Nodejs Squirrelly - Remote Code Execution

Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuratio...

Ubee EVW3226 安全漏洞

The Ubee EVW3226 is a WiFi router from Ubee Corporation of Taiwan, China. A security vulnerability exists in the Ubee EVW3226 version 1.0.20 and earlier, which stems from a configuration backup file being stored in the web root directory and unencrypted, which could lead to the disclosure of...

EUVD-2002-1576

Malware in sbrugna...

EUVD-2007-2606

Malware in sbrugna...

EUVD-2019-9442

Malware in sbrugna...

EUVD-2019-6607

Malware in sbrugna...

EUVD-2019-4291

Malware in sbrugna...

EUVD-2004-2345

Malware in sbrugna...

EUVD-2023-37430

Malicious code in bioql PyPI...

EUVD-2021-8916

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-1351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to...

CVE-2025-47188

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient paramete...

Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...

CVE-2025-52989

CVE-2025-52989 describes an Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved. A local, authenticated attacker with high privileges can exploit a specially crafted annotate configuration command to modify any part of the device configu...

CVE-2025-20997

Incorrect default permission in Framework for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to reset some configuration of Galaxy Watch...

CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...

CVE-2025-3117

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

CVE-2024-46462

By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZEDMAIL has to be modified to prevent this vulnerability...

CVE-2022-46327

Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions...

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that originates from...