CVE-2025-46548 Apache Pekko Management, Apache Pekko Management, Apache Pekko Management, Akka Management, Akka Management, Akka Management: management API basic authentication is not effective

If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...

CVE-2025-46548

CVE-2025-46548 affects Pekko Management (Java DSL) where enabling Basic Authentication may cause the authenticator to not be properly applied. The issue can lead to insufficient access control if management ports are not restricted to trusted users. The advisory recommends upgrading Pekko Managem...

Malicious code in basic-with-react-hooks (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7efadad57bdbe52801b9d31e36cd5cd4678d838d46d71c95ab940aee65a12bc Any computer that has this package installed or running should be considered...

PT-2025-23624 · Unknown · Pekko Management

Name of the Vulnerable Software and Affected Versions: Pekko Management versions prior to 1.1.1 Description: The issue arises when Basic Authentication is enabled in Pekko Management using the Java DSL, potentially causing the authenticator to not be properly applied. This could affect users who...

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions

Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers CFOs and financial executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle Eas...

The vulnerability of the ExportCertificate method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the ExportCertificate method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allo...

The vulnerability of the CreateBackup method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the CreateBackup method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to bypass security restrictions,...

The vulnerability of the GetLogs method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems of the TeleControl Server Basic allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the GetLogs method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

The vulnerability of the CreateLog method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, as well as in the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the CreateLog method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

The vulnerability of the getUsers method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the getUsers method in software for managing and monitoring removed objects in telemetry and telemechanics systems related to the TeleControl Server Basic lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to...

The vulnerability of the LockTraceLevelSettings method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the LockTraceLevelSettings method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability...

The vulnerability of the LockUser method in software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the LockUser method in software for managing and monitoring removed objects in telemetry and telemechanics systems related to the TeleControl Server Basic is associated with the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a...

CVE-2025-48740

A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...

Malicious code in @fms-common-biz/basic-react (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-4540 Malicious code in @fms-common-biz/basic-react (npm)

The package communicates with a domain associated with malicious activity...

CVE-2024-47165

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthoriz...

CVE-2024-7900

A vulnerability, which was classified as problematic, was found in xiaohe4966 TpMeCMS 1.3.3.2. Affected is an unknown function of the file /h.php/general/config?ref=addtabs of the component Basic Configuration Handler. The manipulation of the argument Site Name/Beian/Contact...

CVE-2024-31942

Cross-Site Request Forgery CSRF vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through = 3.0.2...

CVE-2024-30534

Missing Authorization vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through = 3.0.5...

CVE-2024-4144

The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of...