack-react (>=6.0.6-alpha.23 <=9.0.4-alpha.2) +6 more potentially affected by CVE-2026-21884 via @remix-run/react (>=2.0.0-pre.0 <=2.17.2)

@remix-run/react NPM version =2.0.0-pre.0, =0.1.2, =6.0.6-alpha.23, =0.1.0, =5.6.0, =0.1.36, =2.0.0, =3.0.0, =0.9.84, =0.11.29 Source cves: CVE-2026-21884 Source advisory: SNYK:JS-REMIXRUNREACT-14908292...

acherion (>=0.2.0 <=0.7.2), aesp (=2025.9.12) +243 more potentially affected by CVE-2026-21874 via nicegui (>=2.11.0 <=3.3.1)

nicegui PYPI version =2.11.0, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =1.1.3 - autestoy =0.1.0 - auth-web-kit =1.2.2 and more Source cves: CVE-2026-21874 Source advisory: SNYK:PYTHON-NICEGUI-14912449...

CVE-2026-0747

CVE-2026-0747 describes a sensitive information exposure in Devolutions Remote Desktop Manager (DRDM) for Windows, via the TeamViewer entry dashboard component. The issue arises from a defective masking feature that allows an external observer to view a password on screen, for example during phys...

01-numacert (>=1.0.0 <=3.0.0), 12g (>=0.0.15 <=1.0.1) +7558 more potentially affected by CVE-2026-24001 via diff (>=3.0.0 <=3.5.0)

diff NPM version =3.0.0, =1.0.0, =0.0.15, =1.0.4, =5.4.4, =5.4.4, =2.2.1, =1.1.8, =1.0.0, =2.0.0, =0.0.1, =0.1.1, =0.1.0, =1.0.0, =1.8.1 and more Source cves: CVE-2026-24001 Source advisory: SNYK:JS-DIFF-14917201...

CVE-2025-14612

Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...

wolfSSL Python module vulnerable to Improper Authentication

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

CVE-2025-65518

Plesk Obsidian (versions 8.0.1 to 18.0.73) is affected by a Denial of Service in the get_password.php endpoint. A crafted, malicious request can cause the web interface to continuously reload, rendering the service unavailable to legitimate users. Exploitation is remote and does not require authe...

Asseco InfoMedica 安全漏洞

Asseco InfoMedica is a comprehensive medical information management system from Asseco Poland. A security vulnerability exists in Asseco InfoMedica version 4.50.1 and prior to version 5.38.0, which stems from insufficient access control granularity and could lead to the acquisition of coded...

PT-2026-1848

Name of the Vulnerable Software and Affected Versions Plesk Obsidian versions 8.0.1 through 18.0.73 Description Plesk Obsidian versions 8.0.1 through 18.0.73 are susceptible to a Denial of Service DoS condition. The issue resides in the get password.php API endpoint, where a specifically crafted...

PT-2026-2256

Name of the Vulnerable Software and Affected Versions Mediawiki - Wikibase Extension versions 1.39 through 1.45 Description The Mediawiki - Wikibase Extension is susceptible to a Cross-Site Scripting XSS issue due to improper neutralization of input during web page generation. This allows for the...

NiceGUI 跨站脚本漏洞

NiceGUI is an easy-to-use, Python-based UI framework from NiceGUI Open Source. A cross-site scripting vulnerability exists in NiceGUI versions 2.22.0 through 3.4.1, which stems from an insecure implementation of the click event listener and could lead to cross-site scripting attacks...