226 matches found
EUVD-2024-35290
Malicious code in bioql PyPI...
EUVD-2022-1966
Malicious code in bioql PyPI...
EUVD-2024-31320
Malicious code in bioql PyPI...
EUVD-2023-1101
Malicious code in bioql PyPI...
CVE-2025-57430
Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials...
CVE-2025-57430
Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials...
PT-2025-37299
Name of the Vulnerable Software and Affected Versions: Digiever NVR affected versions not specified Description: Digiever NVR devices are susceptible to a sensitive information exposure issue. Unauthenticated remote attackers can access the system configuration file and obtain plaintext credentia...
CVE-2025-58373 Roo Code: Symlink-bypass of .rooignore can lead to unintended file disclosure
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections could be bypassed using symlinks. This allows an attacker with write access to the workspace to trick the extension into reading files th...
CVE-2025-36729
A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access with the root gid...
PT-2025-34951 · Nsfocus · Secgate3600
Name of the Vulnerable Software and Affected Versions: SecGate3600 affected versions not specified Description: SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure issue. The vulnerable component fails to enforce authentication checks on POST...
CVE-2010-20109
Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the viewhelp.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal...
CVE-2010-20109
Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the viewhelp.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal...
PT-2025-33747
Name of the Vulnerable Software and Affected Versions: EzGED3 versions prior to 3.5.72.27183 Description: EzGED3 is susceptible to an unauthenticated arbitrary file read issue stemming from inadequate access control and insufficient input validation within a web-accessible script. An attacker can...
Cisco ISE 3.0 - Authorization Bypass
Exploit Title: Cisco ISE 3.0 - Authorization Bypass Exploit Author: @ibrahimsql ibrahimsql.com Exploit Author's github: https://github.com/ibrahmsql Description: Cisco ISE API Authorization Bypass CVE: CVE-2025-20125 Vendor Homepage: https://www.cisco.com/ Requirements: requests=2.25.0,...
CVE-2025-43720
Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile...
CVE-2025-43720
Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile...
CVE-2025-43720
Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile...
CVE-2025-43720
Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile...
CVE-2025-53655
Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2025-53661
Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...