490 matches found
PT-2025-38596
Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951 Vasion Print Application versions prior to 20.0.2368 Description Vasion Print formerly PrinterLogic Virtual Appliance Host and Application contain an...
CVE-2025-34187
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...
CVE-2025-34187
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...
CVE-2025-34187
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...
CVE-2025-34187 Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...
CVE-2025-34187 Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...
CVE-2025-34187
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...
CVE-2025-34187
Ilevia EVE X1/X5 Server (versions ≤ 4.7.18.0.eden) is affected by multiple vulnerabilities. The primary CVE (CVE-2025-34187) stems from a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts; if these scripts are writable by web-facing users or reachable...
Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell
!/usr/bin/env python Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected version: = 4.7.18.0.eden Logic ver: 6.00 Summary: EVE is a smart home and building automation solution designed for both residential and commercial...
PT-2025-38077
Name of the Vulnerable Software and Affected Versions: Ilevia EVE X1/X5 Server versions prior to 4.7.18.0.eden Description: Ilevia EVE X1/X5 Server contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-faci...
Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell
Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...
📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell
Ilevia EVE X1/X5 Server version 4.7.18.0.eden reverse rootshell exploit. A misconfiguration in the sudoers file permits passwordless execution of specific Bash shell scripts via sudo, exposing a critical privilege escalation vulnerability. When such scripts are writable by a web-facing user...
What Is a Passkey? Here’s How to Set Up and Use Them (2025)
Passkeys were built to enable a password-free future. Here's what they are and how you can start using them...
PT-2025-33679 · Vaultls · Vaultls
Name of the Vulnerable Software and Affected Versions: VaulTLS versions prior to 0.9.1 Description: VaulTLS is a solution for managing mTLS mutual TLS certificates. User accounts created through the User web UI have an empty password set, allowing attackers to log in with a blank password...
CVE-2012-10040
Openfiler v2.x has a command-injection in the system.html page where the device parameter constructs a NetworkCard object and its constructor calls exec() with unsanitized input. An authenticated attacker can run arbitrary commands as the openfiler user; due to misconfigured sudoers, this user ca...
User-To-PC Authentication through Confirmation on Mobile Devices: on Usability and Performance
Protecting personal computers PCs from unauthorized access typically relies on password authentication, which is know to suffer from cognitive burden and weak credentials. As many users nowadays carry mobile devices with advanced security features throughout their day, there is an opportunity to...
SSH-Passkeys: Leveraging Web Authentication for Passwordless SSH
We propose a method for using Web Authentication APIs for SSH authentication, enabling passwordless remote server login with passkeys. These are credentials that are managed throughout the key lifecycle by an authenticator on behalf of the user and offer strong security guarantees. Passwords rema...
Meta Adds Passkey Login Support to Facebook for Android and iOS Users
Meta Platforms on Wednesday announced that it's adding support for passkeys, the next-generation password standard, on Facebook. "Passkeys are a new way to verify your identity and login to your account that's easier and more secure than traditional passwords," the tech giant said in a post...
CVE-2025-48936
Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the manipulation of the Forwarded or X-Forwarded-Host header in incoming requests. An attacker can capture the secret reset code and gain unauthorized access to the user's account by causing the system to generate a...