Weak Password Vulnerability in Kingh5stream of Beijing Asian Control Technology Development Co.

Beijing Asian Control Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and informatization software platform, focusing on independent research and development, marketing and service of domestic industrial software. A weak password vulnerability exists in Beijing...

NI G Web Development Software 代码问题漏洞

NI G Web Development Software is a development software from National Instruments NI that creates test and measurement Web interfaces. A code issue vulnerability exists in NI G Web Development Software version 2022 Q3 and earlier, which stems from deserializing untrustworthy data and could lead t...

Linux Distros Unpatched Vulnerability : CVE-2024-32613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HLfldeserialize in H5HLcache.c, a different vulnerability than...

Linux Distros Unpatched Vulnerability : CVE-2023-44387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves...

CVE-2025-27401

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the...

CVE-2025-27402 Tuleap is missing CSRF protections on tracker fields administrative operations

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability i...

CVE-2025-27401 In Tuleap, deleting a report can delete criteria filters in other reports

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the...

CVE-2025-27401 In Tuleap, deleting a report can delete criteria filters in other reports

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the...

CVE-2025-27156 Tuleap allows content injection via emails sent by the mass emailing features

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail...

Malicious code in bitget-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c98dc8a8cb993a1e93d89d0909e8243bfd607c7a635f098ee3b3c103101cbcbe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-27094 Tuleap allows default values to be cleared from field configuration

Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field, the size attribute...

CVE-2025-24316

The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality...

CVE-2025-24316

The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality...

CVE-2025-24316

CVE-2025-24316 affects the Dario Health Internet-based server infrastructure. The issue is exposure of development environment details, leading to unsafe functionality as described in the CVE entry and corroborated by multiple sources (NVD, Red Hat, CIRCL, PT Security, and CISA ICS advisory). CVS...

CVE-2025-24316 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Sensitive Information Due to Incompatible Policies

The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality...

PT-2025-9117 · Unknown · Dario Health

Name of the Vulnerable Software and Affected Versions: Dario Health affected versions not specified Description: The issue concerns the exposure of development environment details in the Dario Health Internet-based server infrastructure, potentially leading to unsafe functionality. Recommendation...

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...

CVE-2024-27246

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access...

CVE-2024-27245

Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access...

This Week in Spring - February 25th, 2025

Hi, Spring fans, and welcome to another rip-roarin' installment of This Week in Spring! Later today I'll board a plane for magnificent Montreal, Canada for the amazing Confoo conference! I'm super excited! Good news everybody! Spring Boot 3.5.0-M2 is now available! In last week's installment of t...