PT-2025-15082 · Unknown · Chainmaker

Name of the Vulnerable Software and Affected Versions: ChainMaker versions prior to 2.4.0 Description: The issue arises from concurrent writes to a map by logger.go when a node's configuration file is frequently updated and the node is restarted. This can lead to a read-write conflict, resulting ...

📄 Microchip TimeProvider 4100 Grandmaster 2.4.6 Command Injection

Microchip TimeProvider 4100 Grandmaster version 2.4.6 suffers from a remote command injection vulnerability. Exploit Title: Microchip TimeProvider 4100 Grandmaster Config File - Remote Code Execution RCE Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antoni...

Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection

Exploit Title: Microchip TimeProvider 4100 Configuration modules 2.4.6 - OS Command Injection Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero, Vito Pistillo, Davide Renna, Manuel Leone, Massimiliano Brolli Date of Disclosure: 27/06/2024 Date...

Cleartext Storage of Sensitive Information

Overview org.jenkins-ci.plugins:vmanager-plugin is a Jenkins plugin that Integrates Jenkins to Cadence vManager. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in job config.xml files on the Jenkins controller. An attacker can gain unauthorized acce...

Cleartext Storage of Sensitive Information

Overview org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin is an AsakusaSatellite Plugin. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in an unencrypted format within the config.xml files. An attacker can access these API keys by...

CVE-2025-2993

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14408. Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit...

CVE-2025-2993 Tenda FH1202 default.cfg access control

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14408. Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit...

Tenda FH1202 安全漏洞

The Tenda FH1202 is a wireless router manufactured by Tenda. An improper access control vulnerability exists in the Tenda FH1202. The vulnerability stems from improper access control due to manipulation of the parameter 'these' in the file /default.cfg. An attacker could exploit this vulnerabilit...

CVE-2025-2955

The CVE-2025-2955 entry concerns TOTOLINK A3000RU (up to 5.9c.5185) and a flaw in the IBMS Configuration File Handler, specifically in /cgi-bin/ExportIbmsConfig.sh. The root cause is improper access controls on the ExportIbmsConfig.sh endpoint, which can be triggered remotely. The issue is associ...

CVE-2025-2955 TOTOLINK A3000RU IBMS Configuration File ExportIbmsConfig.sh access control

A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.5185 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/ExportIbmsConfig.sh of the component IBMS Configuration File Handler. The manipulation leads to improper access controls. The attack can b...

CVE-2025-2955 TOTOLINK A3000RU IBMS Configuration File ExportIbmsConfig.sh access control

A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.5185 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/ExportIbmsConfig.sh of the component IBMS Configuration File Handler. The manipulation leads to improper access controls. The attack can b...

PT-2025-13627 · Totolink · Totolink A3000Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3000RU versions up to 5.9c.5185 Description: A vulnerability has been found in the IBMS Configuration File Handler component, affecting the /cgi-bin/ExportIbmsConfig.sh file. This issue leads to improper access controls and can be...

GPT Academic Path Traversal Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a path traversal vulnerability that can be exploited to cause an attacker to read a config.py file containing sensitive information...

CVE-2024-23942

A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS...

CVE-2024-23942 MB connect line: Configuration File on the client workstation is not encrypted

A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS...

CVE-2024-23942 MB connect line: Configuration File on the client workstation is not encrypted

A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS...

uberAgent service startup fails with error 13

uberAgent service is not running. Attempt to start the service fails. Error message: Windows could not start the uberAgent service on Local Computer.Error 13: The data is invalid. uberAgent log file located in C:\Windows\Temp default location shows the errors: 2025-03-17 10:23:55.706...

Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-1243)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's configuration file resolution mechanism. The vulnerability exists in the getconfigurationfile function, which uses the vulnerable regular expression pattern...

CVE-2023-45588

An external control of file name or path vulnerability CWE-73 in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process...