259 matches found
Zhide Modern Farm Digital Integrated Management System 安全漏洞
Zhide Modern Farm Digital Integrated Management System is a modern farm digital integrated management system from Zhide, China. A security vulnerability exists in Zhide Modern Farm Digital Integrated Management System version 1.0, which originates from a vulnerability that could lead to the...
EncryptHub’s OPSEC Failures Expose Its Malware Operation
Outpost24's KrakenLabs reveals EncryptHub's multi-stage malware campaign, exposing their infrastructure and tactics through critical OPSEC failures. Learn how…...
Malicious code in testnet-contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware edd3718e0e37096149d4d64985025d95be3edcd077f04cf23ed0165b2b8b8b8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2025-5869 · Ibm · Ibm Entirex
Name of the Vulnerable Software and Affected Versions: IBM EntireX version 11.1 Description: The issue is related to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit this to expose sensitive information or consume memory resources...
CVE-2024-12510
If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup...
CVE-2025-0861
CVE-2025-0861 affects the VR-Frases (collect & share quotes) WordPress plugin. The vulnerability is a SQL Injection in multiple parameters for all versions up to and including 3.0.1, caused by insufficient escaping and lack of proper query preparation. Unauthenticated attackers could append addit...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Swift Mailer, which stems from the inclusion of an Expose Danger method or feature vulnerability...
CVE-2024-45497
The CVE-2024-45497 entry describes a flaw in the OpenShift build process where a docker-build container mounts the node’s /var/lib/kubelet/config.json via a hostPath volume into the build pod. The config.json contains credentials for pulling private images, and the mount is not read-only, enablin...
GO-2024-3109 The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator
The Bare Metal Operator BMO can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that originates from allowing an authenticated attacker to craft a Remote Function Call RFC request to a restricted destination, which could be used to...
CVE-2024-37046
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have already fixed the...
CVE-2024-52582
Cachi2 (open source CLI) is affected up to version 0.13.x; when an unhandled exception occurs, the tool logs function locals, potentially exposing secrets in CI/build logs. Version 0.14.0 includes a patch to fix this. No other exploit details are provided in the documents. Remediation: upgrade to...
The vulnerability of Adobe After Effects’ video and dynamic image editing software arises from operations that go beyond buffer boundaries in memory, allowing attackers to gain unauthorized access to protected information.
The vulnerability of Adobe After Effects video and dynamic image editing software relates to the execution of operations beyond buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created file...
go-retryablehttp: url might write sensitive information to log file
A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...
CVE-2024-30128
HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information...
MGASA-2024-0294 Updated expat packages fix security vulnerabilities
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...
The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the lack of authentication procedures. This allows attackers to bypass security restrictions and expose sensitive information.
The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions and expose sensitive...
PYSEC-2024-266
Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...
CVE-2024-32931 exacqVison - Token Disclosed in URL
Under certain circumstances the exacqVision Web Service can expose authentication token details within communications...
GHSA-Q22Q-2RRF-M27P Mattermost allows unsolicited invites to expose access to local channels
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local...