756 matches found
Rongzhitong Visual Integrated Command and Dispatch Platform 访问控制错误漏洞
Rongzhitong Visual Integrated Command and Dispatch Platform is an integrated command system for emergency management and public safety developed by Rongzhitong Corporation. The Rongzhitong Visual Integrated Command and Dispatch Platform versions 20260206 and earlier contained a access control...
CVE-2025-70141
SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in adminclass.php based on the action parameter. An unauthenticated remote attacke...
PT-2026-20497
Name of the Vulnerable Software and Affected Versions Rongzhitong Visual Integrated Command and Dispatch Platform versions prior to 20260207 Description A flaw exists in Rongzhitong Visual Integrated Command and Dispatch Platform that allows for improper access controls. The issue is related to a...
Rongzhitong Visual Integrated Command and Dispatch Platform 访问控制错误漏洞
Rongzhitong Visual Integrated Command and Dispatch Platform is an integrated command system for emergency management and public safety developed by Rongzhitong Corporation. The Rongzhitong Visual Integrated Command and Dispatch Platform versions 20260206 and earlier contained a access control...
GHSA-33RQ-M5X2-FVGF OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline
Summary In the optional Twitch channel plugin extensions/twitch, allowFrom is documented as a hard allowlist of Twitch user IDs, but it was not enforced as a hard gate. If allowedRoles is unset or empty, the access control path defaulted to allow, so any Twitch user who could mention the bot coul...
OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline
Summary In the optional Twitch channel plugin extensions/twitch, allowFrom is documented as a hard allowlist of Twitch user IDs, but it was not enforced as a hard gate. If allowedRoles is unset or empty, the access control path defaulted to allow, so any Twitch user who could mention the bot coul...
Russia-Aligned ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid
The "coordinated" cyber attack targeting multiple sites across the Polish power grid has been attributed with medium confidence to a Russian state-sponsored hacking crew known as ELECTRUM. Operational technology OT cybersecurity company Dragos, in a new intelligence brief published Tuesday,...
Static Detection of Core Structures in Tigress Virtualization-Based Obfuscation Using an LLVM Pass
Malware often uses obfuscation to hinder security analysis. Among these techniques, virtualization-based obfuscation is particularly strong because it protects programs by translating original instructions into attacker-defined virtual machine VM bytecode, producing long and complex code that is...
CVE-2022-31953
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidentreports/viewreport.php?id=...
CVE-2022-31962
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/viewincident.php?id=...
CVE-2022-31964
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondenttypes/viewrespondenttype.php?id=...
CVE-2022-31946
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=deleteteam...
CVE-2022-31951
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=deleterespondenttype...
CVE-2022-31959
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manageteam.php?id=...
CVE-2022-31956
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidentreports/managereport.php?id=...
CVE-2022-31965
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondenttypes/managerespondenttype.php?id=...
CVE-2022-31961
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manageincident.php?id=...
CVE-2022-31952
Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=deleteincident...
CVE-2022-31945
Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=deleteimg...
CVE-2025-9218 rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handlerestpredispatch function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers to...