CVE-2025-36857 Rapid7 Appspider Broken Access Control Vulnerability

Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom...

CVE-2025-36857

CVE-2025-36857 — Rapid7 Appspider Pro versions prior to 7.5.021 suffer a broken access control in the configuration file loading mechanism. The issue allows a standard user to place custom configuration files in other users’ or projects’ directories, and since files are loaded in alphabetical ord...

CVE-2025-10957 Unrestricted FTP Access Vulnerability in Syrotech Router

This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP connection using default credentials, potentially gaining unauthorized access to configuration files,...

CVE-2025-10957 Unrestricted FTP Access Vulnerability in Syrotech Router

This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP connection using default credentials, potentially gaining unauthorized access to configuration files,...

PT-2025-39363

Name of the Vulnerable Software and Affected Versions Syrotech SY-GPON-2010-WADONT router affected versions not specified Description The Syrotech SY-GPON-2010-WADONT router contains a flaw related to improper access control within its FTP service. A remote attacker can connect via FTP using...

Applying Custom Settings to Veeam Software Appliance

Purpose This article documents the configuration files on the Veeam Software Appliance that correspond to registry locations in Windows used for custom settings in Veeam Backup & Replication. Custom registry-based settings for Veeam Backup & Replication on Windows can also be applied to the Veeam...

PT-2025-39395

Name of the Vulnerable Software and Affected Versions Rapid7 Appspider Pro versions prior to 7.5.021 Description The application has a broken access control issue in how it loads configuration files. Standard users can add custom configuration files, which are loaded alphabetically and can overri...

CVE-2025-0164

IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment...

CVE-2025-0164

IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment...

CVE-2025-0164 IBM QRadar SIEM information disclosure

IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment...

CVE-2025-0164

IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 contains a vulnerability caused by improper permission assignment on configuration files, which could allow a local privileged user to perform unauthorized actions. The flaw is documented under CVE-2025-0164 and is confirmed by IBM...

CVE-2025-0164 IBM QRadar SIEM information disclosure

IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment...

IBM QRadar SIEM 安全漏洞

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

pwntools

This is a CTF Capture The Flag framework and exploit development library. It is a Python library that provides a set of tools for developing exploits and performing penetration testing. The library is designed to be extensible and customizable, allowing users to easily add new features and plugin...

Security Bulletin: IBM QRadar SIEM is affected by by improper permission assignment (CVE-2025-0164)

Summary IBM QRadar SIEM is affected by improper permission assignment. Local privileged users may perform unauthorized actions on configuration files. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-0164 DESCRIPTION: IBM QRadar SIEM could allow a local...

[SECURITY] Fedora 41 Update: containers-common-0.64.2-1.fc41

This package contains common configuration files and documentation for contai ner tools ecosystem, such as Podman, Buildah and Skopeo. It is required because the most of configuration files and docs come from pro jects which are vendored into Podman, Buildah, Skopeo, etc. but they are not packag ...

CVE-2025-58373

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections could be bypassed using symlinks. This allows an attacker with write access to the workspace to trick the extension into reading files th...

CVE-2025-36100

IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local...

CVE-2025-36100

CVE-2025-36100 affects IBM MQ LTS and CD client components where enabling trace stores a password in client configuration files that a local user can read. The IBM bulletin details affected MQ LTS versions (9.1.0.0–9.1.0.29, 9.2.0.0–9.2.0.36, 9.3.0.0–9.3.0.30, 9.4.0.0–9.4.0.12) and MQ CD (9.3.0.0...

PT-2025-36405

Name of the Vulnerable Software and Affected Versions: IBM MQ LTS versions 9.1.0.0 through 9.1.0.29 IBM MQ LTS versions 9.2.0.0 through 9.2.0.36 IBM MQ LTS versions 9.3.0.0 through 9.3.0.30 IBM MQ LTS versions 9.4.0.0 through 9.4.0.12 IBM MQ CD versions 9.3.0.0 through 9.3.5.1 IBM MQ CD versions...