OpenStack Horizon RC file generation does not escape special characters in project names

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

Anthropic Agent Skills Support in Spring AI

In this blog, we show how using Spring AI, we can integrate with Anthropic's Native Skills API for Cloud-Based Document Generation and Custom Skills. Spring AI adds support for Anthropic's Agent Skills — modular capabilities that let Claude generate actual files rather than text descriptions. Wit...

EUVD-2019-16202

Malware in sbrugna...

EUVD-2020-27029

Malware in sbrugna...

EUVD-2019-16151

Malware in sbrugna...

EUVD-2018-17308

Malware in sbrugna...

EUVD-2019-16225

Malware in sbrugna...

EUVD-2020-27096

Malware in sbrugna...

EUVD-2021-10121

Malware in sbrugna...

EUVD-2020-20221

Malware in sbrugna...

EUVD-2019-5861

Malware in sbrugna...

CVE-2020-5935

On BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual server associated with an MQTT profile and an iRule performing manipulations on that traffic, TMM m...

CVE-2019-14712

Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation...

CVE-2019-6643

On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file...

CVE-2008-7291

gri before 2.12.18 generates temporary files in an insecure way...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2025-24071 This Python script is designed to demonstrate...

CVE-2024-21877 Insecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability through a url parameter in Enphase IQ Gateway formerly known as Envoy allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and 8.2.4225...

CVE-2024-21877 Insecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability through a url parameter in Enphase IQ Gateway formerly known as Envoy allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and 8.2.4225...

How to generate a support file of an ADM Agent CLI and GUI.

Describe how to generate a support file of anon-Prem ADM Agent from CLI or GUI...

Hubstaff 1.6.14-61e5e22e - (wow64log) DLL Search Order Hijacking Vulnerability

Exploit Title: Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking Exploit Author: Ahsan Azad Vendor Homepage: https://hubstaff.com/ Software Link: https://app.hubstaff.com/download Version: 1.6.13, 1.6.14 Tested On: 64-bit operating system, x64-based processor Description Hubstaff i...