CVE-2026-35367

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

PT-2025-44995

Name of the Vulnerable Software and Affected Versions CanalDenuncia.app affected versions not specified Description A lack of authorization exists in CanalDenuncia.app, potentially allowing an attacker to access other users' information. This is achieved by sending a POST request through the id...

Dmacroweb DM Corporative CMS 安全漏洞

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which stems from the failure of the option parameter in the file...

PT-2024-28335 · Unknown · Cpacker Memgpt

Name of the Vulnerable Software and Affected Versions: Cpacker MemGPT version 0.3.17 Description: The issue is related to incorrect access control in the "/users" endpoint, allowing attackers to access sensitive data. Recommendations: For version 0.3.17, consider disabling access to the "/users"...

Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497)

Summary IBM Aspera Faspex may be vulnerable to exposing data improperly CVE-2022-22497 due to an incorrectly computed security token. Vulnerability Details CVEID:CVE-2022-2497 DESCRIPTION: GitLab Community Edition and GitLab Enterprise Edition could allow a remote authenticated attacker to obtain...

PT-2024-27173 · Teldats · Teldat M1

Name of the Vulnerable Software and Affected Versions: Teldat M1 version 11.00.05.50.01 Description: The issue is related to incorrect access control, allowing attackers to obtain sensitive information by using a crafted query string. Recommendations: For Teldat M1 version 11.00.05.50.01, conside...

The vulnerability of the plugin for Email Subscribers in the WordPress content management system allows a hacker to add additional SQL queries to existing ones and exploit the vulnerable information.

The vulnerability of the WordPress content management system’s plugin for email subscribers relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to insert additional SQL queries into existing ones, thereby exposing the...

WordPress plugin Easy Custom Auto Excerpt 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

The vulnerability of the software for improving the performance of the wireless network in the Intel Connectivity Performance Suite, related to lack of access control, allows a hacker to disclose protected information.

The vulnerability of the software for improving the performance of the Intel Connectivity Performance Suite wireless network is related to lack of access control. Exploiting this vulnerability can allow a remote attacker to disclose protected information...

Enphase Energy Installer Toolkit 信任管理问题漏洞

Enphase Energy Installer Toolkit is an installer toolkit from Enphase Energy, USA. Enphase Energy Installer Toolkit version 3.27.0 suffers from a trust management issue vulnerability that stems from hard-coded credentials embedded in the binary code of an Android application. An attacker could...

ShipStation 安全漏洞

ShipStation is an e-commerce retail order carrier processing and shipping software from ShipStation. A security vulnerability exists in ShipStation version 1.0, which stems from a spelling error that can lead to a blank password and a successful NULL comparison, which can be exploited by an...

SUSE CVE-2017-1289

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150...

CVE-2022-26239

The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data...

PT-2022-22336 · Jenkins · Jenkins Build-Metrics Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins build-metrics Plugin versions 1.3 and earlier Description: The issue concerns the Jenkins build-metrics Plugin, which does not perform permission checks in multiple HTTP endpoints. This allows attackers with Overall/Read permission to...

CVE-2022-30949

Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...

GO SMS Pro app still exposing millions of users’ sensitve data

By Sudais Asif Previously, it was revealed that the GO SMS Pro messaging app was exposing highly sensitive data of more than 100 million users. This is a post from HackRead.com Read the original post: GO SMS Pro app still exposing millions of users sensitve data...

The vulnerability of the Magento Commerce software platform for developing and managing online stores lies in the lack of measures to protect SQL query structures. This allows attackers to execute arbitrary SQL queries against the database in the target system and gain access to protected information.

The vulnerability of the Magento Commerce development and management software platform lies in the lack of measures to protect SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database in the target system by sending a...

Horgos Honglu Huayu Culture Communication Co., Ltd. free book chasing APP has a logic flaw vulnerability

Free Book Chase app is a website-wide free novel reading software. Horgos Honglu Huayu Culture Communication Co. Free Book Chase App has a logic flaw vulnerability that can be exploited by attackers to obtain sensitive information...

S-CMS php version enterprise website builder system v3.0 SQL injection vulnerability in background aj***2 parameter

S-CMS enterprise station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. S-CMS php version of the enterprise website building system v3.0 background aj2 parameters exist SQL injection vulnerability,...

Arbitrary File Read Vulnerability in Zhiyuan A8-V5

Zhiyuan A8-V5 is a collaborative office platform that realizes efficient business management of enterprises. Zhiyuan A8-V5 has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...