Palo Alto Expedition - SQL Injection

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +309 more potentially affected by unknown CVE via @antv/g-device-api (=1.6.13)

@antv/g-device-api NPM version =1.6.13 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-device-api and may be impacted: - @action.sustainability/storybook-dashboard =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.0.17-beta.1, =0.0.1-beta.2, =1.2.0-beta.0,...

MAL-2026-3917 Malicious code in @antv/g-device-api (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

[SECURITY] Fedora 42 Update: qt5-qtsensors-5.15.18-1.fc42

The Qt Sensors API provides access to sensor hardware via QML and C++ interfaces. The Qt Sensors API also provides a motion gesture recognition API for devices...

CVE-2025-52663

A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. Affected Products:...

CVE-2025-52663

A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. Affected Products:...

CVE-2025-52663

A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. Affected Products:...

CVE-2025-52663

Affects UniFi Talk devices: UniFi Talk Touch &lt;= 1.21.16, UniFi Talk Touch Max &lt;= 2.21.22, and UniFi Talk G3 Phones = 1.21.17, UniFi Talk Touch Max &gt;= 2.21.23, and UniFi Talk G3 Phones &gt;= 3.21.27. If newer advisories exist, follow their guidance; otherwise these are the stated fixes.

CVE-2025-52663

A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. Affected Products:...

PT-2025-44561

Name of the Vulnerable Software and Affected Versions UniFi Talk Touch versions 1.21.16 and earlier UniFi Talk Touch Max versions 2.21.22 and earlier UniFi Talk G3 Phones versions 3.21.26 and earlier Description An issue was identified in certain UniFi Talk devices where internal debugging...

EUVD-2019-15745

Malware in sbrugna...

EUVD-2022-33508

Malicious code in bioql PyPI...

EUVD-2022-37320

Malicious code in bioql PyPI...

Ubuntu Pro 24.04 LTS Realtime Kernel : Linux kernel (Raspberry Pi Real-time) vulnerabilities (USN-7800-1)

"The remote Ubuntu Pro 24.04 LTS Realtime Kernel host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7800-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

USN-7767-2 linux-realtime-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AM...

Ubuntu Pro 24.04 LTS Realtime Kernel : Linux kernel (Real-time) vulnerabilities (USN-7767-1)

"The remote Ubuntu Pro 24.04 LTS Realtime Kernel host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7767-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

USN-7766-1 linux-aws-6.8, linux-gcp-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AM...

CVE-2023-22813

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS...

AudioCodes One Voice Operations Center 安全漏洞

AudioCodes One Voice Operations Center AudioCodes OVOC is a web-based voice network management solution from AudioCodes, Inc. A security vulnerability exists in AudioCodes One Voice Operations Center OVOC versions prior to 8.4.582, which stems from improper neutralization of inputs via the device...