PT-2025-34840 · Unknown · Macrozheng Mall

Name of the Vulnerable Software and Affected Versions: macrozheng mall versions up to 1.0.3 Description: A flaw exists in the Registration component of the software, impacting an unknown function. This issue results in weak password requirements, potentially allowing unauthorized access. The atta...

CVE-2025-9146

A vulnerability (CVE-2025-9146) affects Linksys E5600 with firmware version 1.1.0.26. The flaw resides in the verify_gemtek_header function of the checkFw.sh file within the Firmware Handler component. The issue is described as enabling manipulation that leads to a risky cryptographic algorithm; ...

Reducing False Positives with Active Behavioral Analysis for Cloud Security

Rule-based cloud security posture management CSPM solutions are known to produce a lot of false positives based on the limited contextual understanding and dependence on static heuristics testing. This paper introduces a validation-driven methodology that integrates active behavioral testing in...

CVE-2025-8758

A vulnerability was found in TRENDnet TEW-822DRE FW103B02. It has been classified as problematic. This affects an unknown part of the component vsftpd. The manipulation leads to least privilege violation. Attacking locally is a requirement. The complexity of an attack is rather high. The...

Exploit for CVE-2007-6750

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets. The project currently consists of two major components: a script invoking and aggregating the results of existing...

PAM Environment Variable Injection

PAM pamenv.so module allows environment variable injection via /.pamenvironment leading to privilege escalation through SystemD session manipulation. This scripts gauges exploitability...

CVE-2025-50082

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

CVE-2025-7095

A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an atta...

CVE-2025-7060

A vulnerability was found in Monitorr up to 1.7.6m. It has been classified as problematic. This affects an unknown part of the file assets/config/installation/mkdbajax.php of the component Installer. The manipulation of the argument datadir leads to improper input validation. It is possible to...

CVE-2025-7060 Monitorr Installer mkdbajax.php input validation

A vulnerability was found in Monitorr up to 1.7.6m. It has been classified as problematic. This affects an unknown part of the file assets/config/installation/mkdbajax.php of the component Installer. The manipulation of the argument datadir leads to improper input validation. It is possible to...

CVE-2025-6524 70mai 1S Video Services improper authentication

A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects an unknown part of the component Video Services. The manipulation leads to improper authentication. Access to the local network is required for this attack to succeed. The complexity of an attack is...

Photon OS 5.0: Dotnet PHSA-2025-5.0-0535

An update of the dotnet package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0535. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-5648

A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function rconspalinit in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity...

CVE-2025-5642

A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function rconspalinit in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather...

CVE-2023-3800

A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack i...

CVE-2023-46248

Cody is an artificial intelligence AI coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.json and...

CVE-2021-2405

Vulnerability in the Oracle Engineering product of Oracle E-Business Suite component: Change Management. Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Engineering. Successf...

CVE-2016-15024

A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. Continiou...

CVE-2015-10067

A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulation leads to race condition within a thread. The complexity of an attack is rather high. The...

AlmaLinux 9 : .NET 8.0 (ALSA-2025:7598)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:7598 advisory. dotnet: .NET and Visual Studio Spoofing Vulnerability CVE-2025-26646 Tenable has extracted the preceding description block directly from the AlmaLinux security...