CVE-2026-6530

DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3647 more potentially affected by CVE-2026-33940 via handlebars (>=4.0.0 <=4.7.8)

handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33940 Source advisory: OSV:GHSA-XHPV-HC6G-R9C6...

CVE-2026-25498 Craft has a potential authenticated Remote Code Execution via malicious attached Behavior

Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a Remote Code Execution RCE vulnerability exists in Craft CMS where the assembleLayoutFromPost function in src/services/Fields.php fails to sanitize user-supplied configuratio...

EUVD-2020-3171

Malware in sbrugna...

EUVD-2016-3644

Malware in sbrugna...

EUVD-2021-19468

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-46088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution RCE. Any user with the Zabbix Admin role is able to run custom shell script on the...

Contao 安全漏洞

Contao is an open source content management system CMS developed in PHP. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 4.x prior to version 4.13.40 and version 5.x prior to version 5.3.4, which stems from a cookie mark...

WiX Toolset Code Issue Vulnerability

WiX Toolset is an open source code library for . A code issue vulnerability exists in WiX Toolset 4 through 4.0.4, versions prior to 3.14.0, which stems from the .be TEMP folder being susceptible to a DLL redirection attack that allows an attacker to elevate privileges...

Veeam Recovery Orchestrator Vulnerability ( CVE-2024-22021 |  CVE-2024-22022 )

Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program VDP for all Veeam products and perform extensive internal code audits. When a vulnerability is...

PYSEC-2023-193

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI. All versions of Zope 4 and Zope 5 are affected. Patches will be released wit...

@beardeddudes/strapi-types (>=0.1.0 <=0.1.1), @bilberrry/strapi-plugin-link-finder (>=1.0.1 <=1.0.2) +118 more potentially affected by CVE-2023-22894 via @strapi/strapi (>=4.0.0-beta.0 <=4.7.2-exp.24dd7d95972fa822bf43e9b095b51027402c229e)

@strapi/strapi NPM version =4.0.0-beta.0, =0.1.0, =1.0.1, =4.12.2, =1.0.0, =0.0.1, =1.0.5, =1.0.5, =1.0.9, =0.0.1, =0.1.0, =1.3.2, =1.7.0 - @iliad.dev/atlas-adapter =0.2.11 and more Source cves: CVE-2023-22894 Source advisory: OSV:GHSA-JJQF-J4W7-92W8...

CVE-2022-33859

A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary...

phpMyAdmin 4.x < 4.8.3 Cross-Site Scripting

The version of phpMyAdmin installed on the remote host does not correctly handle malicious filenames leading to a leading to a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version numbe...

Silverstripe Framework SQLi Vulnerability

All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject...

Rockwell Automation ISaGRAF5 Runtime Relative Path Traversal (CVE-2020-25176)

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer IXL protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated...

MuleSoft Mule 代码问题漏洞

Mulesoft MuleSoft Mule is a lightweight integration platform from the US company MuleSoft Mulesoft. The platform supports management of message routing between nodes, data mapping, and more. A code issue vulnerability exists in MuleSoft Mule, which originates in the Mule runtime component. The...

Remote code execution

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...

Rockwell Automation ISaGRAF5 Runtime (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ISaGRAF5 Runtime Vulnerabilities: Use of Hard-coded Cryptographic Key, Unprotected Storage of Credentials, Relative Path Traversal, Uncontrolled Search Path Element,...

MuleSoft Mule Resource Management Error Vulnerability

MuleSoft Mule is a lightweight integration platform from MuleSoft, USA. The platform supports management of message routing between nodes, data mapping, and more. A security vulnerability exists in MuleSoft Mule Community and Enterprise Editions versions 3.8.x, 3.9.x, and 4.x released before Apri...