CVE-2025-66312

The CVE-2025-66312 pertains to Grav Admin Plugin, where a Stored XSS vulnerability existed in the /admin/accounts/groups/Grupo endpoint via the data[readableName] field. The issue allowed injected scripts to be stored on the server and executed when affected pages load. It affects Grav’s admin in...

CVE-2025-50691

MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data including tokens and terminal content is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation...

GHSA-QP7J-X725-G67F HydrAIDE Authentication Bypass Vulnerability

Summary There is no authentication of any kind. Details TLS is implemented, the tunnel between the client and server is secure, however once data is on the server, it's free to be read by any adversaries. On the client side :...

HydrAIDE Authentication Bypass Vulnerability

Summary There is no authentication of any kind. Details TLS is implemented, the tunnel between the client and server is secure, however once data is on the server, it's free to be read by any adversaries. On the client side :...

Linux Distros Unpatched Vulnerability : CVE-2023-40217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP...