130 matches found
Lighthouse Studio < 9.16.14 Remote Code Execution
Lighthouse Studio version 9.16.3 and earlier is vulnerable to a remote code execution through the ciwweb.pl Perl web application. This vulnerability allows an attacker to execute arbitrary code on the server by sending a specially crafted request to the ciwweb.pl script. No source data...
CVE-2025-34300
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...
CVE-2025-34300
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...
CVE-2025-34300 Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...
CVE-2025-34300
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...
EUVD-2025-21694
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...
CVE-2025-34300 Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...
CVE-2025-34300
Sawtooth Software Lighthouse Studio
Sawtooth Lighthouse Studio 安全漏洞
Sawtooth Lighthouse Studio is a federated analytics platform from Sawtooth USA. A security vulnerability exists in Sawtooth Lighthouse Studio versions prior to 9.16.14 that stems from template injection and could lead to the execution of arbitrary commands...
Malicious code in ig-lighthouse-security-audits (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 226acd90be6fefc4cd12da9d6b73604ee919205ed49e1e44f5d336b5576c3717 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-576 Malicious code in ig-lighthouse-to-influxdb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92e8d076b669d18ea59535f03270a27adbfc6b0717789403453fabeb522b988b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-575 Malicious code in ig-lighthouse-security-audits (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 226acd90be6fefc4cd12da9d6b73604ee919205ed49e1e44f5d336b5576c3717 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ig-lighthouse-to-influxdb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92e8d076b669d18ea59535f03270a27adbfc6b0717789403453fabeb522b988b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
anaheimlighthouse.com Cross Site Scripting vulnerability OBB-3846806
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
borsh-schema-writer (=0.1.0), borsh-serde-adapter (=0.1.0) +7 more potentially affected by unknown CVE via borsh (>=0.10.2 <=0.10.3)
borsh CARGO version =0.10.2, =0.4.2, =0.4.1, =0.4.3 - pchain-world-state =0.4.2 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0033...
lighthouse-lc.de Cross Site Scripting vulnerability OBB-2312960
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Protect your business with Microsoft Security’s comprehensive protection
Securing an organization has never been simple. But over the past year, we’ve seen significant changes in the threat landscape that are having a major impact on organizations of every size in every sector. The frequency and sophistication of cyber events have increased significantly. We see...
Protect your business with Microsoft Security’s comprehensive protection
Securing an organization has never been simple. But over the past year, we’ve seen significant changes in the threat landscape that are having a major impact on organizations of every size in every sector. The frequency and sophistication of cyber events have increased significantly. We see...
How Microsoft Security empowers partners to build customer trust
As I reflect on my first year at Microsoft, it was both challenging and exceptional: from my remote onboarding in the middle of a pandemic to dramatic changes in the cyber landscape, to Microsoft’s critical role as a frontline responder in some of the most sophisticated cyberattacks in history an...
How Microsoft Security empowers partners to build customer trust
As I reflect on my first year at Microsoft, it was both challenging and exceptional: from my remote onboarding in the middle of a pandemic to dramatic changes in the cyber landscape, to Microsoft’s critical role as a frontline responder in some of the most sophisticated cyberattacks in history an...