UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud

Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in search engine optimization SEO fraud and theft of high-value credentials, configuration files, and certificate data. Cisco's file census and DNS analysis show affected Internet Information Servic...

Quality Open Software Logback 安全漏洞

Quality Open Software Logback is a logging framework for Java applications from Quality Open Software, Switzerland. A security vulnerability exists in Quality Open Software Logback version 1.5.18 and earlier, which stems from improper handling of conditional configuration files and could lead to...

CVE-2025-34234

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain two hardcoded private keys that are shipped in the application containers printerlogic/pi, printerlogic/printer-admin-api, and printercloud/pi...

CVE-2025-34216

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 VA deployments only expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text passwords. The same endpoints also disclose the...

CVE-2025-34216

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 VA deployments only expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text passwords. The same endpoints also disclose the...

CVE-2025-34216

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1026 and Application prior to 20.0.2702 expose unauthenticated REST endpoints that return configuration files and clear-text passwords, and disclose the Laravel APP_KEY. Without the APP_KEY, crafted requests cannot be signe...

CVE-2025-34216 Vasion Print (formerly PrinterLogic) RCE and Password Leaks via API

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 VA deployments only expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text passwords. The same endpoints also disclose the...

CVE-2025-34216

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 VA deployments only expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text passwords. The same endpoints also disclose the...

CVE-2025-34196

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 Windows client deployments contain a hardcoded private key for the PrinterLogic Certificate Authority CA and a hardcoded password in product configuration files. The Windows...

CVE-2025-34196

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 Windows client deployments contain a hardcoded private key for the PrinterLogic Certificate Authority CA and a hardcoded password in product configuration files. The Windows...

CVE-2025-34196

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 Windows client deployments contain a hardcoded private key for the PrinterLogic Certificate Authority CA and a hardcoded password in product configuration files. The Windows...

CVE-2025-34196 Vasion Print (formerly PrinterLogic) Hardcoded PrinterLogic CA Private Key and Hardcoded Password

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 Windows client deployments contain a hardcoded private key for the PrinterLogic Certificate Authority CA and a hardcoded password in product configuration files. The Windows...

CVE-2025-34196

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 contain a hardcoded private key for the PrinterLogic CA and a hardcoded password in configuration files. The Windows client ships the CA certificate and private key (and other...

Vasion Print Virtual Appliance Host 安全漏洞

Vasion Print Virtual Appliance Host is a print management software from Vasion USA. A security vulnerability exists in Vasion Print Virtual Appliance Host versions prior to 22.0.1026 that originates from an unauthenticated REST API endpoint exposing configuration files and plaintext passwords,...

PT-2025-39867

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 Vasion Print Application versions prior to 25.1.1413 Description The Vasion Print Virtual Appliance Host and Application contain a hardcoded private key for t...

PT-2025-39883

Name of the Vulnerable Software and Affected Versions Vasion Print versions prior to 22.0.1026 Vasion Print Application versions prior to 20.0.2702 Description Vasion Print formerly PrinterLogic Virtual Appliance Host and Application deployments expose unauthenticated REST API endpoints. These...

Exploit for CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...

CVE-2025-10957

This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP connection using default credentials, potentially gaining unauthorized access to configuration files,...

CVE-2025-36857

Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom...

CVE-2025-36857 Rapid7 Appspider Broken Access Control Vulnerability

Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom...