CVE-2024-23929

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2024-23928

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telematics functionality, which...

CVE-2024-23928

CVE-2024-23928 affects Pioneer DMH-WT7600NEX telematics over HTTPS, due to improper validation of the server certificate. This enables network-adjacent attackers (no authentication required) to compromise the integrity of downloaded information and, in combination with other vulnerabilities, exec...

CVE-2024-23928 Pioneer DMH-WT7600NEX Telematics Improper Certificate Validation

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telematics functionality, which...

CyberPanel Installed (Linux)

Binary data cyberpanelnixinstalled.nbin...

GHSA-XR3M-6GQ6-22CG Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document

Summary A Stored Cross-Site Scripting XSS vulnerability in PIMCORE allows remote attackers to inject arbitrary web script or HTML via the PDF upload functionality. This can result in the execution of malicious scripts in the context of the user's browser when the PDF is viewed, leading to potenti...

CVE-2024-11954

A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the publ...

CVE-2024-46881

Develocity formerly Gradle Enterprise before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 in affected vulnerable versions does not include...

CVE-2025-0706 JoeyBling bootplus admin.html cross site scripting

A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/sys/admin.html. The manipulation leads to cross site scripting. The attack may be launched remotely...

Microsoft Excel Code Problem Vulnerability (CNVD-2025-02829)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code issue vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to bypass certain functionality...

PT-2025-4402 · Tarak Patel · Wp Query Creator

Name of the Vulnerable Software and Affected Versions: Tarak Patel WP Query Creator versions 1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inject maliciou...

CVE-2025-24401

CVE-2025-24401 affects the Jenkins Folder-based Authorization Strategy Plugin (versions 217.vd5b_18537403e and earlier). The root cause is that the plugin does not verify that permissions configured to be granted are enabled, potentially letting users who were previously granted optional permissi...

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet

Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service DDoS attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since Jun...

OPENSUSE-SU-2025:0021-1 Security update for gh

This update for gh fixes the following issues: - Update to version 2.65.0: Bump cli/go-gh for indirect security vulnerability Panic mustParseTrackingRef if format is incorrect Move trackingRef into pr create package Make tryDetermineTrackingRef tests more respective of reality Rework...

CVE-2025-23477

Missing Authorization vulnerability in realtyworkstation Realty Workstation realty-workstation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Realty Workstation: from n/a through = 1.0.45...

MAL-2025-610 Malicious code in cscchokidar-next (npm)

This package has destructive functionality to delete development-related directories. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ed003ec0e4484b9001cedb74c37ef8fbac98945977b5b3a217052346a2f55c1 Any computer that has this package installed or running should be...

MAL-2025-608 Malicious code in achalk-next (npm)

This package exfiltrates API keys to an attacker-controlled server. It also has destructive functionality to delete development-related directories. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b543eb1092108748ab3abd00741f5f1d0b181f326ba147792f883aed8d837697 Any...

MAL-2025-609 Malicious code in csbchalk-next (npm)

This package exfiltrates API keys to an attacker-controlled server. It also has destructive functionality to delete development-related directories. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78554f43864fdbcb9a2eb97137b68f629a45a1ea6a1af377fd194376be14c911 Any...

MAL-2025-611 Malicious code in cschalk (npm)

This package exfiltrates API keys to an attacker-controlled server. It also has destructive functionality to delete development-related directories. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bc84195226616b9037825439862309922afde77ccd32cc2c6158025030d27b2 Any...

MAL-2025-612 Malicious code in cschalk-next (npm)

This package exfiltrates API keys to an attacker-controlled server. It also has destructive functionality to delete development-related directories. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91aaf0d72370eff4321359a559af7a578a16bb5aeefeedd6ec52ae25b8297a21 Any...