Category: Vulnerabilities

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. More information : https://www.veeam.com/kb4830

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. More information : https://www.veeam.com/kb4830

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. More information : https://www.veeam.com/kb4831

A vulnerability allowing a low-privileged user to extract saved SSH credentials. More information : https://www.veeam.com/kb4831

A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication. More information : https://www.veeam.com/kb4831

A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote...

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web...

In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that, when processed by Flowmon ADS and...

The Simple Ajax Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘c’ parameter in versions up to, and including, 20260217 due to insufficient input sanitization and output escaping. This makes...

Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF (Krajowy System e-Faktur) token to be guessed after analyzing how tokens with know values are encoded. This issue was fixed...

SGLang’ encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication. More information : https://github.com/sgl-project/sglang/blob/main/python/sglang/srt/disaggregation/encode_receiver.py

SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running...

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack...

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be...