CVE-2026-44857

CVE-2026-44857 describes a stack-based buffer overflow affecting several underlying management service components exposed via the CLI on the AOS-8 and AOS-10 operating systems. An authenticated administrator can exploit specially crafted requests to the affected services, potentially executing ar...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetSession function. An attacker can access sensitive SSH session data belonging to other tenants by providing a valid session UID and authenticating with any user account...

EUVD-2017-6970

Malware in sbrugna...

EUVD-2017-17859

Malware in sbrugna...

CVE-2025-8557

CVE-2025-8557 concerns Lenovo XClarity Orchestrator (LXCO). An attacker with access to a device on the local LXCO network segment can manipulate that device to create an alternate communication channel, enabling direct interaction with backend LXCO API services that are normally inaccessible to u...

Malicious code in api-services (npm)

The package api-services was found to contain malicious code...

MAL-2025-14645 Malicious code in api-services (npm)

The package api-services was found to contain malicious code...

Malicious code in rm-api-services (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea2d07f3cf2fca9f2d9c28bb289065312eb770f303ac487e0ffe75bba11604a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4533 Malicious code in rm-api-services (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea2d07f3cf2fca9f2d9c28bb289065312eb770f303ac487e0ffe75bba11604a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Red-Teaming Text-To-Image Systems by Rule-Based Preference Modeling

Text-to-image T2I models raise ethical and safety concerns due to their potential to generate inappropriate or harmful images. Evaluating these models' security through red-teaming is vital, yet white-box approaches are limited by their need for internal access, complicating their use with...

Microsoft Azure Subdomain Scanner / Enumerator Exploit

This is a Metasploit module for enumerating public Azure services by validating legitimate subdomains through various DNS record queries. This cloud reconnaissance module rapidly identifies API services, storage accounts, key vaults, databases, and more! Background: Microsoft makes use of a numbe...

Microsoft Azure Subdomain Scanner / Enumerator

Background: Microsoft makes use of a number of different domains and subdomains for each of their Azure services. From SQL databases to SharePoint drives, each service maps to its respective domain/subdomain, and with the proper toolset, these can be identified through DNS enumeration to yield...

CVE-2020-14388

A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission...

CVE-2019-5634

An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy BLE from the mobile application are logged in...

Design/Logic Flaw

An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy BLE from the mobile application are logged in...

CVE-2019-5634 Hickory Smart Lock Insecure Logging on Android

An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy BLE from the mobile application are logged in...

H8Mail v2.0 - Email OSINT And Password Breach Hunting

Powerful and user-friendly password finder. Use h8mail to find passwords through different breach and reconnaissance services, or using local breaches such as Troy Hunt's "Collection1" or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for reading from...

H8Mail - Email OSINT And Password Breach Hunting

Email OSINT and password finder. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for all those raw HTML files Small and fast Alpine Dockerfile available CLI or Bulk...

ThreatList: Microsoft IIS Sees Triple-Digit Spike in Cyberattack Volume

Internet Information Services IIS, an extensible web server originally created by Microsoft for use with the Windows NT family, saw a whopping 782x increase in cyberattacks during the second quarter, according to analysis. According to eSentire’s latest threat report based on data gathered from...

CVE-2017-15518

All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is...