EUVD-2018-6870

Malware in sbrugna...

EUVD-2022-15292

Malicious code in bioql PyPI...

CVE-2025-34224

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose a set of PHP scripts under the consolerelease directory without requiring authentication. An unauthenticated remote attacker can invoke these...

Arteche saTECH BCU 授权问题漏洞

The Arteche saTECH BCU is a flight room control unit from Arteche. An authorization issue vulnerability exists in the Arteche saTECH BCU version 2.1.3, which originates from an attacker being able to capture traffic and obtain a user cookie to steal active sessions and change the device based on...

Azure Linux 3.0 Security Update: kernel (CVE-2024-43098)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43098 advisory. - In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev-desc-info instead of...

CVE-2022-49308

In the Linux kernel, the following vulnerability has been resolved: extcon: Modify extcon device to be created after driver data is set Currently, someone can invoke the sysfs such as stateshow intermittently before devsetdrvdata is done. And it can be a cause of kernel Oops because of edev is Nu...

CVE-2025-26408

The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected...

CVE-2024-45104

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call...

Lenovo XClarity Administrator 安全漏洞

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. A security vulnerability exists in Lenovo XClarity Administrator, which originate...

Ubuntu: Security Advisory (USN-6700-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-40187

Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework TCF service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless acce...

CVE-2022-38069

CVE-2022-38069 concerns Contec Health CMS8000 devices. The root cause is multiple globally default credentials present across all CMS8000 units. If exposed, a threat actor with momentary physical access can gain privileged access to any device, enabling extraction of sensitive patient information...

Hotdog Resource Management Error Vulnerability

Hotdog is a set of OCI hooks for injecting Log4j Hot Patch into containers. A resource management error vulnerability exists in Hotdog versions prior to v1.0.2, which arises from an application that does not effectively perform resource limiting, device limiting, or syscall filters on the target...

CVE-2022-0071

CVE-2022-0071 documents confirm an incomplete fix for CVE-2021-3101 in Hotdog prior to v1.0.2. The vulnerability arises because Hotdog did not mimic the resource limits, device restrictions, or syscall filters of the target JVM process. As a result, a container could exhaust host resources, modif...

Authentication flaw

Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user...

Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability

Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. A SOAP API authorization bypass vulnerability exists in Cisco IoT Field Network Director versions prior to 4.6.1. The vulnerability stems from insufficient authorization of the SOAP API. An attack...

CVE-2020-26072

A vulnerability in the SOAP API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit th...

CVE-2020-12035

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings...

Telus Actiontec T2200H Local Elevation of Privilege Vulnerability

The Actiontec Electronics T2200H is a modem from Actiontec Electronics, USA. A security vulnerability exists in the Actiontec Electronics T2200H T2200H-31.128L.08 release. The vulnerability can be exploited by an attacker to obtain a shell with root privileges to permanently modify the device,...

CVE-2018-10212

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value...