24 matches found
EUVD-2025-21804
Malicious code in bioql PyPI...
EUVD-2022-29734
Malicious code in bioql PyPI...
CVE-2025-54792
LocalSend (open-source file sharing app) is affected in versions 1.16.1 and earlier. A vulnerability in the discovery protocol permits an unauthenticated attacker on the same local network to impersonate legitimate devices, enabling silent interception and modification of file transfers. Impact i...
CVE-2025-54792 LocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File Interception
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...
CVE-2025-54792 LocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File Interception
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...
CVE-2025-54792 LocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File Interception
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...
CVE-2025-2818
A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...
CVE-2025-2818
A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...
CVE-2025-2818
A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...
CVE-2025-2818
A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect...
CVE-2025-2818
Technical details such as affected components, root cause, vulnerable versions, or remediation are not publicly disclosed in the provided documents. Monitor for updates from Lenovo/Motorola advisories and Red Hat for this CVE.
PT-2025-29957 · Google +1 · Android +1
Name of the Vulnerable Software and Affected Versions: Motorola Smart Connect Android Application version 1.0 Description: A vulnerability exists in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application. This could allow a nearby attacke...
CVE-2025-3519
An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID UUID. In case a participant of this or another conversation gets access to such a file ID...
CVE-2025-3519
An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID UUID. In case a participant of this or another conversation gets access to such a file ID...
CVE-2025-3519 Replace uploaded files knowing the file upload ID
An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID UUID. In case a participant of this or another conversation gets access to such a file ID...
Dorsett Controls InfoScan < 1.38 Multiple Vulnerabilities (July 2024)
The version of Dorsett Controls InfoScan running on the remote host is prior to 1.38. It is, therefore, affected by multiple vulnerabilities: - Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys. CVE-2024-392...
CVE-2022-24986
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands...
Webshell Bypass Vulnerability in Web Security Dog Apache Edition (CNVD-2020-23226)
Website Security Dog APACHE Edition is a server tool that integrates website content security protection, website resource protection and website traffic protection functions to fully protect website security. Webshell bypass vulnerability exists in Website Security Dog Apache Edition, which can ...
SMBetray - SMB MiTM Tool With A Focus On Attacking Clients Through File Content Swapping, Lnk Swapping, As Well As Compromising Any Data Passed Over The Wire In Cleartext
Version 1.0.0. This tool is a PoC to demonstrate the ability of an attacker to intercept and modify insecure SMB connections, as well as compromise some secured SMB connections if credentials are known. Background Released at Defcon26 at "SMBetray - Backdooring and Breaking Signatures" In SMB...
UltimatePOS 2.5 Remote Code Execution Vulnerability
Exploit for php platform in category remote exploits Exploit Title: UltimatePOS 2.5 - Remote Code Execution Google Dork: intext:"UltimatePOS" Exploit Author: Renos Nikolaou Vendor Homepage: http://ultimatefosters.com/ Software Link:...