CVE-2025-43909

Dell PowerProtect Data Domain (DD OS) versions 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60 contain a vulnerability in the DD boost component due to use of a broken or risky cryptographic algorithm. An unauthenticated, remote attacker could exploit...

EUVD-2019-7798

Malware in sbrugna...

CVE-2023-21469

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action...

Siemens SICAM Q100/Q200

SUMMARY SICAM Q100 and Q200 devices are affected by two information disclosure vulnerabilities that could allow an authenticated local attacker to extract the SMTP account password and use the configured SMTP service for arbitrary purposes. Siemens has released new versions for the affected...

CVE-2025-6248

A cross-site scripting XSS vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page with specially crafted content...

MyBB 安全漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A security vulnerability exists in MyBB version 1.8.38, which stems from the mishandling of the Change...

Tabby 安全漏洞

Tabby Terminus is a highly configurable terminal emulator, SSH, and serial client for Windows 10, macOS, and Linux from the individual developer Eugene. A security vulnerability exists in Tabby version 1.0.213, which stems from a vulnerability that allows a remote attacker to obtain sensitive...

PT-2025-4192 · Dell · Dell Vxrail

Name of the Vulnerable Software and Affected Versions: Dell VxRail versions 7.0.000 through 7.0.532 Description: The issue concerns a plaintext storage of a password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information...

BURG-WCHTER KG de.burgwachter.keyapp.app 安全漏洞

BURG-WCHTER KG de.burgwachter.keyapp.app is a firmware program from BURG-WCHTER KG. A security vulnerability exists in BURG-WCHTER KG de.burgwachter.keyapp.app version 4.5.0, which originated from a problem, that could allow a remote attacker to obtain sensitive information through the firmware...

PT-2024-2730 · Atlassian +3 · Confluence Data Center/Server +6

Name of the Vulnerable Software and Affected Versions: Apache Commons Compress versions 1.3 through 1.25.0 Bamboo Data Center and Server versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 Confluence Data Center and Server version 7.14 Description: The issue is related to a Loop with Unreachabl...

CVE-2020-16849

An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information...

Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs

A data disclosure flaw was found in Ansible when using the Splunk and Sumologic modules, as they are not respecting when the flag nolog is enabled. This flaw can disclose and collect sensitive data from the system and expose it to an attacker...

WAGO Series PFC100 and WAGO Series PFC200 Improper Access Control Vulnerability

The WAGO Series PFC100 and WAGO Series PFC200 are programmable logic controllers from WAGO Germany. An improper access control vulnerability exists in the WAGO Series PFC100 and WAGO Series PFC200, which can be exploited by a remote attacker by sending a specially crafted HTTP request to determin...

WordPress ThemeMakers SmartIT Premium Responsive theme Information Disclosure Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.ThemeMakers SmartIT Premium Responsive theme is a responsive website theme plugin used in it. A security vulnerability exists in...

Hikvision camera has a logic flaw vulnerability

Hikvision is a video-centric IoT solution provider, offering integrated security, smart business and big data services. A logic flaw vulnerability exists in Hikvision cameras, which can be exploited by an attacker to access the API without entering a password check...

CVE-2016-5730

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving 1 an array value to FormDisplay.php, 2 incorrect data to validate.php, 3 unexpected data to Validator.php, 4 a missing config directory...

wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)

It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...

[theHarvester v2.2a] Tool for Gathering

theHarvester is a tool for gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in ord...

Microsoft IIS 4.0/5.0/6.0 - Internal IP Address/Internal Network Name Disclosure

source: https://www.securityfocus.com/bid/3159/info A vulnerability has been discovered in Microsoft IIS that may disclose the internal IP address or internal network name to remote attackers. This vulnerability can be exploited if an attacker connects to a host using HTTPS typically on port 443...