SpinetiX Fusion Digital Signage 安全漏洞

SpinetiX Fusion Digital Signage is a digital signage software from SpinetiX Switzerland. A security vulnerability exists in SpinetiX Fusion Digital Signage version 3.4.8, which originates from the presence of a username enumeration in the login script, which could lead to the disclosure of accoun...

Grav Path Traversal Vulnerability (CNVD-2025-30350)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a path traversal vulnerability that can be exploited by a low-privileged user to read server files, which can be exploited by an attacke...

Grav 路径遍历漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a path traversal vulnerability that can be exploited by a low-privileged user to read server files, which can be exploited by an attacke...

Security Bulletin: Astronomer with IBM is vulnerable to several issues due to open source packages

Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2005-2541 DESCRIPTION: Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gai...

IOFIT AG Life Logger Android App 安全漏洞

IOFIT AG Life Logger Android App is a sports app from IOFIT Japan. A security vulnerability exists in IOFIT AG Life Logger Android App v1.0.2.72 and earlier versions, which stems from improper access control and a predictable CAPTCHA, and could lead to account disclosure and misuse of cloud...

EUVD-2012-4516

Malware in sbrugna...

EUVD-2021-3216

Malicious code in bioql PyPI...

CVE-2025-40838

CVE-2025-40838 affects Ericsson Indoor Connect 8855. The vulnerability arises from a client-side bypass of server-side security, potentially allowing unauthorized disclosure of information. CVSSv3.1 metrics indicate Network access, Low attack complexity, Privileges None, UI None, with Confidentia...

CVE-2025-40838 Ericsson Indoor Connect 8855 - Insufficiently Protected Credentials Vulnerability

Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information...

Linux Distros Unpatched Vulnerability : CVE-2007-2243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to...

CVE-2022-20294

In Content, there is a possible way to learn about an account present on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android...

CVE-2022-20270

In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID...

SAR-AutoDeploy-Layer 安全漏洞

SAR-AutoDeploy-Layer is a Lumigo open source SAR application used to automate the deployment of a Lambda layer to a region for all functions. A security vulnerability exists in SAR-AutoDeploy-Layer v1.2.0 that stems from improper permissions and could lead to elevated privileges and customer clou...

SAR-measure-cold-start 安全漏洞

SAR-measure-cold-start is an AWS Step Functions state machine open-sourced by Lumigo that helps measure the initialization time of Lambda functions. A security vulnerability exists in SAR-measure-cold-start v1.4.1, which stems from improper permissions and could lead to elevation of privilege and...

Black Duck Coverity 跨站脚本漏洞

Black Duck Coverity is a comprehensive static code analysis and software security tool from Black Duck, Inc. It is used to find and fix vulnerabilities, defects and security risks in software. A cross-site scripting vulnerability exists in versions prior to Black Duck Coverity 2024.9.0, which...

Vasion Print 访问控制错误漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print versions prior to 22.0.913 and Application 20.0.2253, which stems from a risk of user account information disclosure...

SerComm Network Device Backdoor Detection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SerComm Network Device Backdoor Detection', 'Description' = %q This module can identify SerComm manufactured network devices which contain a...

HackerOne: inviting collaborator using email disclose the hackerone account related to the user

The new HackerOne collaborator feature allowed users to disclose the HackerOne account associated with an email address without the invitee's interaction...

chatwoot 安全漏洞

chatwoot is a software application. Customer Engagement Suite, an open source alternative to Intercom, Zendesk, Salesforce Service Cloud, and more. A security vulnerability exists in chatwoot that stems from for account generation, depending on the amount of available system resources, a DoS even...

PT-2022-14530 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue concerns a side channel information disclosure that could allow determination of a user's account, potentially leading to local information disclosure. This requires User execution privileges...