CVE-2025-5485 SinoTrack GPS Receiver Weak Authentication

User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. A malicious actor can enumerate potential targets by incrementing or decrementing from known identifiers or through enumerating random digit sequenc...

CVE-2025-5485

CVE-2025-5485 affects SinoTrack IoT PC Platform (web management interface) with weak authentication caused by using the device identifier (

Exploit for CVE-2026-36848

CVE-2026-36848 A critical path traversal vulnerability was id...

New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes

Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model's LLM safety and content moderation guardrails with just a single character change. "The TokenBreak attack targets a text classification model's tokenization...

Medium: git

Issue Overview: Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed...

Medium: git

Issue Overview: Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed...

Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2025-1014)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1014 advisory. Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called...

Amazon Linux 2 : git (ALAS-2025-2884)

The version of git installed on the remote host is prior to 2.47.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2884 advisory. Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are...

[ASA-202506-6] python-django: content spoofing

Arch Linux Security Advisory ASA-202506-6 ========================================= Severity: Low Date : 2025-06-12 CVE-ID : CVE-2025-48432 Package : python-django Type : content spoofing Remote : Yes Link : https://security.archlinux.org/AVG-2894 Summary ======= The package python-django before...

SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords

Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and even track their locations. "Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without...

Learning Obfuscations of LLM Embedding Sequences: Stained Glass Transform

The high cost of ownership of AI compute infrastructure and challenges of robust serving of large language models LLMs has led to a surge in managed Model-as-a-service deployments. Even when enterprises choose on-premises deployments, the compute infrastructure is typically shared across many tea...

PT-2025-25241 · Sinotrack · Iot Pc Platform

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A cybersecurity issue exists where user names used to access the web management interface are limited to the device identifier, a numerical identifier no more than 10 digits. This allows a...

EulerOS 2.0 SP13 : git (EulerOS-SA-2025-1631)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the...

(Pwn2Own) Ubiquiti Networks AI Bullet Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected Ubiquiti Networks AI Bullet cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of DHCP packet options. The issue results from insufficient...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-1631)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-1614)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP13 : git (EulerOS-SA-2025-1614)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the...

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.2-ifix2 Vulnerability Details CVEID:CVE-2019-12900 DESCRIPTION: BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CWE:CWE-787: Out-of-bounds Write CVSS...

Security Bulletin: IBM DataPower Gateway affected by multiple CVEs in OS kernel

Summary The following CVEs in the OS kernel may affect IBM DataPower Gateway Vulnerability Details CVEID:CVE-2023-52458 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add...

SinoTrack GPS Receiver

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access device profiles for which they are not authorized through the common web management interface. Access to the device profile may allow an attacker to perform some remote functions on connected...