EUVD-2025-208690

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

CVE-2025-11500 Credentials exposure in tinycontrol devices

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

CVE-2025-15587 Credentials exposure in tinycontrol devices

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

CVE-2025-15587

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

PT-2026-25662

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

CVE-2022-45368

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75...

WordPress plugin 1003 Mortgage Application 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

AZL-39785 CVE-2024-31852 affecting package rust for versions less than 1.75.0-9

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

Cryptocurrency losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed

By Waqas November 2023 has emerged as the most devastating year for crypto users and the most lucrative for cybercriminals and malicious hackers, as the majority of crypto hacks occurred during that month. This is a post from HackRead.com Read the original post: Cryptocurrency losses reach $1.75...

CVE-2022-45357

Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75...

PT-2023-14647 · Unknown · Lenderd 1003 Mortgage Application

Name of the Vulnerable Software and Affected Versions: Lenderd 1003 Mortgage Application versions 1.75 and earlier Description: The issue is related to the improper neutralization of formula elements in a CSV file, which affects the 1003 Mortgage Application. Recommendations: For versions 1.75 an...

SUSE CVE-2010-0012

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. dot dot in a pathname within a .torrent file...

WordPress 1003 Mortgage Application Plugin <= 1.75 is vulnerable to CSV Injection

Software 1003 Mortgage Application Type Plugin Vulnerable versions = 1.75 Fixed in 1.80 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-45357 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID aadde6bd0ebf Credits Rodrigo Escobar ipax Required privilege...

AZL-41051 CVE-2022-32213 affecting package rust for versions less than 1.75.0-1

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

GHSA-CCR8-4XR7-CGJ3 Sandbox bypass vulnerability in Jenkins Script Security Plugin

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...

AZL-41314 CVE-2022-0632 affecting package rust for versions less than 1.75.0-1

NULL Pointer Dereference in Homebrew mruby prior to 3.2...

Brazilian marketplace integrator Hariexpress exposed 1.75 billion records

By Waqas At the time of publishing this article, the data was still exposed and growing as there has been no response from Hariexpress. This is a post from HackRead.com Read the original post: Brazilian marketplace integrator Hariexpress exposed 1.75 billion records...

Buffalo broadband routers 安全漏洞

Buffalo Firmware is a networking device from Buffalo Japan. A security vulnerability exists in Buffalo broadband routers that originates from allowing an unauthenticated, remote attacker to gain access to information, such as configurations, via unspecified vectors. The following products and...

PT-2020-15508 · Jenkins · Warnings Plugin +4

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.74 and earlier Description: A sandbox bypass issue allows attackers with permission to define sandboxed scripts to execute arbitrary code on the Jenkins controller JVM. This is possible due to the...

Unsafe Dependency Resolution

Overview com.beust:jcommander is a Command line parsing framework for Java. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a malicious user could have...