Netwrix Directory Manager 安全漏洞

Netwrix Directory Manager is a group and user management software from Netwrix. A security vulnerability exists in Netwrix Directory Manager versions prior to 11.1.25162.02 that stems from the vulnerability of authentication configuration data to cross-site scripting attacks...

CVE-2025-54395

Netwrix Directory Manager formerly Imanami GroupID 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data...

CVE-2025-54349

A flaw was found in iperf3. An off-by-one error in the iperfauth.c file leads to a heap-based buffer overflow, potentially allowing a network attacker to trigger an application-level denial of service. This overflow occurs during the processing of authentication data. The vulnerability can only b...

The vulnerability of the Universal Plug and Play (UPnP) service in Windows operating systems allows attackers to enhance their privileges.

The vulnerability of the Universal Plug and Play UPnP service in Windows operating systems is related to the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow a remote attacker to increase their privileges...

CVE-2025-49150

Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...

Credential Leakage

Requests is vulnerable to credential leakage. The vulnerability is due to a URL parsing issue that may expose .netrc credentials to third parties for specially crafted URLs, allowing attackers to exfiltrate sensitive authentication data...

Malicious Browser Extensions Infect Over 700 Users Across Latin America Since Early 2025

Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data. "Some of the phishing emails were sent from the servers of compromised...

CVE-2024-41290

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component...

CVE-2023-34339

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message...

CVE-2023-30846

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with...

CVE-2022-46316

A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability...

CVE-2021-27395

A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier All versions, SIMATIC Process Historian 2014 All versions SP3 Update 6, SIMATIC Process Historian 2019 All versions, SIMATIC Process Historian 2020 All versions. An interface in the software that is used for critica...

CVE-2019-17394

In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat...

CVE-2006-7199

EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle MITM attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is...

[SECURITY] [DLA 4175-1] mongo-c-driver security update

Debian LTS Advisory DLA-4175-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez May 20, 2025 https://wiki.debian.org/LTS Package : mongo-c-driver Version : 1.17.6-1+deb11u1 CVE ID : CVE-2021-32050 CVE-2023-0437 CVE-2024-6381 CVE-2024-6383 CVE-2025-0755 Multiple...

Debian dla-4175 : libbson-1.0-0 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4175 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4175-1 [email protected]...

i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key

Overview i-PRO Configuration Tool provided by i-PRO Co., Ltd. contains a vulnerability below. Use of hard-coded cryptographic key CWE-321 Diego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated. After the coordination was completed, i-PRO Co., Ltd...

i-PRO Surveillance Cameras和i-PRO Recorders 安全漏洞

i-PRO Surveillance Cameras and i-PRO Recorders are both products of i-PRO Japan. i-PRO Surveillance Cameras are a line of surveillance cameras. i-PRO Recorders are a line of video recorders. A security vulnerability exists in i-PRO Surveillance Cameras and i-PRO Recorders that stems from the use ...

The vulnerability of the UPnP Device Host operating system in Windows allows a hacker to increase their privileges.

The vulnerability of the UPnP Device Host operating system in Windows relates to the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow a remote attacker to increase their privileges...

CVE-2025-0539

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself...