21 matches found
EUVD-2020-12615
Malware in sbrugna...
EUVD-2020-12664
Malware in sbrugna...
EUVD-2022-0863
Malicious code in bioql PyPI...
EUVD-2022-26168
Malicious code in bioql PyPI...
EUVD-2025-19133
Malicious code in bioql PyPI...
CVE-2025-29756 MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters
SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While...
CVE-2022-24551
A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password including system/administrator user using any available user This affects StarWind SAN and NAS v0.2 build 1633...
CVE-2022-32563
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
CVE-2020-1838
HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150C00E136R5P3 have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pas...
CVE-2025-43005
SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data...
CVE-2025-47887
Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...
EulerOS 2.0 SP12 : git (EulerOS-SA-2025-1295)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full...
Medium: git
Issue Overview: Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the ho...
CVE-2025-24402
A cross-site request forgery CSRF vulnerability in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs obtained through another method...
CVE-2024-38499 Improper Privilege Management Vulnerability in CA Client Automation 14.5
CA Client Automation ITCM allows non-admin/non-root users to encrypt a string using CAF CLI and SDACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to...
Assess, Remediate, and Prevent the Top 10 MITRE ATT&CK Techniques for Ransomware, Mapped to Misconfigurations
In cybersecurity, the battle against ransomware is a pivotal challenge for organizations worldwide. Attackers are consistently refining their methods, highlighting the critical need for businesses to remain proactive in their defense strategies. To effectively address this threat, it is essential...
CVE-2023-28674
A cross-site request forgery CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials...
PT-2022-19407 · Dell · Dell Wyse Management Suite
Name of the Vulnerable Software and Affected Versions: Dell Wyse Management Suite versions 3.6.1 and below Description: The issue allows a low privileged malicious user to potentially exploit it and obtain credentials. The attacker may use the exposed credentials to access the target device and...
New Relic: Mobile Authentication Endpoint Credentials Brute-Force Vulnerability
Dear, Your web authentication login endpoint, https://login.newrelic.com/login, currently properly protects against brute-force attacks. After a couple of 100 automated login attempts, a Captcha is required to login to the account under attack, even from a different IP address. Perfect, good job....
Несанкционированный доступ в slashcode (unauthorized access)
Зная логин и пароль одного пользователя можно получить права другого, включая администратора...