65 matches found
EUVD-2021-0988
Malware in sbrugna...
EUVD-2022-4238
Malicious code in bioql PyPI...
EUVD-2022-53084
Malicious code in bioql PyPI...
JVN#46919949: PgManage vulnerable to injection
PgManage provided by Command Prompt, Inc. uses RestrictedPython module. The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage CWE-477. Impact A user of the affected product may escape a sandbox and execute arbitrary code. Solution...
Siemens SIPROTEC 4 and SIPROTEC 4 Compact
SUMMARY SIPROTEC 4 and SIPROTEC 4 Compact devices contain a vulnerability that could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is...
Siemens Opcenter Quality
SUMMARY The Opcenter Quality is affected by multiple vulnerabilities in the SmartClient modules Opcenter QL Home SC, SOA Audit and SOA Cockpit. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general...
CVE-2025-54077
WeGIA is an open-source web manager vulnerable to a reflected XSS in the personalizacao.php endpoint. The flaw affects versions prior to 3.4.6 and allows an attacker to inject scripts via the err parameter. The issue originates from insufficient input handling in that endpoint, with the documente...
PT-2025-29517 · Wegia · Wegia
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.5 Description: WeGIA is an open source web manager. A Reflected Cross-Site Scripting XSS vulnerability exists in the relatorio geracao.php endpoint. Attackers can inject malicious scripts through the tipo relatorio...
PT-2025-28128 · Nimesa · Nimesa Backup/Recovery
Name of the Vulnerable Software and Affected Versions: Nimesa Backup and Recovery versions 2.3 through 2.4 Description: An OS command injection issue exists, allowing arbitrary OS commands to be executed on the server where the product is running if exploited. Recommendations: For versions 2.3 an...
PT-2025-27491 · Electron · Electron
Name of the Vulnerable Software and Affected Versions: Electron versions 30.0.0-alpha.1 through 30.0.5 Electron versions 31.0.0-alpha.1 through 31.0.0-beta.1 Description: The issue is an ASAR Integrity bypass, which only impacts applications that have the embeddedAsarIntegrityValidation and...
PT-2025-23504 · Sslh +1 · Sslh +1
Name of the Vulnerable Software and Affected Versions: sslh versions prior to 2.2.4 Description: A resource allocation issue without limits or throttling in sslh allows attackers to exhaust file descriptors, denying service to legitimate users. This issue can be exploited to impact user service...
CVE-2024-56411
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting XSS vulnerability of the hyperlink base in the HTML page header. The HTML page is formed without sanitizing the hyperlink base. Versions 3.7.0,...
PT-2025-21527 · WordPress · Mappress Maps
Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions prior to 2.93 Description: The issue concerns the MapPress Maps plugin for WordPress, where certain settings are not properly sanitized and escaped. This could allow high-privilege users, such as...
PT-2025-20053 · Samsung · Samsung Gallery
Name of the Vulnerable Software and Affected Versions: Samsung Gallery versions prior to 14.5.10.3 in Global Android 13 Samsung Gallery versions prior to 14.5.09.3 in China Android 13 Samsung Gallery versions prior to 15.5.04.5 in Android 14 Description: The issue is related to improper access...
PT-2025-19769 · Misskey · Misskey
Name of the Vulnerable Software and Affected Versions: Misskey versions 12.0.0 through 2025.4.0 Description: The issue arises from an oversight in validation performed in UrlPreviewService and MkUrlPreview, allowing an attacker to inject arbitrary CSS into the MkUrlPreview component. This can lea...
GIMP Buffer Overflow Vulnerability (Apr 2025) - Windows
GIMP is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gimp:gimp"; ifdescription...
PT-2025-17331 · Nessus · Nessus
Name of the Vulnerable Software and Affected Versions: Nessus versions prior to 10.8.4 Description: The issue is related to the installation of Nessus to a non-default location on a Windows host, where secure permissions for sub-directories were not enforced in versions prior to 10.8.4. This coul...
PT-2025-17165 · Unknown · Hive Support
Name of the Vulnerable Software and Affected Versions: Hive Support versions 1.2.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS in Hive Support. Recommendations: For...
PT-2025-14721 · Tailpress · Tailpress
Name of the Vulnerable Software and Affected Versions: TailPress versions 0.4.4 and earlier Description: The issue allows the retrieval of embedded sensitive data due to the insertion of sensitive information into externally-accessible files or directories. Recommendations: For versions 0.4.4 and...
Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20250331T171002 2025-03-31T17:10:02Z jscPED-11136 GO-2025-3443 GO-2025-3548 GO-2025-3557 GO-2025-3558 GO-2025-3559 Update to version 0.0.20250327T184518 2025-03-27T18:45:18Z jscPED-11136 GO-2025-3526 Patch...