MAL-2026-4777 Malicious code in xct-x-ayoub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33575d7ebb1fa670ce8a2f633471492b04319daffe0f1e10dd35841cf2709af On import XcTxAyOuB, the package's top-level init.py unconditionally starts a Flask HTTP server bound to 0.0.0.0:5000 configurable via PORT exposing...

EUVD-2024-50953

Malicious code in bioql PyPI...

CVE-2024-20435

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this...

CVE-2024-12553

GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest...

CVE-2024-20435

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this...

CVE-2024-20435

CVE-2024-20435 affects Cisco Secure Web Appliance (AsyncOS) CLI. The root cause is insufficient input validation in the CLI, allowing an authenticated, local attacker to execute arbitrary commands and elevate to root. The attack requires at least guest credentials and is local, with impact on con...

CVE-2019-10711

Incorrect access control in the RTSP stream and web portal on all IP cameras based on Hisilicon Hi3510 firmware until Webware version V1.0.1 allows attackers to view an RTSP stream by connecting to the stream with hidden credentials guest or user that are neither displayed nor configurable in the...

Cisco Identity Services Engine SQL Injection Vulnerability (cisco-sa-20170215-ise)

A vulnerability in the sponsor portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access notices owned by other users. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

Cisco Identity Services Engine SQL Injection Vulnerability

A vulnerability in the sponsor portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access notices owned by other users. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this...