2319 matches found
XStream 1.4.18 - Remote Code Execution
XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...
Important: Red Hat Security Advisory: General availability of the satellite/iop-advisor-backend-rhel9 container image
A new satellite/iop-advisor-backend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services,...
Model Context Protocol Threat Modeling and Analyzing Vulnerabilities to Prompt Injection with Tool Poisoning
The Model Context Protocol MCP has rapidly emerged as a universal standard for connecting AI assistants to external tools and data sources. While MCP simplifies integration between AI applications and various services, it introduces significant security vulnerabilities, particularly on the client...
session-hijacking-practicals
session-hijacking-practicals Sess...
Johnson Controls PowerG, IQPanel and IQHub (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read or write encrypted traffic or perform a replay attack. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
EUVD-2021-19370
Malware in sbrugna...
EUVD-2021-19367
Malware in sbrugna...
EUVD-2021-19366
Malware in sbrugna...
EUVD-2020-29124
Malware in sbrugna...
EUVD-2023-2058
Malicious code in bioql PyPI...
EUVD-2024-36866
Malicious code in bioql PyPI...
EUVD-2022-6017
Malicious code in bioql PyPI...
EUVD-2023-28498
Malicious code in bioql PyPI...
EUVD-2025-10668
Malicious code in bioql PyPI...
PT-2025-32299 · Unknown · Hospital Management System
Name of the Vulnerable Software and Affected Versions: Hospital Management System version 4 Description: The Hospital Management System is susceptible to a SQL injection issue through the app contact parameter in the appsearch.php file. Recommendations: As a temporary workaround, consider...
PT-2025-32219 · Unknown · Vedo Suite
Name of the Vulnerable Software and Affected Versions: Vedo Suite version 2024.17 Description: The application stores credentials in clear-text within the /api vedo/configuration/config.yml file. This file contains sensitive information, including credentials, secret keys, and database informatio...
PT-2025-32221 · Unknown · Vedo Suite
Name of the Vulnerable Software and Affected Versions: Vedo Suite version 2024.17 Description: A local file inclusion vulnerability exists in Vedo Suite version 2024.17. This issue allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized readfile...
PT-2025-32198 · Marbella · Marbella Kr8S Dashcam Ff
Name of the Vulnerable Software and Affected Versions: Marbella KR8s Dashcam FF version 2.0.8 Description: An issue exists on Marbella KR8s Dashcam FF 2.0.8 devices where video recordings, containing sensitive data such as routes, conversations, and footage, are accessible for download. This is...
PT-2025-31947 · Firstnum · Firstnum Jc21A-04
Name of the Vulnerable Software and Affected Versions: FIRSTNUM JC21A-04 devices versions through 2.01ME/FN Description: FIRSTNUM JC21A-04 devices enable the SSH service by default with the credentials root/admin. The graphical user interface GUI does not provide a method to disable this account...
PT-2025-32043 · Kenwood · Kenwood Dmx958Xr
Name of the Vulnerable Software and Affected Versions: Kenwood DMX958XR affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations. Authentication is not required for exploitation. The flaw resides in the firmwar...