2855 matches found
CVE-2025-63739
An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint...
PT-2025-50098
Name of the Vulnerable Software and Affected Versions Xinhu Rainrock RockOA version 2.7.0 Description An issue exists in the phpinisaveAction function within the webmain/system/cogini/coginiAction.php file. This allows authenticated users to modify PHP configuration files through the a parameter ...
CVE-2025-64298
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...
ROS-20251203-05
A vulnerability in the Java library for handling Apache Commons Configuration files is related to the fact that, the application does not properly control internal resource consumption when loading a specially crafted configuration file. created configuration file. Exploitation of the vulnerabili...
EUVD-2025-200323
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...
CVE-2025-64298
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...
CVE-2025-64298
CVE-2025-64298 affects NMIS/BioDose V22.02 and earlier where embedded Microsoft SQL Server Express is used. The vulnerability arises from insecure Windows share directory paths by default, enabling local users on networked client workstations to access the SQL Server database and configuration fi...
CVE-2025-64298 Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...
PT-2025-48779
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...
CVE-2025-66265
The CVE-2025-66265 entry concerns MegaTec ClientMate’s CMService.exe that creates the C:\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This enables attackers to replace configuration files (e.g., snmp.conf) or hijack DLLs to escalate...
CVE-2025-34320
BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly validate or canonicalize input path segments. This allows unauthenticated directory traversal sequences to cause the server to read arbitrary system files accessible to the account running the service...
CVE-2025-33119
IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user...
CVE-2025-33119
CVE-2025-33119 affects IBM QRadar SIEM versions 7.5 through 7.5.0 UP14. The underlying issue is the improper storage of credentials in configuration files within source control, which an authenticated user can read, leading to potential credential disclosure. The CVSS base score is 6.5 (Medium) w...
CVE-2025-33119 IBM QRadar SIEM Information Disclosure
IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user...
Malicious code in teagood-cuekin74 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b348d730122e00dc6b39ebddd6f8e926d0912591d3c45d2623ddeea6fda003f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in test-schema-dione-leda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3af9e6c2b2b4d710d8a1f6df5d2630dad09faaf289798dc90e320c66da0f8106 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in indus-astro-materialize-miranda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8474eedfb266d52c3e1dfc1fb588e3b8fd8b8541a1b2a946c7249acdde5c6458 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
PT-2025-46718
Name of the Vulnerable Software and Affected Versions IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 Description IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 stores user credentials in configuration files within source control. An authenticated user can read these credentials. Recommendations...
Malicious code in lutfi-lodeh2-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71788aaeb5e3c3a4219aae73127b1f28fbf5033d771af9b311b19b282abeb131 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-111425 Malicious code in zain-mendut57-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d82825ffa318239d9ef93a73fc1fdd5d3fd7203b62e7a1461091be8439a96b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...