High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10-Strike–Strike Network Inventory Explorer Pro 10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text file import functionality that allows remote code execution.…
Category: Bulletins
Vulnerability Summary for the Week of January 5, 2026
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info AA-Team–Amazon Native Shopping Recommendations Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue…
Vulnerability Summary for the Week of December 29, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info SmarterTools–SmarterMail Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.…
Vulnerability Summary for the Week of December 22, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 9786–phpok3w A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads…
Vulnerability Summary for the Week of December 15, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Cisco–Cisco Secure Email Cisco is aware of a potential vulnerability. Cisco is currently investigating and will update these details as appropriate as more information becomes available. 2025-12-17 10 CVE-2025-20393…
Vulnerability Summary for the Week of December 8, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Unknown–Typora Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into…
Vulnerability Summary for the Week of December 1, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10web–10Web Booster Website speed optimization, Cache & Page Speed optimizer The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable…
Vulnerability Summary for the Week of November 24, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 0x4m4–HexStrike AI By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server,…
Vulnerability Summary for the Week of November 17, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info ABB–ABB Ability Edgenius Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1. 2025-11-20 9.6 CVE-2025-10571…
Vulnerability Summary for the Week of November 10, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info leopardhost–TNC Toolbox: Web Performance The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This…
Vulnerability Summary for the Week of September 22, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info FlowiseAI–Flowise Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution.…
Vulnerability Summary for the Week of September 15, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Logo Software–Diva Authorization Bypass Through User-Controlled SQL Primary Key, CWE – 89 – Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in…
Vulnerability Summary for the Week of September 8, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Adobe–Acrobat Reader Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of…
Vulnerability Summary for the Week of September 1, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000projects–Beauty Parlour Management System A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument…
Vulnerability Summary for the Week of August 25, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000projects–Online Project Report Submission and Evaluation System A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of…
Vulnerability Summary for the Week of August 18, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 7ritn–VaulTLS VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL…
Vulnerability Summary for the Week of August 11, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Sales Management System A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument…
Vulnerability Summary for the Week of August 4, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Adobe–Adobe Experience Manager Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability…
Vulnerability Summary for the Week of July 28, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 0x676e67–vproxy vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::try_from and flows into…
Vulnerability Summary for the Week of July 21, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–ABC Courier Management System A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown…