CVE-2026-35367

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

PT-2025-44995

Name of the Vulnerable Software and Affected Versions CanalDenuncia.app affected versions not specified Description A lack of authorization exists in CanalDenuncia.app, potentially allowing an attacker to access other users' information. This is achieved by sending a POST request through the id...

Dmacroweb DM Corporative CMS 安全漏洞

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which stems from the failure of the option parameter in the file...

PT-2024-28335 · Unknown · Cpacker Memgpt

Name of the Vulnerable Software and Affected Versions: Cpacker MemGPT version 0.3.17 Description: The issue is related to incorrect access control in the "/users" endpoint, allowing attackers to access sensitive data. Recommendations: For version 0.3.17, consider disabling access to the "/users"...

Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497)

Summary IBM Aspera Faspex may be vulnerable to exposing data improperly CVE-2022-22497 due to an incorrectly computed security token. Vulnerability Details CVEID:CVE-2022-2497 DESCRIPTION: GitLab Community Edition and GitLab Enterprise Edition could allow a remote authenticated attacker to obtain...

PT-2024-27173 · Teldats · Teldat M1

Name of the Vulnerable Software and Affected Versions: Teldat M1 version 11.00.05.50.01 Description: The issue is related to incorrect access control, allowing attackers to obtain sensitive information by using a crafted query string. Recommendations: For Teldat M1 version 11.00.05.50.01, conside...

WordPress plugin Easy Custom Auto Excerpt 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

Enphase Energy Installer Toolkit 信任管理问题漏洞

Enphase Energy Installer Toolkit is an installer toolkit from Enphase Energy, USA. Enphase Energy Installer Toolkit version 3.27.0 suffers from a trust management issue vulnerability that stems from hard-coded credentials embedded in the binary code of an Android application. An attacker could...

ShipStation 安全漏洞

ShipStation is an e-commerce retail order carrier processing and shipping software from ShipStation. A security vulnerability exists in ShipStation version 1.0, which stems from a spelling error that can lead to a blank password and a successful NULL comparison, which can be exploited by an...

SUSE CVE-2017-1289

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150...

CVE-2022-26239

The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data...

PT-2022-22336 · Jenkins · Jenkins Build-Metrics Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins build-metrics Plugin versions 1.3 and earlier Description: The issue concerns the Jenkins build-metrics Plugin, which does not perform permission checks in multiple HTTP endpoints. This allows attackers with Overall/Read permission to...

CVE-2022-30949

Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...

GO SMS Pro app still exposing millions of users’ sensitve data

By Sudais Asif Previously, it was revealed that the GO SMS Pro messaging app was exposing highly sensitive data of more than 100 million users. This is a post from HackRead.com Read the original post: GO SMS Pro app still exposing millions of users sensitve data...

Horgos Honglu Huayu Culture Communication Co., Ltd. free book chasing APP has a logic flaw vulnerability

Free Book Chase app is a website-wide free novel reading software. Horgos Honglu Huayu Culture Communication Co. Free Book Chase App has a logic flaw vulnerability that can be exploited by attackers to obtain sensitive information...

S-CMS php version enterprise website builder system v3.0 SQL injection vulnerability in background aj***2 parameter

S-CMS enterprise station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. S-CMS php version of the enterprise website building system v3.0 background aj2 parameters exist SQL injection vulnerability,...

Arbitrary File Read Vulnerability in Zhiyuan A8-V5

Zhiyuan A8-V5 is a collaborative office platform that realizes efficient business management of enterprises. Zhiyuan A8-V5 has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...

Delta Electronics Delta Industrial Automation PMSoft Out-of-Bounds Read Vulnerability

Delta Electronics Delta Industrial Automation PMSoft is a suite of HMI applications from Delta Electronics. An out-of-bounds read vulnerability exists in Delta Electronics Delta Industrial Automation PMSoft version 2.11 or earlier, which can be exploited by an attacker to read confidential...

Cisco Unified Communications Manager SQL Injection Vulnerability

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. sql database interface is one of...

Vulnerabilities in the Online Direct Marketing Platform of Guangzhou Askway Information Technology Co.

Ltd. is a set of hotel online direct marketing technology and operation service system, focusing on building their own online direct marketing platform and system for hotels, providing consulting, advisory, training and other services to help hotels to improve the operation and revenue capacity...