2148 matches found
Powertek Firmware <3.30.30 - Authorization Bypass
Powertek firmware multiple brands before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an...
Landray EKP - Path Traversal
A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to...
MEmu Android Emulator 9.2.7.0 - Local Privilege Escalation
Exploit Title: MEmu Android Emulator 9.2.7.0 - Local Privilege Escalation Google Dork: N/A Date: 2026-06-16 Exploit Author: Mohammad Vendor Homepage: https://www.memuplay.com Software Link: https://www.memuplay.com/download.html Version: 9.2.7.0 Tested on: Windows 10 x64 / Windows 11 x64 CVE:...
GHSA-4Q9J-6299-GXMR Dragonfly Manager OAuth provider client_secret disclosure via unauthenticated GET /api/v1/oauth
Summary The Dragonfly Manager exposes GET /api/v1/oauth and GET /api/v1/oauth/:id to unauthenticated clients. The response body deserializes the entire manager/models.Oauth struct, which includes the clientsecret field. Any network-reachable attacker can read the OAuth client secrets configured f...
Dragonfly Manager OAuth provider client_secret disclosure via unauthenticated GET /api/v1/oauth
Summary The Dragonfly Manager exposes GET /api/v1/oauth and GET /api/v1/oauth/:id to unauthenticated clients. The response body deserializes the entire manager/models.Oauth struct, which includes the clientsecret field. Any network-reachable attacker can read the OAuth client secrets configured f...
GHSA-PMCH-G965-GRMR Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read
Summary SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pgreadfile, pgstatfile, pglslogdir,...
Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read
Summary SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pgreadfile, pgstatfile, pglslogdir,...
PT-2026-55450
Summary The Dragonfly Manager exposes GET /api/v1/oauth and GET /api/v1/oauth/:id to unauthenticated clients. The response body deserializes the entire manager/models.Oauth struct, which includes the client secret field. Any network-reachable attacker can read the OAuth client secrets configured...
PT-2026-55461
Summary SQLChatAgent in langroid ships a validate query defense-in-depth layer whose DANGEROUS SQL PATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pg read file, pg stat file, pg ls logdir...
PT-2026-55407
Summary SQLChatAgent in langroid ships a validate query defense-in-depth layer whose DANGEROUS SQL PATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pg read file, pg stat file, pg ls logdir...
openSUSE 16: stgit / stgit-bash-completion / stgit-emacs / stgit-fish-completion / etc (openSUSE-SU-2026:21185-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:21185-1 advisory. Changes in stgit: - Update to version 2.6.0: chore: update changelog for 2.6.0 fiximport: respect --name verbatim, ignoring stgit.namelength testrefresh...
Unbreakable Enterprise kernel security update
6.12.0-204.92.4.2 - KVM: x86: Fix shadow paging use-after-free due to unexpected role Paolo Bonzini Orabug: 39673880 - net/sched: fix pedit partial COW leading to page cache corruption Rajat Gupta CVE-2026-46331 - netsched: actpedit: use RCU in tcfpeditdump Eric Dumazet Orabug: 39668752 -...
nationstate-cyber-tools
NATION-STATE CYBER WEAPONS ARSENAL Live Web Page: htt...
OPENSUSE-SU-2026:21185-1 Security update for stgit
This update for stgit fixes the following issues: Changes in stgit: - Update to version 2.6.0: chore: update changelog for 2.6.0 fiximport: respect --name verbatim, ignoring stgit.namelength testrefresh: use testwhenfinished for status.renames cleanup expect over unwrap for test bugfix: issue 615...
The Gentlemen are knocking: сustom backdoors and evolving tactics
Introduction This year saw the emergence of The Gentlemen, a prominent example of a group operating under the ransomware-as-a-service RaaS model. Although our initial assessment suggested the group first appeared in mid-2025, it actually started ramping up its activities at the beginning of 2026...
SUSE SLES15 Security Update : aws-iam-authenticator (SUSE-SU-2026:2643-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2643-1 advisory. This update for aws-iam-authenticator fixes the following issues - CVE-2022-1996: CORS bypass bsc1200528. - CVE-2022-2385:...
Security update for aws-iam-authenticator
This update for aws-iam-authenticator fixes the following issues CVE-2022-1996: CORS bypass bsc1200528. CVE-2022-2385: aws-iam-authenticator AccessKeyID validation bypass bsc1201395. CVE-2024-39689: remove root certificates from GLOBALTRUST from the root store. CVE-2025-47910: net/http:...
SUSE-SU-2026:2643-1 Security update for aws-iam-authenticator
This update for aws-iam-authenticator fixes the following issues - CVE-2022-1996: CORS bypass bsc1200528. - CVE-2022-2385: aws-iam-authenticator AccessKeyID validation bypass bsc1201395. - CVE-2024-39689: remove root certificates from GLOBALTRUST from the root store. - CVE-2025-47910: net/http:...
GHSA-9837-48HR-Q32J Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution
Summary glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity check, signature verification, or format validation is performed before...
Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution
Summary glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity check, signature verification, or format validation is performed before...