832 matches found
CVE-2025-71091
The CVE-2025-71091 issue is in the Linux kernel: when a port is disabled but queue priority changes are processed, team_queue_override_port_prio_changed() could run a del on an already-removed list node, triggering a kernel bug. The fix adds an early return when the port is not enabled to avoid t...
CVE-2023-25131
Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and...
CVE-2017-20214
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system...
CVE-2019-25291
CVE-2019-25291 affects INIM Electronics Smartliving SmartLAN/G/SI versions 6.x and earlier, where hard-coded credentials are baked into the Linux distribution image and cannot be changed via normal device operations. This enables attackers to log in and gain unauthorized system access across mult...
CVE-2018-25138
FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...
PT-2025-53358
FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...
CVE-2025-61821
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and data on the server...
CVE-2025-61822
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary locations on the file system. Exploitation of this...
CVE-2025-61811
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerability to bypass security measures and execute...
CVE-2025-61808 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed...
CVE-2025-61808 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed...
CVE-2025-61822 ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary locations on the file system. Exploitation of this...
PT-2025-50287
Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier Description ColdFusion is affected by an Improper Restriction of XML External Entity Reference 'XXE' issue that could allow an attacker to read arbitrary files from the system. An...
MAL-2025-186281 Malicious code in config-xml-sirius-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a58415b6cbe6528432cf6e1e8cd55074b566f71bef9a5cda12bcd5ebc971b522 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in build-perseus-repository-asteroid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27053231811897d728e75138a8e6197e848557505ca26f8741717e627d78716b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in electron-postcss-loader-yaml-pyxis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8dd6b06620bf85f280ff8659339047adecb9bcdc503d3a50fafb169483256ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ursa-process-query-metabolomics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d9eb276d7c42a3eb8d32f6a4fd0ec8a87d3a091523a686fbe495218f0f56f05 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in array-load-sandbox-code-cache (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c0b8b8fba52d623ff84606663460a4fbe8b7ac106f45386569fde446edc9b6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ichnology-archaeogenetics-repository-dione (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d427b21d1e1c3f178b62ed1bf3f46c5e28790ff762162804d7d4a5e0be1a2757 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jest-astro-despina-aurora (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 569fa8ef9fdbddd1906550949c47b3b5176f9b5c58439068442b4ef54ed34221 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...