67 matches found
CVE-2026-33560
The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...
CVE-2026-31928 Daktronics Controller Firmware Use of Hard-coded Credentials
The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access...
CVE-2026-31928
The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access...
CVE-2026-31928
The CVE-2026-31928 entry concerns DMP-5000 devices shipped with a default administrative web account and weak authentication controls that are not required to be changed during initial configuration or operation, enabling full system access if exploited. The issue is tied to hard-coded/default cr...
CVE-2026-33560
The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...
CVE-2026-33560
The CVE-2026-33560 issue affects the DMP-5000 file service, where an authenticated user can upload files of any type without validation, because there is no file-extension filtering or content inspection, allowing executable binaries/scripts to be written to the server. The vulnerability stems fr...
CVE-2026-33560 Daktronics Controller Firmware Unrestricted Upload of File with Dangerous Type
The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move the cfglogverbose check before calling lpfcdmpdbg In an attempt to log message 0126 using LOGTRACEEVENT, the following hard lockup occurred, causing the system to hang. Call Trace: rawspinlockirqsave+0x32/0x40...
EUVD-2017-6651
Malware in sbrugna...
EUVD-2018-19152
Malware in sbrugna...
EUVD-2021-31696
Malicious code in bioql PyPI...
Malicious code in dmp-web (npm)
The package dmp-web was found to contain malicious code...
MAL-2025-18540 Malicious code in dmp-web (npm)
The package dmp-web was found to contain malicious code...
New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent...
Malicious code in dmp-suite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 519dd07a618b2ba0671d86ef8fa2155f33aeaacdeed9a41d7f2e5257fb737aac The OpenSSF Package Analysis project identified 'dmp-suite' @ 11.11.3 pypi as malicious. It is considered malicious because: - The package...
MAL-2023-1363 Malicious code in dmp-suite (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 519dd07a618b2ba0671d86ef8fa2155f33aeaacdeed9a41d7f2e5257fb737aac The OpenSSF Package Analysis project identified 'dmp-suite' @ 11.11.3 pypi as malicious. It is considered malicious because: - The package...
SUSE CVE-2013-2483
The acnadddmpdata function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service divide-by-zero error and application crash via an invalid count value in ACNDMPADTDRE DMP data...
SUSE CVE-2017-15191
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length...
SUSE CVE-2018-7421
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification...
dmp-bayern.de Cross Site Scripting vulnerability OBB-2689482
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...