EUVD-2025-30385

Malicious code in bioql PyPI...

EUVD-2025-28757

Malicious code in bioql PyPI...

EUVD-2025-28804

Malicious code in bioql PyPI...

CVE-2025-11130

Summary : CVE-2025-11130 affects iHongRen pptp-vpn on macOS, specifically the XPC Service component’s file HelpTool/HelperTool.m. The vulnerability resides in the function shouldAcceptNewConnection, which allows a local attacker to bypass authentication due to missing authentication checks. Publi...

CVE-2025-41715

The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it...

GO-2025-3965 Dragonfly doesn't have authentication enabled for some Manager’s endpoints in d7y.io/dragonfly

Dragonfly doesn't have authentication enabled for some Manager’s endpoints in d7y.io/dragonfly...

CVE-2025-10906

CVE-2025-10906 affects Magnetism Studios Endurance on macOS (versions up to 3.3.0). The vulnerability lies in the NSXPC Interface, specifically loadModuleNamed:WithReply in /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper, enabling local manipulati...

CVE-2025-10772

CVE-2025-10772 affects huggingface LeRobot up to 0.3.3. The vulnerability lies in the ZeroMQ Socket Handler’s lekiwi_remote.py, causing missing authentication and enabling local-network access within the affected component. Affected software is LeRobot (up to 0.3.3); the issue is triggered via th...

CVE-2025-10672

A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryHelper. The manipulation results in missing authentication. The attack requires a local approach...

Dragonfly doesn't have authentication enabled for some Manager’s endpoints

Impact The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can create, delete, and modify jobs, and create preheat jobs. An unauthenticated adversary with network access to a Manager web UI uses /api/v1/jobs...

CVE-2025-10016

The CVE-2025-10016 issue affects the Sparkle framework’s Autoupdate/Downloader.xpc mechanism. Reports in connected sources describe a local, unprivileged attacker who can exploit a race condition by connecting to the daemon as root to request installation of a crafted PKG, leading to local privil...

SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws

SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files. The vulnerabilities are listed below - CVE-2025-42944 CVSS score: 10.0 - A deserialization...

PT-2025-37054

Name of the Vulnerable Software and Affected Versions: RTSPtoWeb version 2.4.3 Description: An issue exists that allows a remote attacker to obtain sensitive information and execute arbitrary code due to a lack of authentication mechanisms. Recommendations: At the moment, there is no information...

SAP NetWeaver Application Server Java 访问控制错误漏洞

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. An Access Control Error vulnerability exists in SAP NetWeaver Application Server Java, which stems...

Mitsubishi Electric MELSEC iQ-F Series CPU Module

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read or write the device values of the product. In addition, the attacker may be able to stop the operation of the programs. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...

Ubiquiti UniFi Connect EV Station 安全漏洞

Ubiquiti UniFi Connect EV Station is an electric vehicle station from Ubiquiti USA. A security vulnerability exists in the Ubiquiti UniFi Connect EV Station version 1.5.18 and earlier, which stems from a lack of authentication for critical functions and could result in an unauthorized restoration...

CVE-2025-8610

AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific fla...

PT-2025-32330 · Burk Technology · Arc Solo

Name of the Vulnerable Software and Affected Versions: Burk Technology ARC Solo affected versions not specified Description: The password change mechanism in Burk Technology ARC Solo does not require proper authentication, potentially allowing an attacker to take over the device. A password chang...

CVE-2025-8279 Missing Authentication for Critical Function in GitLab Language Server

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...

The vulnerability of the JetBrains YouTrack project management and task management software, related to the lack of an authentication process that allows attackers to perform spear-phishing attacks.

The vulnerability of the JetBrains YouTrack project management and task management software is related to the absence of an authentication process. Exploiting this vulnerability allows a malicious actor to carry out spear-phishing attacks remotely...