Mozilla -- HTTP Basic Authentication credentials leak

[email protected] reports: The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials...

CVE-2025-34099

An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidialsalesviewer.php component when password encryption is enabled a non-default configuration. The application improperly passes the HTTP Basic Authentication password directly ...

CVE-2025-34099 VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password

An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidialsalesviewer.php component when password encryption is enabled a non-default configuration. The application improperly passes the HTTP Basic Authentication password directly ...

CVE-2025-34099

Affected software: VICIdial v2.9 RC1–2.13 RC1; component: vicidial_sales_viewer.php. Root cause: when password encryption is enabled (non-default), the HTTP Basic Authentication password is directly passed to exec(), enabling unauthenticated command injection. Impact: arbitrary OS command executi...

The Prompt as a Rulebook - Guiding LLM Agents Beyond Basic Instructions

...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of the BIOS version in the lpfc driver, which could lead to a buffer overflow...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention of a security measure - Execution of arbitrary code - Accessin...

SAP BusinessObjects Business Intelligence Platform 安全漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

CVE-2025-27358

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Code Injection.This issue affects Frontend File Manager: from n/a through = 23.6...

CVE-2025-27025

The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root...

CVE-2025-27358 WordPress Frontend File Manager plugin <= 23.6 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Code Injection.This issue affects Frontend File Manager: from n/a through = 23.6...

AlmaLinux 9 : php:8.2 (ALSA-2025:7432)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:7432 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decod...

CVE-2025-27025

The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root...

CVE-2025-27025 Improper File Access in Infinera G42

The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root...

CVE-2025-27025

CVE-2025-27025 affects Infinera G42 devices. A service on a TCP port with Basic Authentication allows PUT and GET; directory traversal can write files to arbitrary locations as root and read arbitrary files. This yields full filesystem access and modification. Exploitation status and patches are ...

CVE-2025-27025 Improper File Access in Infinera G42

The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root...

PT-2025-27621 · Infinera · G42

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns a service exposed on a specific TCP port with a configured endpoint that uses Basic Authentication. This endpoint is vulnerable to Directory Traversal attacks, allowing...

Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks

The threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs, in a report published last week, said it was able to make this connection by pivoting from Proton66-linked digital assets, leading t...

Search Best Practices in Veeam Data Cloud for Microsoft 365

New Search Experience for Veeam Data Cloud for Microsoft 365 We are excited to announce the initial rollout of our new search feature, designed to significantly improve the speed and efficiency of your search experience. The new search supports deleted item recovery and restore point search witho...

BIT-RABBITMQ-2025-50200 RabbitMQ Node can log Basic Auth header from an HTTP request

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which...