EUVD-2024-2762

Malicious code in bioql PyPI...

PT-2025-21344 · Unknown · Rustaurius Front End Users

Name of the Vulnerable Software and Affected Versions: Rustaurius Front End Users versions 3.2.32 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions...

PT-2025-17035 · Unknown · Aa Web Servant 12 Step Meeting List

Name of the Vulnerable Software and Affected Versions: AA Web Servant 12 Step Meeting List versions 3.16.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For...

PT-2025-13589 · Shopxo · Shopxo

Name of the Vulnerable Software and Affected Versions: ShopXO version 6.4.0 Description: The issue is related to Server-Side Request Forgery SSRF in the Email Settings. This means an attacker could potentially forge requests from the server, leading to unauthorized access to internal systems or...

Default installation of `synthetic-monitoring-agent` exposes sensitive information

Impact Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and...

CVE-2023-40195

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks...

PT-2023-4749 · Apache · Apache Airflow Spark Provider

Name of the Vulnerable Software and Affected Versions: Apache Airflow Spark Provider versions prior to 4.1.3 Description: The issue is related to deserialization of untrusted data and inclusion of functionality from an untrusted control sphere. When the Apache Spark provider is installed on an...

CVE-2022-46156 Grafana's default installation of `synthetic-monitoring-agent` exposes sensitive information

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...

PT-2020-6759 · Trustwave · Modsecurity

Name of the Vulnerable Software and Affected Versions: Trustwave ModSecurity versions 3.x through 3.0.4 Description: The issue is related to the handling of regular expressions in Trustwave ModSecurity, which can result in a Denial of Service condition. An attacker would need to know that a rule...

CPDoS Poisoning Attack

On October 22, 2019, a new method of web cache poisoning, called CPDoS or Cache Poisoned Denial of Service, was announced by researchers, Hoai Viet Nguyen and Luigi Lo Iacono. Targeting content delivery networks and other caching systems, the attack works by using a malicious header in the HTTP...

对康创联盛的一次安全检测（成功getshell并可访问数据库）

简要描述： 不得不说,我真是倒霉 详细说明： 本来是打算睡觉的,结果忽然想到那天看到的一个论坛,新架设的,问了下基友,未能getshell 原谅我地址已经忘了... 于是乎就继续看了一下 继续跑一下三级域名,发现admin.hd.comsenz-service.com 手工测试一下弱口令,运气还不错 test test123 进来了 有pic 有j8 涉及多个分站,不过多叙述 进来发现只是个虚拟机啊,还不能执行命令,懒得提权了,就随手翻了翻配置 127.0.0.1 localhost VM138131centos 127.0.0.1 www.comsenz-service.com...