CVE-2025-41118

Pyroscope (open-source continuous profiling DB) is affected when configured to use Tencent COS as the storage backend. The issue allows extraction of the secret_key configuration value from the Pyroscope API due to missing type protection, potentially exposing sensitive credentials to an attacker...

CVE-2025-46737

SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing CORS configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources...

PT-2024-38894 · Teltonika Networks · Tswos +1

Name of the Vulnerable Software and Affected Versions: Teltonika Networks RUTOS versions 7.0 through 7.7 Teltonika Networks TSWOS versions 1.0 through 1.2 Description: A vulnerability exists due to incorrect permission handling, allowing a lower privileged user with default permissions to access...

UBUNTU-CVE-2023-41321

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...