CVE-2026-XIAOMI-SSRF-HostHeaderInjection

CVE-2026-XXXXX: Xiaomi Mi Router 4A Gigabit - SSRF via Host He...

ASB-A-251514170

In smpprocrand of smpact.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

4a-arreda.it Improper Access Control vulnerability OBB-3836594

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ASB-A-294854926

In multiple locations, there is a possible way to inject keystrokes due to improper input validation. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-46138

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

CVE-2023-46138 JumpServer default admin user email leak password reset

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

CVE-2023-46138

CVE-2023-46138 affects JumpServer prior to version 3.8.0, where the initial admin user used the default email domain [email protected]. Password resets occur via email, so if the domain mycompany.com is registered, this could affect password reset functionality. The issue is mitigated in versio...

CVE-2023-46138 JumpServer default admin user email leak password reset

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

Design/Logic Flaw

jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability,...

Command Execution Vulnerability in 4A Unified Security Control Platform of Beijing Qixingchen Information Security Technology Co.

Beijing Qixingchen Information Security Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the 4A Unified Security Control Platform of Beijing Qixingchen Information Security...

Veeam ONE XML External Entity Processing vulnerabilities

Challenge XML External Entity Processing vulnerabilities in Veeam ONE Reporter make possible to read arbitrary files without authentication. Severity : critical CVSS v3 score : 7.5 Cause Veeam ONE Reporter uses XML files for importing and exporting report templates. A remote attacker may send...

Veeam ONE Remote Code Execution Vulnerabilities

Challenge Vulnerabilities in Veeam ONE Agent components residing on Veeam ONE and Veeam Backup & Replication servers allow executing malicious code remotely without authentication. This may lead to gaining control over the target system. Severity : critical CVSS v3 score : 9.8 Cause Veeam ONE Age...

Release notes for Veeam Backup for Microsoft 365 4a

Challenge Release Notes for Veeam Backup for Microsoft 365 4a. Cause Please confirm you are running Veeam Backup for Microsoft 365 version 2.0, 3.0 or 4.0 prior to installing the new version 4a 4.0.0.1553. You can check the product version under Help About in the Veeam Backup for Microsoft 365...

Release Notes for Veeam ONE 9.5 Update 4a

Challenge Release Notes for Veeam ONE 9.5 Update 4a. Please confirm that you are running version 9.0 Update 1 build 9.0.0.2088 or later prior to installing this update. You can check this under Help | About in Veeam ONE console. After the successful upgrade, your build number will be 9.5.4.4587...

Rockwell Automation Kinetix 6000, 460VAC, IAM, 6kW PS, 4A/6A 2094-BC01-MP5

Binary data 753902.prm...

vCloud Director integration doesn't work in Veeam Availability Console 3.0

Challenge When creating a Reseller or a Company you cannot assign vCloud Director resources to it even though vCD has been added to the Cloud Connect server Cause Due to the discovered issue in Veeam Backup & Replication 9.5 Update 4 GA, vCloud objects are not properly collected by Availability...

Release Notes for Veeam Backup & Replication 9.5 Update 4a

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge Release Notes for Veeam Backup Replication 9.5 Update 4a Cause Please confirm that you are running version 9.0 Update 2 build 9.0.0.1715 or later prior to...

SureBackup performance impacted after installing Veeam Backup & Replication 9.5 Update 4

Challenge You may notice SureBackup job performance degaradation and higher space utilization after upgrading to Veeam Backup & Replication 9.5 U4 9.5.4.2615. Cause Upgrade to Veeam Backup & Replication 9.5 U4 has changed the default location for redo logs for verified VMs impacting original...

4a网络教学平台relatedMaterial.jsp resId参数SQL注入漏洞

4a网络教学平台relatedMaterial.jsp resId参数SQL注入漏洞 relatedMaterial.jsp中的resid参数存在注入 可以用sqlmap直接跑。 这个是正常的。 这个是不正常的。我也是醉了。...

BMW security vulnerability details: the ancient Bole to identify a good horse, today there are hackers escapement BMW-vulnerability warning-the black bar safety net

ADAC whole German automobile club want to in-depth understanding of embedded mobile network modem of the car to the manufacturer to send data. C't German computer technology magazine for the ADAC introduced a security expert. The expert in-depth analysis of the BMW ConnectedDrive system the data...