28675 matches found
CVE-2025-3784
CVE-2025-3784 affects Mitsubishi Electric GX Works2 (all versions) and is a vulnerability in cleartext storage of sensitive information where credentials are stored in plaintext in project files. This could allow an attacker with local access to disclose credentials and subsequently open protecte...
CVE-2025-3784 Information Disclosure Vulnerability in GX Works2
Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential...
CVE-2025-3784 Information Disclosure Vulnerability in GX Works2
Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential...
PT-2025-48290
Name of the Vulnerable Software and Affected Versions cups affected versions not specified Description A local denial-of-service condition exists due to issues with updating the cupsd.conf file. Recommendations At the moment, there is no information about a newer version that contains a fix for...
PT-2025-48232
Name of the Vulnerable Software and Affected Versions GX Works2 affected versions not specified Description A security issue exists in GX Works2 where sensitive credential information is stored in plaintext within project files. This allows an attacker to potentially disclose these credentials,...
PT-2025-48242
Name of the Vulnerable Software and Affected Versions EverShop version 2.0.1 Description An unauthenticated user can upload files and create directories using the /api/images endpoint. Recommendations Restrict access to the /api/images endpoint to authenticated users only...
EUVD-2025-199763
An unauthenticated administrative access vulnerability exists in the open-source HashTech project https://github.com/henzljw/hashtech 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 2021-07-02. Due to missing authentication checks on /adminindex.php, an attacker can directly access the...
CVE-2025-65276
An unauthenticated administrative access vulnerability exists in the open-source HashTech project https://github.com/henzljw/hashtech 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 2021-07-02. Due to missing authentication checks on /adminindex.php, an attacker can directly access the...
CVE-2025-65276
An unauthenticated administrative access vulnerability exists in the open-source HashTech project https://github.com/henzljw/hashtech 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 2021-07-02. Due to missing authentication checks on /adminindex.php, an attacker can directly access the...
CVE-2025-58360
creationtimestamp| type| source ---|---|--- 2025-11-26 18:02:43+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/60873 2025-11-26 21:00:05+00:00| published-proof-of-concept| Telegram/EQSEx6hVvMlnJ1ky7huxK4eSzyICfuehitJwgPSzGmUZN8M 2025-11-27 05:09:25+00:00| confirmed|...
curl: Infinite loop issue in the state machine of the curl project
Summary: Vulnerability impact: When curl attempts to download files from a malicious FTP server, it triggers an infinite loop in the code execution. I discovered this issue in the FTP functionality of the curl project .As described in...
CVE-2025-64067
Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data e.g., user profiles, project records fail to implement sufficient server-side validation to confirm that the requesting user is authorized to access the requested object or dataset. This...
CVE-2025-65276
An unauthenticated administrative access vulnerability exists in the open-source HashTech project https://github.com/henzljw/hashtech 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 2021-07-02. Due to missing authentication checks on /adminindex.php, an attacker can directly access the...
CVE-2025-65276
An unauthenticated administrative access vulnerability exists in the open-source HashTech project https://github.com/henzljw/hashtech 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 2021-07-02. Due to missing authentication checks on /adminindex.php, an attacker can directly access the...
PT-2025-48184
Name of the Vulnerable Software and Affected Versions HashTech versions 1.0 through commit 5919decaff2681dc250e934814fc3a35f6093ee5 Description A missing authentication check on the /admin index.php endpoint allows an attacker to access the administrative dashboard without valid credentials. This...
EUVD-2025-199636
Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data e.g., user profiles, project records fail to implement sufficient server-side validation to confirm that the requesting user is authorized to access the requested object or dataset. This...
CVE-2025-64067
Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data e.g., user profiles, project records fail to implement sufficient server-side validation to confirm that the requesting user is authorized to access the requested object or dataset. This...
GO-2025-4138 esm.sh CDN service has arbitrary file write via tarslip in github.com/esm-dev/esm.sh
esm.sh CDN service has arbitrary file write via tarslip in github.com/esm-dev/esm.sh...
EUVD-2025-199346
Malicious code in @accordproject/concerto-types npm...
EUVD-2025-199349
Malicious code in @accordproject/concerto-linter npm...