W&B Weave Server - Remote Arbitrary File Leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...

CVE-2026-40619

A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of...

PT-2026-45778

A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of...

SimpleHelp Missing Authorization Vulnerability

SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...

Plain text pbe key visible in audit log during Brocade SANnav migration from 2.4.0a to 3.0.0 (CVE-2025-12679)

A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption PBE key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered duri...

CVE-2025-61939

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker...

EUVD-2010-0553

Malware in sbrugna...

EUVD-2005-2511

Malware in sbrugna...

EUVD-2025-21062

Malicious code in bioql PyPI...

EUVD-2025-21058

Malicious code in bioql PyPI...

EUVD-2024-1599

Malicious code in bioql PyPI...

EUVD-2025-21059

Malicious code in bioql PyPI...

EUVD-2023-32617

Malicious code in bioql PyPI...

The vulnerability in the FTP-server administrator web interface of Wing allows a hacker to increase their privileges.

The vulnerability in the FTP server administrator’s web interface of Wing is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

CVE-2025-6392

Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server...

CVE-2025-6390

Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the...

CVE-2025-6392

Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server...

CVE-2025-6390

CVE-2025-6390 affects Brocade SANnav versions prior to 2.4.0a. Under certain conditions, passwords and PBE keys are logged into the Brocade SANnav server audit logs, which are part of the local server VM audit logs and are not controlled by SANnav; these logs are only visible to the host server a...

CVE-2025-4662 Plaintext security passwords are logged in the audit logs while executing openssl cmd

Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs an...

CVE-2025-4662 Plaintext security passwords are logged in the audit logs while executing openssl cmd

Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs an...