CVE-2025-40741

A vulnerability has been identified in Solid Edge SE2025 All versions V225.0 Update 5. The affected applications contain a stack based overflow vulnerability while parsing specially crafted CFG files. This could allow an attacker to execute code in the context of the current process...

CVE-2024-34614

Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code...

CVE-2024-39348

Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager SRM before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors...

CVE-2024-39904

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

EUVD-2026-1513

This vulnerability allows a Backup Operator to perform remote code execution RCE as the postgres user by sending a malicious interval or order parameter...

EUVD-2026-1443

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Wellspring wellspring allows PHP Local File Inclusion.This issue affects Wellspring: from n/a through 2.8...

GHSA-J4PR-3WM6-XX2R vulnerabilities

Vulnerabilities for packages: ruby, logstash...

GHSA-54JQ-C3M8-4M76 vulnerabilities

Vulnerabilities for packages: request-1276, py3-cassandra-medusa, authentik, kserve, kubeflow-pipelines-visualization-server, gitlab-cng, apache-beam-python-3.11-sdk, open-webui, checkov, py3-vllm-cuda-12.4, awx, dask-kubernetes, airflow...

CVE-2019-7323

GUP generic update process in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. The update process relies on cleartext HTTP. The attacker could replace the...

CVE-2019-7341

Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorLinkedMonitors' parameter value in the view monitor monitor.php because proper filtration is omitted...

CVE-2019-7330

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame frame.php because proper filtration is omitted...

CVE-2019-7339

POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log log.php because proper filtration is omitted...

GHSA-2VGG-9H6W-M454 vulnerabilities

Vulnerabilities for packages: argo-cd...

GHSA-QJ89-GQXQ-9F84 vulnerabilities

Vulnerabilities for packages: mysql...

GHSA-9MVJ-F7W8-PVH2 vulnerabilities

Vulnerabilities for packages: jupyter-base-notebook, rancher-api-ui...

EUVD-2026-1027

SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full...

GHSA-MG98-J5Q2-674W

creationtimestamp| type| source ---|---|--- 2026-01-06 05:03:26+00:00| published-proof-of-concept| Telegram/831nHCRtL2evt5rniei0FJReQqtzOwaiGXzkQTpqhGeUo2I...

GHSA-WCJ4-JW5J-44WH vulnerabilities

Vulnerabilities for packages: authentik-fips, authentik, py3-vllm-cuda-12.4, localstack, tritonserver-backend-vllm-cuda-12.9...

EUVD-2026-0110

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0204

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...