SAP BusinessObjects BI Platform 安全漏洞

SAP BusinessObjects BI Platform is a centralized suite provided by German company SAP for data reporting, visualization, and sharing. There is a security vulnerability in the SAP BusinessObjects BI Platform, which can exploit a specially crafted network request to compromise authentication...

CVE-2021-47740

CVE-2021-47740 affects KZTech JT3500V 4G LTE CPE 2.0.1. The issue is a session management vulnerability where the device accepts and reuses old session credentials without proper expiration, due to weak session handling. Impact stated in sources includes unauthorized access and potential compromi...

EUVD-2018-4306

Malware in sbrugna...

EUVD-2025-10493

Malicious code in bioql PyPI...

EUVD-2024-44950

Malicious code in bioql PyPI...

CVE-2025-0539

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself...

CVE-2025-0539

CVE-2025-0539 affects Octopus Deploy on Windows where the server can be coerced into issuing server-side requests that include authentication material. The underlying impact is that a suitably positioned attacker could compromise the account running the Octopus Server and potentially affect the h...

CVE-2025-0539

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself...

PT-2025-15911 · Octopus Deploy · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows an attacker to coerce the server into sending server-side requests that contain authentication material, potentially compromising the account running Octopus Server...

CVE-2025-26401

Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker...

BIT-NGINX-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

CVE-2023-6483 Improper Authentication Vulnerability in ADiTaaS

The vulnerability exists in ADiTaaS Allied Digital Integrated Tool-as-a-Service version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable...

D-Link DAP-2622 DDP Get SSID List WPA PSK Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of...

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

Design/Logic Flaw

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

Simple Online Men's Salon Management System 1.0 SQL Injection

MSMS Vendor Description The password parameter on MSMS 1.0 appears to be vulnerable to SQL injection attacks. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve all authentication and information abo...

Kenny2github ScratchOAuth2 安全漏洞

Kenny2github ScratchOAuth2 is a Kenny2github open source application. Verify that a Scratch account is authentic for authorization or identification purposes. ScratchOAuth2 There is a security vulnerability , the vulnerability stems from any user can access and modify the data related to...

Remote code execution

A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticate...

Session fixation

Protection Mechanism Failure in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack...

CVE-2018-12332

Incomplete Cleanup vulnerability in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset...