| Date |
Product |
Vulnerabilty Type |
Details |
|
11/2025
|
REDAXO CMS
|
Improper Neutralization of Input During Web Page Generation (CWE‑79)
|
Post
|
|
11/2025
|
Janitza UMG 96RM-E firmware versions below 3.14
|
CWE‑78 (Improper Neutralization of Special Elements used in an OS Command), CWE‑798 (Use of Hard‑coded Credentials), CWE‑327 (Use of a Broken or Risky Cryptographic Algorithm), CWE‑732 (Incorrect Permission Assignment for Critical Resource)
|
Post
|
|
03/2025
|
SICK DL100-2xxxxxxx all firmware versions
|
CWE‑494 (Download of Code Without Integrity Check), CWE‑319 (Cleartext Transmission of Sensitive Information), CWE‑328 (Use of Weak Hash)
|
Post
|
|
01/2025
|
rasa (pip) <3.6.21 and rasa-pro (pip) <3.10.12, <3.9.16, <3.8.18
|
CWE‑94 (Improper Control of Generation of Code ('Code Injection')), CWE‑502 (Deserialization of Untrusted Data)
|
Post
|
| Date |
Product |
Vulnerabilty Type |
Details |
|
12/2024
|
SharkSSL
|
Buffer Overflow (CWE‑120)
|
Post
|
|
11/2024
|
Kanboard
|
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) (CWE‑22)
|
Post
|
|
11/2024
|
SharkSSL
|
Buffer Overflow (CWE‑120)
|
Post
|
|
09/2024
|
Apple iOS/iPadOS, macOS and more
|
Out‑of‑bounds Write (CWE‑787)
|
Post
|
|
08/2024
|
Collabora Office for Android
|
Improper Neutralization of Encoded URI Schemes in a Web Page (CWE‑84)
|
Post
|
|
08/2024
|
Moodle
|
Cross‑site Scripting (CWE‑79)
|
Post
|
|
05/2024
|
Certain HP LaserJet Pro Printers
|
(Possible) Exposure of Sensitive Information to an Unauthorized Actor (CWE‑200)
|
Post
|
|
03/2024
|
LDAP Account Manager (LAM)
|
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) (CWE‑22)
|
Post
|
|
03/2024
|
Airmail - Your Mail With You, Airmail for Business
|
Improper Neutralization of Input During Web Page Generation / "Cross‑site Scripting") (CWE‑79), Insecure Storage of Sensitive Information (CWE‑922)
|
Post
|
|
03/2024
|
Apple iOS/iPadOS, macOS and more
|
Improper Input Validation (CWE‑20)
|
Post
|
|
01/2024
|
Tuta Mail
|
Improper Input Validation (CWE‑20)
|
Post
|
|
01/2024
|
Tuta Mail
|
Server‑Side Request Forgery (SSRF) (CWE‑918)
|
Post
|
| Date |
Product |
Vulnerabilty Type |
Details |
|
12/2023
|
MatrixSSL
|
Integer Overflow or Wraparound (CWE‑190)
|
Post
|
|
11/2023
|
Wire AVS as used in Wire Secure Messenger
|
Use of Externally‑Controlled Format String (CWE‑134)
|
Post
|
|
06/2023
|
Apple iOS/iPadOS, macOS and more
|
Buffer Copy without Checking Size of Input (CWE‑120)
|
Post
|
|
05/2023
|
LibreOffice
|
Improper Validation of Array Index (CWE‑129)
|
Post
|
|
04/2023
|
Mozilla Maintenance Service
|
Improper Resource Locking (CWE‑413)
|
Post
|
|
01/2023
|
MatrixSSL
|
Integer Overflow or Wraparound (CWE‑190)
|
Post
|
| Date |
Product |
Vulnerabilty Type |
Details |
|
11/2020
|
SQLCipher
|
Use After Free (CWE‑416)
|
Post
|
|
10/2020
|
Wire AVS as used in Wire Secure Messenger
|
Use of Externally‑Controlled Format String (CWE‑134)
|
Post
|
|
07/2020
|
IBM Maximo Asset Management
|
Improper Restriction of XML External Entity Reference (CWE‑611)
|
Post
|
|
07/2020
|
Apple iOS, macOS
|
Heap‑based Buffer Overflow (CWE‑122)
|
Post
|
|
06/2020
|
Teamwire (Android)
|
Missing Authentication for Critical Function (CWE‑306)
|
Post
|
|
05/2020
|
Ilias
|
Improper Control of Filename for Include/Require Statement in PHP Program (CWE‑98), Exposure of Sensitive Information to an Unauthorized Actor (CWE‑200)
|
Post
|
|
03/2020
|
Fortinet FortiClient
|
Unquoted Search Path or Element (CWE‑428)
|
Post
|
|
01/2020
|
Juniper Networks Junos Space
|
External Control of File Name or Path (CWE‑73)
|
Post
|
@DTCERT