EUVD-2025-179707

Malicious code in cloud-user-static-promise-stub npm...

Sealos billing system permission control defect

Summary There is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account. sealos. io/v1/Payment, resulting in the ability to recharge any amount of 1 RMB. Details The reason is that sealos is in arrears. Egg pain, we can't create a terminal...

CVE-2020-1677

When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue...

Elastic: Remote Code Execution in coming Kibana 7.7.0

Summary: Kibana 7.7.0 as per commit c5f682cb is vulnerable to a remote code execution vulnerability that is similar to the one reported in https://hackerone.com/reports/852613 Kibana 7.7.0 is not released, so this is an experiment. I know that getting these reports is more valuable to Elastic pri...

Ubiquiti Networks UniFi Cloud Key Command Injection / Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Command Injection & Cloud User Weak Crypto & Privilege Escalation product: Ubiquiti Networks UniFi Cloud Key vulnerable version: Firmware v0.5.9/0.6.0 fixed...

CVE-2018-4594

...