4648 matches found
Rails Config File Detected
A Ruby on Rails configuration file have been detected on the target web application. These files may contain sensitive information which could assist an attack to conduct further attacks. No source data...
CVE-2025-46328
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided...
CVE-2025-46327 Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux and...
CVE-2025-46326 Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file
snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Connector reads logging configuration from a user-provided...
CVE-2025-46326 Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file
snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Connector reads logging configuration from a user-provided...
PT-2025-18120 · Snowflake · Snowflake-Connector-Net
Name of the Vulnerable Software and Affected Versions: snowflake-connector-net versions 2.1.2 through 4.4.0 Description: The issue concerns a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the connector reads logging configuration from ...
CVE-2024-56518
Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document aka a client configuration file, which can be uploaded at the /cluster-connections URI...
CVE-2025-28031
TOTOLINK A810R V4.1.2cu.5182B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini...
CVE-2025-1732
An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable...
CVE-2025-25985
An issue in Macro-video Technologies Co.,Ltd V380E6C1 IP camera HwHsAKPIQpWFXHR 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/userinfo.ini components...
CVE-2024-56518
Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document aka a client configuration file, which can be uploaded at the /cluster-connections URI...
CVE-2024-56518
Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document aka a client configuration file, which can be uploaded at the /cluster-connections URI...
CVE-2024-56518
Hazelcast Management Center (up to version 6.0) is affected by CVE-2024-56518. The vulnerability arises from a JndiLoginModule configuration: an attacker can place a hazelcast-client XML document at the /cluster-connections endpoint containing user.provider.url, enabling remote code execution. Th...
IBM i 安全漏洞
IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i version 7.6 that stems from improper configuration file swapping, which could result in elevated privileges to root...
CVE-2024-56518
Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document aka a client configuration file, which can be uploaded at the /cluster-connections URI...
Hugging Face Transformers MobileViTV2 4.41.1 - Remote Code Execution (RCE)
Exploit Title: Hugging Face Transformers MobileViTV2 RCE Date: 29-11-2024 Exploit Author: The Kernel Panic Vendor Homepage: https://huggingface.co/ Software Link: https://github.com/huggingface/transformers/releases Version: 4.41.1 Tested on: Linux, Windows, Mac CVE : CVE-2024-11392 Code flow fro...
The vulnerability of the configuration file default.cfg of the Tenda F1202 router microprogramming system allows a hacker to gain unauthorized access to protected information.
The vulnerability of the configuration file default.cfg of the Tenda F1202 router microprogramming system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
CVE-2024-58133
In chainmaker-go aka ChainMaker before 2.4.0, when making frequent updates to a node's configuration file and restarting this node, concurrent writes by logger.go to a map are mishandled. Creating other logs simultaneously can lead to a read-write conflict and panic...
The vulnerability of the Jenkins automation server’s monitor-remote-job plugin, related to deficiencies in access control, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the Jenkins automation server’s “monitor-remote-job” plugin is related to deficiencies in access control, resulting from passwords being stored publicly in the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protecte...
CVE-2024-58133
CVE-2024-58133 affects chainmaker-go (ChainMaker) before version 2.4.0. The root cause is concurrent writes to a map performed by logger.go during frequent updates to a node’s configuration file and subsequent restart, which can cause a read-write conflict and panic. Public sources explicitly des...