📄 Extensis Portfolio Manager 4.0.1 Shell Upload

This Metasploit module exploits multiple vulnerabilities in Extensis Portfolio Server to achieve remote code execution. It leverages CVE-2022-24251 and related issues to upload a JSP webshell and execute arbitrary commands. Version 4.0.1 is affected...

EUVD-2009-4152

Malware in sbrugna...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to insufficient authentication checks in the client and server processes. An attacker can gain unauthorized access to sensitive data by establishing a connection without proper certificate validation or...

The vulnerability of the Mattermost instant messaging application, related to deficiencies in authentication procedures, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Mattermost instant messaging application is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities

AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted exploits, and business logic abuse have complicated matter...

The vulnerability of the software for configuring and setting up Universal Relay (UR) devices from GE Vernova Enervista UR Setup lies in the authentication procedures’ deficiencies, which allow attackers to influence the integrity of the protected information.

The vulnerability of the software for configuring and setting up devices of the Universal Relay UR series from GE Vernova Enervista UR Setup is related to deficiencies in the authentication process. Exploiting this vulnerability could allow attackers to compromise the integrity of the protected...

Vulnerabilities of operating systems visionOS, iOS, iPadOS, tvOS, and macOS, related to deficiencies in authentication mechanisms, allow attackers to circumvent existing security restrictions.

The vulnerability of the visionOS operating system is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows an attacker to circumvent existing security restrictions...

The vulnerability of the ViewState mechanism of the ConnectWise ScreenConnect remote access software allows a perpetrator to execute arbitrary code.

The vulnerability of the ViewState mechanism of the ConnectWise ScreenConnect remote access software lies in the deficiencies of the authentication process. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted ViewState request...

The vulnerability of the Multi-Factor Authentication component in the virtual learning environment Moodle allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Multi-Factor Authentication component in the virtual learning environment Moodle is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the SAP NetWeaver Application Server ABAP software integration platform, related to deficiencies in the authentication process, allows attackers to compromise the confidentiality of protected information.

The vulnerability of the SAP NetWeaver Application Server ABAP software integration platform is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to compromise the confidentiality of the protected information...

The vulnerability of the PowerScale OneFS operating system, related to deficiencies in authentication procedures, allows a perpetrator to gain access to user accounts.

The vulnerability of the PowerScale OneFS operating system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain access to the user account...

CVE-2025-29809 Windows Kerberos Security Feature Bypass Vulnerability

...

The vulnerability of the Process Chains component of the SAP Business Warehouse system allows attackers to compromise the integrity of the protected information.

The vulnerability of the Process Chains component in the SAP Business Warehouse data management and analytics system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the protected information...

The vulnerability of the CLI component of the FortiSandbox threat detection and mitigation system allows a perpetrator to elevate their privileges.

The vulnerability of the CLI component of the FortiSandbox threat detection and mitigation system is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of the USB Restricted Mode function in iOS and iPadOS operating systems allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the USB Restricted Mode function in iOS and iPadOS operating systems is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to gain unauthorized access to devices...

The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to read data or modify data.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain read access to data or modify data using network packets...

The vulnerability of the check_access() function in the system for launching and managing large language multimodal systems (LoLLMS) allows a perpetrator to gain access to read, modify, or delete data, or to cause service failures.

The vulnerability of the checkaccess function in the system for launching and managing large language multimodal systems LoLLMS is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data, or to cau...

Vulnerability of the Server component: Security: Privileges of the MySQL Server database management system, which allows attackers to gain unauthorized access to confidential information.

The vulnerability of the MySQL Server component’s Security: Privileges section is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker to gain unauthorized access to confidential information...

The vulnerability of the Web Services component of the Oracle Hyperion Data Relationship Management data management application allows a perpetrator to gain full control over the application.

The vulnerability of the Web Services component of the Oracle Hyperion Data Relationship Management data management application relates to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the...

The vulnerabilities of the components of the Oracle Java SE software platform, including Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition, allow attackers to gain unauthorized access to protected information and to modify, add, or delete data.

The vulnerabilities of the Oracle Java SE software platform’s components, as well as the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, are related to deficiencies in the authentication mechanism. Exploiting these vulnerabilities can allow an attacker to gain...