Coze Studio 安全漏洞

Coze Studio is an AI Agent visualization and development platform open-sourced by Coze Studio. A security vulnerability exists in Coze Studio 0.2.4 and earlier versions, which originates from the use of hard-coded encryption keys for the parameters AuthSecretKey/StateSecretKey/OAuthTokenSecretKey...

CVE-2025-9533

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed t...

Account takeover due to missing oauth audience verification in google sign in

Description The web application integrates Google OAuth for user authentication. Upon successful Google sign-in and user consent, the application receives a token from Google. This token is used by the web application to fetch user profile information such as email and name and complete the login...

PT-2025-34875 · Totolink · Totolink T10

Name of the Vulnerable Software and Affected Versions: TOTOLINK T10 version 4.1.8cu.5241 B20210927 Description: A vulnerability exists in TOTOLINK T10 version 4.1.8cu.5241 B20210927 related to improper authentication. The issue is located in the /formLoginAuth.htm file and involves the manipulati...

Linux Distros Unpatched Vulnerability : CVE-2023-39364

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2022-48547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in...

Linux Distros Unpatched Vulnerability : CVE-2020-5202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program...

CVE-2025-0086

In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-0086

Technical details such as affected products, versions, root cause, or remediation for CVE-2025-0086 are not publicly provided in the connected documents. Monitor for updates.

MAL-2025-41885 Malicious code in @espace-client-axafr/redux-ajax-auth (npm)

The package communicates with a domain associated with malicious activity...

Linux Distros Unpatched Vulnerability : CVE-2015-6816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ganglia-web before 3.7.1 allows remote attackers to bypass authentication. CVE-2015-6816 Note that Nessus relies on the presence of the package as reported by t...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a missing check in the AuthRequestRepository, which is exploitable via the "select account" page. An attacker can determine whether specific userIDs exist by observing responses to...

VulnCheck KEV: CVE-2024-45891

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletewlanprofile...

nginx 0.7.22 < 1.29.1 Information Disclosure

According to its Sever response header, the installed version of nginx is 0.7.22 prior to 1.29.1. It is, therefore, affected by the following issue : - NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SM...

MAL-2025-41354 Malicious code in @navify-platform/auth (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Malicious code in @navify-platform/auth (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks

Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows - CVE-2025-57788 CVSS score: 6.9 - A vulnerability in a know...

CVE-2025-9297

A vulnerability was detected in Tenda i22 1.0.0.34687. This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be...

PT-2025-34279 · Esri · Esri Portal For Arcgis Enterprise Sites

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 through 11.4 Description: A stored Cross-site Scripting issue exists in Esri Portal for ArcGIS Enterprise Sites that may allow a remote, authenticated attacker to inject a malicious file...

TOTOLINK A7000R Certification Bypass Vulnerability

TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A7000R suffers from an authentication bypass vulnerability that stems from formLoginAuth.htm not properly validating a login request, which can be exploited by an attacker to bypass authentication, tamper wi...