CVE-2025-15065 Data Exposure in Kings Information & Network KESS Enterprise

Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service, Modify Shared...

CVE-2025-15065

CVE-2025-15065 affects Kings Information & Network Co. KESS Enterprise on Windows, with vulnerability in versions prior to 25.9.19.Exe. The issue involves exposure of sensitive information, missing encryption of sensitive data, and files/directories accessible to external parties, enabling local ...

EUVD-2025-205537

Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service, Modify Shared...

EUVD-2016-5979

Malware in sbrugna...

EUVD-2024-16728

Malicious code in bioql PyPI...

WordPress plugin Block For Mailchimp 代码问题漏洞

WordPress Block For Mailchimp plugin is a plugin designed for WordPress to integrate Mailchimp's email subscription feature into a website. The WordPress Block For Mailchimp plugin suffers from a server-side request forgery vulnerability that stems from the mcbSubmitFormData function not...

WordPress Broken Link Notifier plugin code issue vulnerability

WordPress Broken Link Notifier plugin is a plugin for monitoring broken links e.g. 404 errors, timeout links, etc. within a website. The WordPress Broken Link Notifier plugin suffers from a code issue vulnerability that stems from the server not implementing an adequate validation mechanism to...

CVE-2024-57677

An access control issue in the component form2Wan.cgi of D-Link 816A2FWv1.10CNB05R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request...

CVE-2023-38055

A BOLA vulnerability in GET, PUT, DELETE /services/serviceId allows a low privileged user to fetch, modify or delete the services of any user including admin. This results in unauthorized access and unauthorized data manipulation...

CVE-2024-52812 LF Edge eKuiper has Stored XSS in Rules Functionality

LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service e.g. kuiperUser role can inject a cross-site scripting payload into the rule id parameter. Then, after any user with access to this service e.g...

CVE-2024-52812

CVE-2024-52812 concerns LF Edge eKuiper, where versions prior to 2.0.8 are vulnerable to Stored XSS via the Rule ID parameter. A user with rights to modify the service (e.g., kuiperUser) can inject an XSS payload; when another user (e.g., admin) subsequently performs rule-related actions (update,...

CVE-2024-57676

CVE-2024-57676 affects D-Link DIR-816A2 with FW v1.10CNB05_R1B011D88210. The vulnerability is an access-control flaw in the form2WlanBasicSetup.cgi component, allowing unauthenticated attackers to via a crafted POST request enable/modify the 2.4 GHz and 5 GHz WLAN services. Connected sources conf...

CVE-2024-0949

CVE-2024-0949 affects Talya Informatics’ Elektraweb prior to 17.0.68. The issue is described as Missing Authentication and Use of Hard-coded Credentials that enables Authentication Bypass due to improper access control, potentially exposing files/directories externally and impacting confidentiali...

CVE-2023-37572

Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSFdiscovery service. The service executable could be changed or the service could be deleted...

CVE-2023-37572

Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSFdiscovery service. The service executable could be changed or the service could be deleted...

PT-2021-11165 · Red Hat · Red Hat 3Scale

Name of the Vulnerable Software and Affected Versions: Red Hat 3scale versions prior to 3scale-2.10.0-ER1 Description: A flaw was found in Red Hat 3scale’s API documentation URL, allowing access without credentials. This issue enables an attacker to view sensitive information or modify service...

Sierra Wireless AirLink ES450 Privilege Permission and Access Control Issues Vulnerability

The Sierra Wireless AirLink ES450 is a cellular network modem device from Sierra Wireless Canada. A security vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi function in the Sierra Wireless AirLink ES450 using firmware version 4.9.3. An attacker can exploit the vulnerability by sendi...

Windows Service Modification Service Stop (via Splunk): code 903

Binary data 710048.prm...

Linux Service Modification Service Start (via Splunk): dbus

Binary data 710038.prm...

Windows Service Modification Service Start (via Splunk): code 902

Binary data 710036.prm...