Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the shared bit fields for the claimed and retune control flags. This vulnerability may lead to unexpect...

CVE-2025-54863

Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could...

CVE-2025-54863

Radiometrics VizAir is affected by a vulnerability where the system’s REST API key is exposed via a publicly accessible configuration file. Public access could let an attacker remotely alter weather data and configurations, automate attacks across multiple instances, and exfiltrate sensitive mete...

CVE-2025-54863 Insufficiently Protected Credentials in Radiometrics VizAir

Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could...

CVE-2025-54863 Insufficiently Protected Credentials in Radiometrics VizAir

Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could...

EUVD-2025-16018

Malicious code in bioql PyPI...

CVE-2025-20257

A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product. Th...

Cisco Secure Network Analytics Manager和Cisco Secure Network Analytics Virtual Manager 安全漏洞

Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager are both products of Cisco, Inc.Cisco Secure Network Analytics Manager is a secure network analytics manager. Cisco Secure Network Analytics Manager is a secure network analytics manager.Cisco Secure Network...

CVE-2021-27289

The CVE-2021-27289 entry concerns a replay-attack weakness in a Zigbee-based Ksix smart home kit. Affected components are Zigbee Gateway Module v1.0.3, Door Sensor v1.0.7, and Motion Sensor v1.0.12. The root cause is an improper implementation of Zigbee’s anti-replay mechanism (frame counter-base...

CVE-2023-52897

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: do not warn on record without oldroots populated BUG There are some reports from the mailing list that since v6.1 kernel, the WARNON inside btrfsqgroupaccountextent gets triggered during rescan: WARNING: CPU: 3 PID...

Dell Unity Security Breach

Dell Unity is a suite of virtual Unity storage environments from Dell, Inc. A security vulnerability exists in Dell Unity versions prior to 5.4, which stems from the possibility that log messages can be spoofed by an authenticated attacker, who could use this vulnerability to compromise log...

CVE-2022-48296

The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices...

Digital Alert Systems DASDEC

1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Digital Alert Systems Equipment: DASDEC Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities might result in false alerts...

DHS says to update your Emergency Alert Systems immediately

The Department of Homeland Security has issued an advisory after vulnerabilities were found in its Emergency Alert Systems EAS. EAS technology is designed to fire out warning messages during times of national emergency. It can be used to warn of coastal flooding, earthquakes, child abduction,...

CVE-2020-12270

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it...

CRS - OWASP ModSecurity Core Rule Set

The OWASP ModSecurity Core Rule Set CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The Core Rule Se...

CVE-2012-4026

The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 aka the upload port, a different vulnerability than CVE-2012-2607...

Code injection

The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 aka the upload port, a different vulnerability than CVE-2012-2607...

CVE-2012-4026

CVE-2012-4026 affects the Johnson Controls Pegasys P2000 server prior to version 3.11. The vulnerability allows remote attackers to trigger false alerts by sending crafted packets to TCP port 41013 (the upload port). The public description specifies the flaw as enabling false alerts via the uploa...

CVE-2012-4026

The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 aka the upload port, a different vulnerability than CVE-2012-2607...