CVE-2025-63314

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...

Cybersecurity in the Public Sector: Challenges, Strategies and Best Practices

Public sector cybersecurity faces outdated systems, budget gaps, and rising attacks. Learn key challenges, defense strategies, and proven best practices...

ethical-hacking-excersises

Exploitation Techniques – Course Exercises Repository Over...

CLSA-2026-1768211704 unbound: Fix of 2 CVEs

CVE-2023-50387: evaluate DNSSEC responses to prevent KeyTrap denial of service issue - CVE-2023-50868: fix Closest Encloser Proof aspect to prevent CPU consumption for SHA-1 computations in random subdomain attacks...

CVE-2025-69271

Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier...

CVE-2025-69272

Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier...

CVE-2025-69272 Spectrum password returned in clear

Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier...

CVE-2025-69272

CVE-2025-69272 : Cleartext Transmission of Sensitive Information in Broadcom DX NetOps Spectrum on Windows and Linux. Affects Spectrum versions 21.2.1 and earlier; enables sniffing attacks due to unencrypted transmission of sensitive data. Connected sources corroborate affected products/versions ...

CVE-2025-69271 Spectrum basic authentication in use

Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier...

CVE-2025-69271 Spectrum basic authentication in use

Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier...

DDSN Interactive Acora CMS 安全漏洞

DDSN Interactive Acora CMS is an enterprise web and mobile CMS from DDSN Interactive. A security vulnerability exists in DDSN Interactive Acora CMS version v10.7.1, which stems from the use of static tokens for the password reset feature, which could lead to account takeover via replay attacks...

PT-2026-2268

Name of the Vulnerable Software and Affected Versions D3D Wi-Fi Home Security System ZX-G12 version 2.1.1 Description The D3D Wi-Fi Home Security System ZX-G12 version 2.1.1 is susceptible to RF replay attacks on the 433 MHz sensor communication channel. The system lacks essential security measur...

PT-2026-2277

Name of the Vulnerable Software and Affected Versions DDSN Interactive Acora CMS version 10.7.1 Description A static password reset token used in the password reset function allows attackers to reset user passwords and take over accounts through replay attacks. The vulnerable function is the...

D3D ZX-G12 安全漏洞

D3D ZX-G12 is a multi-functional smart home security alarm system from D3D India. A security vulnerability exists in D3D ZX-G12 v2.1.1, which stems from the lack of rolling code and anti-replay protection in the 433 MHz sensor communication channel, which could lead to a replay attack triggering ...

CVE-2026-22603

CVE-2026-22603 affects OpenProject before version 16.6.2. The vulnerability is due to an unauthenticated password-change endpoint (/account/change_password) that lacked the same brute-force protections as the login form. An attacker who can guess or enumerate user IDs can send unlimited password-...

virtualenv -- CWE-59: Improper Link Resolution Before File Access ('Link Following')

https://github.com/pypa/virtualenv/security/advisories/GHSA-597g-3phw-6986 reports: virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attac...

CVE-2014-4306

Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. dot dot in the logfile parameter in a download action...

CVE-2023-25748

By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 111...

CVE-2023-29443

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...

CVE-2023-29534

Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected. This vulnerability affects...