CVE-2025-25985

An issue in Macro-video Technologies Co.,Ltd V380E6C1 IP camera HwHsAKPIQpWFXHR 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/userinfo.ini components...

CVE-2025-0632

Local File Inclusion LFI vulnerability in a Render function of Formulatrix Rock Maker Web RMW allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to...

CVE-2025-0632 Local File Inclusion (LFI) leading to sensitive data exposure

Local File Inclusion LFI vulnerability in a Render function of Formulatrix Rock Maker Web RMW allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to...

CVE-2025-25985

An issue in Macro-video Technologies Co.,Ltd V380E6C1 IP camera HwHsAKPIQpWFXHR 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/userinfo.ini components...

CVE-2025-25985

An issue in Macro-video Technologies Co.,Ltd V380E6C1 IP camera HwHsAKPIQpWFXHR 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/userinfo.ini components...

Security Bulletin: Vulnerabilities in Apache Solr (lucene) affect IBM Operations Analytics - Log Analysis (CVE-2025-24814, CVE-2024-52012)

Summary There are vulnerabilities in privilege escalation and arbitrary filepath write-access that affect Apache Solr used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2025-24814 DESCRIPTION: Core creation allows users to replace "trusted" configset files with...

CVE-2025-0124

An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include syste...

[SECURITY] Fedora 40 Update: augeas-1.14.2-0.4.20250324git4dffa3d.fc40

A library for programmatically editing configuration files. Augeas parses configuration files into a tree structure, which it exposes through its public API. Changes made through the API are written back to the initially read files. The transformation works very hard to preserve comments and...

PT-2025-15269 · Philips · Intellispace Portal

Name of the Vulnerable Software and Affected Versions: IntelliSpace Portal versions 12 and prior Description: The issue arises from the exploitation of port 755 through a deserialization vulnerability in the IntelliSpace portal application, which utilizes .NET Remoting for its functionality. The...

[SECURITY] Fedora 41 Update: corosync-3.1.9-2.fc41

This package contains the Corosync Cluster Engine Executive, several default APIs and libraries, default configuration files, and an init script...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to arbitrary code execution in Hugging Face Transformers [CVE-2024-11392, CVE-2024-11393, CVE-2024-11394]

Summary IBM Watson Speech Services Cartridge is vulnerable to arbitrary code execution in Hugging Face Transformers, caused by a flaw in the parsing of model files CVE-2024-11392, CVE-2024-11393, CVE-2024-11394. Hugging Face Transformers is used by our Speech runtimes. This vulnerabilitiy has bee...

GHSA-G65G-FMCP-4W68 Jenkins monitor-remote-job Plugin Stores Passwords Unencrypted

Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These passwords can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of publication of this...

CVE-2025-31725

Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-31727

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-31726

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-31727

CVE-2025-31727 affects the Jenkins AsakusaSatellite Plugin (versions 0.1.1 and earlier). The root cause is unencrypted storage of AsakusaSatellite API keys in job config.xml files on the Jenkins controller, which can be viewed by users with Item/Extended Read permission or access to the file syst...

[SECURITY] Fedora 41 Update: augeas-1.14.2-0.4.20250324git4dffa3d.fc41

A library for programmatically editing configuration files. Augeas parses configuration files into a tree structure, which it exposes through its public API. Changes made through the API are written back to the initially read files. The transformation works very hard to preserve comments and...

MeetMe 安全漏洞

MeetMe is a dating software from MeetMe, Inc. A security vulnerability exists in versions prior to MeetMe 2024-09, which stems from a call forwarding configuration module credential disclosure that could allow access to critical assets via configuration files...

container-tools:ol8 security update

aardvark-dns buildah cockpit-podman conmon containernetworking-plugins containers-common 1-82.0.1 - Updated removed references Orabug: 33473101 Alex Burmashev - Adjust registries.conf Nikita Gerasimov - remove references to RedHat registry Nikita Gerasimov 2:1-82 - update vendored components -...