226 matches found
MAL-2025-111783 Malicious code in damp_spoonbill_coral-60 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b553fd7dab685bbe860784cb7a70e17623ebee04f9a85d0b2706c33572386fb7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-77505
Malicious code in supposedgerbilbronze-60 npm...
CVE-2025-41110
Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view all its data, as it runs on ROS 2 without default authentication. In addition, the attacker can connect via SSH and gain full...
CVE-2025-41110
Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view all its data, as it runs on ROS 2 without default authentication. In addition, the attacker can connect via SSH and gain full...
CVE-2025-41110
CVE-2025-41110 affects Ghost Robotics Vision 60, specifically APK v0.27.2. The issue arises from an authorization flaw in the ROS 2 stack, permitting connections to the robot’s WiFi and SSH without authentication. Consequences stated across sources include data exposure and full control of the ro...
CVE-2025-41108
The CVE describes Ghost Robotics Vision 60 (v0.27.2) as vulnerable due to a lack of encryption and authentication in its MAVLink-based communication protocol. This enables an external attacker to impersonate the control station and issue arbitrary commands to the robot, potentially gaining unauth...
Ghost Robotics Vision 60 授权问题漏洞
Ghost Robotics Vision 60 is a quadrupedal ground robot from Ghost Robotics, USA. Ghost Robotics Vision 60 version v0.27.2 suffers from an authorization issue vulnerability that stems from WiFi and SSH credential disclosure, which could lead to an attacker connecting to the robot's WiFi and SSH to...
EUVD-2005-0682
Malware in sbrugna...
EUVD-2019-4098
Malware in sbrugna...
CVE-2024-40116
An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files -- fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base...
APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign
The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That's according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google...
Adobe Illustrator < 26.5.2 / 27.0.0 < 27.0.1 Multiple Memory leak (APSB22-60) (macOS)
The version of Adobe Illustrator installed on the remote macOS host is prior to 26.5.2, 27.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB22-60 advisory. - Adobe Illustrator versions 26.5.1 and earlier, and 27.0 and earlier are affected by an out-of-bounds re...
CVE-2024-43814
The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information PLI updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated encryption before a mission may accidentally...
APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor
A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace. The activity has been attributed to a threat actor dubbed APT-C-60, according to cybersecuri...
PT-2024-28786 · Sl 500 +2 · Sl 500 +2
Name of the Vulnerable Software and Affected Versions: Solar-Log 1000 versions prior to 2.8.2 and build 52-23.04.2013 SL 200 versions prior to 3.0.0-60 SL 500 versions prior to 3.0.0-60 Description: The issue concerns the storage of plaintext passwords in certain files, specifically export.html,...
Microsoft’s March 2024 Patch Tuesday Addresses 60 Vulnerabilities
Summary: Microsofts March 2024 Patch Tuesday addresses 60 vulnerabilities, including two critical vulnerabilities, spanning various products like Office, Exchange Server, and Windows Kernel. Critical flaws in Windows Hyper-V CVE-2024-21407 and CVE-2024-21408 require immediate attention to mitigat...
Celebrating ten years of the Microsoft Bug Bounty program and more than $60M awarded
This year marks the tenth anniversary of the Microsoft Bug Bounty Program, an essential part of our proactive strategy to protect customers from security threats. Since its inception in 2013, Microsoft has awarded more than $60 million to thousands of security researchers from 70 countries. These...
Adobe InCopy < 18.5.1 / 18.0 < 19.0.0 Arbitrary code execution (APSB23-60)
The version of Adobe InCopy installed on the remote host is prior to 18.5.1, 19.0.0. It is, therefore, affected by a vulnerability as referenced in the APSB23-60 advisory. - Out-of-bounds Read CWE-125 potentially leading to Arbitrary code execution CVE-2023-26368 Note that Nessus has not tested f...
CVE-2023-1995
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before...
QNAP QTS / QuTS hero Vulnerability in QTS and QuTS hero (QSA-23-60)
The version of QNAP QTS / QuTS hero installed on the remote host is affected by a vulnerability as referenced in the QSA-23-60 advisory. An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local networ...