276 matches found
EUVD-2021-29530
Malicious code in bioql PyPI...
EUVD-2022-3630
Malicious code in bioql PyPI...
Improper Acess Control
mautic/core is vulnerable to improper access control. The vulnerability is due to insufficient restriction on configuration access, which allows an administrator to extract sensitive information such as database credentials...
DEBIAN-CVE-2025-54288
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...
UBUNTU-CVE-2025-54288
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...
CVE-2025-54288
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...
PT-2025-40331
Name of the Vulnerable Software and Affected Versions Canonical LXD versions 4.0 and above Description An information spoofing issue exists in the devLXD server component of Canonical LXD. Attackers with root privileges within a container can impersonate other containers and access their metadata...
CVE-2025-55747
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7...
CVE-2025-55748
Affected product : XWiki Platform. Vulnerability : path traversal through the jsx and sx endpoints that allows remote attackers to read configuration files. Root cause : improper access control enabling traversal to read files like WEB-INF/xwiki.cfg. Versions affected : 4.2-milestone-2 through 16...
PT-2025-34459 · Reolink · Reolink Smart 2K+ Plug-In Wi-Fi Video Doorbell
Name of the Vulnerable Software and Affected Versions: Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime version 3.0.0.4662 2503122283 Description: The device suffers from insecure permissions that allow attackers to arbitrarily change other users' passwords. This is achieved through...
Exploit for CVE-2025-8730
CVE-2025-8730 – Authentication Bypass in Belkin F9K1009/F9K10...
CVE-2025-25268 Unauthenticated Configuration Access via Exposed API Endpoint
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication...
PT-2025-27792 · Unknown · Flatboard Pro
Name of the Vulnerable Software and Affected Versions: Flatboard Pro versions prior to 3.2.2 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability due to the lack of proper validation of user input. This occurs through the footer text and announcement parameters in config.php...
PT-2025-26315 · Coros · Coros Pace 3
Name of the Vulnerable Software and Affected Versions: COROS PACE 3 versions 3.0808.0 and earlier Description: An issue was discovered that allows an attacker to connect to the device via Bluetooth Low Energy BLE if no other device is connected. Once connected, the attacker can access the device'...
CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...
CVE-2025-44043
Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery SSRF in /KeyotiSearchEngineWebCommon/SearchService.svc/GetResults and /KeyotiSearchEngineWebCommon/SearchService.svc/GetLocationAndContentCategories. An attacker can specify their own SMB server as the indexDirectory...
CVE-2024-46894
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured...
CVE-2024-35277
A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending...
CVE-2024-46462
By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZEDMAIL has to be modified to prevent this vulnerability...
CVE-2023-41967
Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue...