CVE-2025-55169

WeGIA is vulnerable to a path traversal flaw in the html/socio/sistema/download_remessa.php endpoint prior to version 3.4.8 . The issue allows unauthorized access to local server files and exposes sensitive configuration data via config.php, which could reveal database credentials. The vulnerabil...

Autocaliweb 信息泄露漏洞

Autocaliweb is a web management platform by Phoenix Paulina Schmid Individual Developer. An information disclosure vulnerability exists in Autocaliweb versions prior to 0.8.3, which stems from a debug package that exposes sensitive configuration data, potentially leading to API key disclosure...

CVE-2025-54395

Netwrix Directory Manager formerly Imanami GroupID 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data...

CVE-2025-54395

Netwrix Directory Manager formerly Imanami GroupID 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data...

CVE-2025-47188

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient paramete...

CVE-2025-47188

CVE-2025-47188 describes a command-injection vulnerability in Mitel SIP Phones (6800, 6900, 6900w series) up to 6.4 SP4 (R6.4.0.4006) and the 6970 Conference Unit up to 6.4 SP4 or V1 R0.1.0.** The root cause is insufficient input sanitization, allowing an unauthenticated attacker to execute arbit...

PT-2025-31696 · Linksys · Linksys Routers

Name of the Vulnerable Software and Affected Versions: Linksys router versions 1.0.00, 1.0.04, and 1.0.05 Description: A directory traversal vulnerability exists in the web interface, specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next page POST parameter to acce...

PT-2025-49011

In pkvm guest relinquish to host of mem protect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

Headwind MDM 安全漏洞

Headwind MDM is a platform for managing Android devices in an organization. A security vulnerability exists in Headwind MDM versions prior to 5.33.1, which stems from configuration details being accessible to unauthorized users, potentially leading to password disclosure...

ABB RMC-100 (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthenticated access to the MQTT configuration data, cause a denial-of-service condition on the MQTT configuration web server REST interface, or decrypt encrypted MQTT broker credentials. 2...

CVE-2025-34031

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...

CVE-2025-34031

Summary: CVE-2025-34031 affects Moodle LMS Jmol Plugin, version 6.1 and earlier. The vulnerability is a local/file path traversal in the jsmol.php endpoint: user input is passed directly to file_get_contents(), enabling reading arbitrary files from the server when the parameter is crafted. No aut...

CVE-2025-25037

An information disclosure vulnerability exists in Aquatronica Controller System firmware versions = 5.1.6 and web interface versions = 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive configuration...

Information Disclosure Vulnerability in Various ABB Products (CNVD-2025-13425)

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

ConnectWise has disclosed that it's planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management RMM executables due to security concerns. The company said it's doing so "due to concerns raised by a...

CVE-2025-27817

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

CVE-2025-27817

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

CVE-2025-27817

CVE-2025-27817 : An arbitrary file read and SSRF flaw in the Apache Kafka Client (affecting Kafka Connect and related clients) allows untrusted configuration of SASL/OAUTHBEARER endpoint URLs to read local files or reach unintended URLs. Root cause: endpoints sasl.oauthbearer.token.endpoint.url a...

Malicious Package

Overview readmecolorama is a malicious package. This package contains payloads with Windows and Linux variants that access and exfiltrate sensitive configuration information, establish remote control / remote access for the attacker, establish persistence and “command and control” C2 mechanisms...