212 matches found
EUVD-2024-26201
Malicious code in bioql PyPI...
EUVD-2024-54654
Malicious code in bioql PyPI...
CVE-2025-38608
In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpfmsgpopdata in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket policy, w...
CVE-2025-38608
The CVE-2025-38608 issue is a Linux kernel vulnerability in bpf/ktls that can cause data corruption by failing to recalculate ciphertext length after plaintext length reduction via socket policy, resulting in uninitialized data being transmitted in TLS records. The impact is network-layer data in...
CVE-2025-6249
An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data...
CVE-2025-6249
An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data...
CVE-2025-6249
CVE-2025-6249 affects the FileZ client application. The connected sources describe an authentication bypass vulnerability that could allow a local attacker with elevated permissions to access application data. The issue targets the FileZ client, with root cause aligned to bypassing authentication...
CVE-2025-6249
An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data...
PT-2025-29961 · Filez · Filez
Name of the Vulnerable Software and Affected Versions: FileZ client application affected versions not specified Description: An authentication bypass exists in the FileZ client application. A local attacker with elevated permissions may gain access to application data. Recommendations: At the...
CVE-2025-45081
Misconfigured settings in IITB SSO v1.1.0 allow attackers to access sensitive application data...
CVE-2025-45081
CVE-2025-45081 concerns IITB SSO v1.1.0, where misconfigured settings allow attackers to access sensitive application data. The available connected sources confirm the issue is tied to IITB SSO 1.1.0 and a configuration flaw rather than a code defect, with CVSS v3.1 base score 8.8 (HIGH) and an a...
MAL-2025-5322 Malicious code in application-data (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db3bf4666074d14ba6a27a4c7851e0abdd35a89b6c5f9833996d9d8b774fd2e3 Any computer that has this package installed or running should be considered...
CVE-2024-50406
A cross-site scripting XSS vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version:...
CVE-2024-50406 License Center
A cross-site scripting XSS vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version:...
CVE-2024-50406 License Center
A cross-site scripting XSS vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version:...
CVE-2024-48867
An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following version...
CVE-2023-27893
An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...
CVE-2023-20039
A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the...
CVE-2021-26996
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks...
CVE-2021-26753
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...