PT-2026-43534

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJL certification function. This makes it possible for unauthenticated attackers to update the plugin'...

Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening

Summary Eight independently-filed bug fixes in the v7.1.3 → v7.5.0 release window collectively close a set of multi-tenant isolation, access-control, and policy-enforcement defects in the AxonFlow platform. They are filed as a single consolidated advisory because the recommended remediation is a...

Windows Service for User (S4U) Scheduled Task Persistence - Logon Trigger

Creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires 'Logon as a batch job'...

Windows Service for User (S4U) Scheduled Task Persistence Logon Trigger

This Metasploit module creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires...

CVE-2025-40819

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications do not properly validate license restrictions against the database, allowing direct modification of the systemticketinfo table to bypass license limitations without proper enforcement...

Siemens SINEMA Remote Connect Server 安全漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens Germany. The platform is primarily used to remotely access, maintain, control and diagnose the underlying network. A security vulnerability exists in Siemens SINEMA Remote Connect Server versions prior to V3...

EUVD-2023-37235

Malicious code in bioql PyPI...

EUVD-2023-30949

Malicious code in bioql PyPI...

CVE-2023-33046

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation...

CVE-2022-43325

An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3. - 1.4. allows attackers to execute arbitrary commands via a crafted payload injected into the license input...

CVE-2023-33046

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation...

Memory corruption

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation...

CVE-2023-33046 Time-of-check Time-of-use (TOCTOU) Race Condition in Trusted Execution Environment

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation...

CVE-2023-33046 Time-of-check Time-of-use (TOCTOU) Race Condition in Trusted Execution Environment

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption in the Trusted Execution Environment when uninitializing an object used for license validation...

PT-2024-12383 · Qualcomm · Snapdragon +45

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption in the Trusted Execution Environment, specifically occurring when deinitializing an object used for license...

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

Hardcoded credentials

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

PT-2023-20985 · Xpand It · Xpand It Write-Back Manager

Name of the Vulnerable Software and Affected Versions: Xpand IT Write-back manager version 2.3.1 Description: The issue arises from the use of a hardcoded salt in the license class configuration, leading to the generation of hardcoded and predictable symmetric encryption keys for license generati...

Xpand IT Write-back manager Trust Management Issue Vulnerability

Xpand IT Write-back manager is an extension for Xpand IT. that allows users to enter data directly from Tableau dashboards into a database. A security vulnerability exists in Xpand IT Write-back manager version v2.3.1, which stems from the use of a hard-coded salt in the configuration of the...