EUVD-2021-21227

Malware in sbrugna...

EUVD-2022-37722

Malicious code in bioql PyPI...

CVE-2025-48930

The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues...

CVE-2025-48930

CVE-2025-48930 concerns the TeleMessage service up to 2025-05-05. The issue is that the service stores certain data in memory in cleartext, and this memory content may be accessible to an adversary via various avenues. The primary concrete detail across connected sources is the in-memory storage ...

VulnCheck KEV: CVE-2025-48929

The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential e.g., not a token with a short expiration time that can be reused at a later date if discovered by an adversary...

AWS VDP: Non-Production API Endpoints for the Health Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The AWS Health service was found to have 11 non-production API endpoints that could be accessed using standard IAM credentials without logging to CloudTrail. This allowed for silent permission enumeration, where an adversary could test the capabilities of compromised credentials without generatin...

CVE-2023-40708 Improper Access Control in OPTO 22 SNAP PAC S1

The File Transfer Protocol FTP port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files...

CVE-2023-25134

McAfee Total Protection prior to 16.0.50 may allow an adversary with full administrative access to modify a McAfee specific Component Object Model COM in the Windows Registry. This can result in the loading of a malicious payload...

Mitigate the LastPass Attack Surface in Your Environment with this Free Tool

The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to s...

CVE-2022-34428

Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service...

CVE-2022-21689

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered b...

Design/Logic Flaw

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...

CVE-2020-27208

The CVE-2020-27208 issue affects SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token, where the flash read-out protection (RDP) level is not enforced during device initialization, enabling an attacker with physical access to downgrade RDP and read secrets (e.g., private ECC keys) from SRAM vi...

Gener8: Session not invalidated after password reset

After a user performed a password reset, all their active refresh tokens were not invalidated. This could allow an adversary with access to a valid refresh token to regain control of a victim's account, subsequent to a password reset being completed...

Authentication flaw

Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens AuthTokens used by the Trusted Execution Environment TEE are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE...

DDN SFA Default SSH Keys

DDN Default SSH Keys DDN SFA devices have default SSH keys in place Product: DDN SFA storage devices, all versions, all models Severity: High CVE Reference: NO CVE ASSIGNED - MWR ref: MWR-2016-0002 Type: Default Credentials Author: John Fitzpatrick Date: 2016-06-15 Description DDN controllers shi...