Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations

Cybersecurity researchers have disclosed a cross-site scripting XSS vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations. "By exploiting it, we...

CVE-2025-34171

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

EUVD-2018-13129

Malware in sbrugna...

EUVD-2025-8434

Malicious code in bioql PyPI...

CVE-2022-50228

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...

CVE-2025-21869

In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Disable KASAN report during patching via temporary mm Erhard reports the following KASAN hit on Talos II power9 with kernel 6.13: 12.028126 ==================================================================...

Linux Distros Unpatched Vulnerability : CVE-2024-56372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: tun: fix tunnapiallocfrags syzbot reported the following crash 1 Issue came with the...

CVE-2022-49452

In the Linux kernel, the following vulnerability has been resolved: dpaa2-eth: retrieve the virtual address before dmaunmap The TSO header was DMA unmapped before the virtual address was retrieved and then used to free the buffer. This meant that we were actually removing the DMA map and then...

CVE-2022-49111 Bluetooth: Fix use after free in hci_send_acl

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hcisendacl This fixes the following trace caused by receiving HCIEVDISCONNPHYLINKCOMPLETE which does call hciconndel without first checking if conn-type is in fact AMPLINK and in case it is do...

CVE-2024-53237

CVE-2024-53237 is a Linux kernel vulnerability describing a use-after-free in the Bluetooth device lifecycle, specifically in the function device_for_each_child. The issue was surfaced by KASAN and tied to a scenario where a parent device could be freed while a child device still holds a referenc...

CVE-2024-53182 Revert "block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()"

In the Linux kernel, the following vulnerability has been resolved: Revert "block, bfq: merge bfqreleaseprocessref into bfqputcooperator" This reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de. The bic is associated with syncbfqq, and bfqreleaseprocessref cannot be put into bfqputcooperator...

Get License, Hardware and Platform details from API call

Get the output of Hardware, platform and License via API...

Zoho ManageEngine Network Configuration Manager SQL Injection Vulnerability (CNVD-2021-88231)

Zoho ManageEngine Network Configuration Manager is a network change and configuration management tool for managing the configuration of switches, routers and firewalls. A SQL injection vulnerability exists in the hardware details search in Zoho ManageEngine Network Configuration Manager. No...

CVE-2021-41080

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search...

CVE-2021-41080

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search...

Sql injection

Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search...

CVE-2021-41080

Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search...

CVE-2021-41080

CVE-2021-41080 affects Zoho ManageEngine Network Configuration Manager. Based on connected sources, the vulnerability is a SQL injection in the hardware details search function. The issue occurs in versions prior to 125465. The notable impact is high (CVE metrics show CRITICAL/ HIGH depending on ...

Zoho Corporation Zoho ManageEngine Network Configuration Manager SQL注入漏洞

Zoho ManageEngine Network Configuration Manager is a network change and configuration management tool for managing the configuration of switches, routers and firewalls. A SQL injection vulnerability exists in the hardware details search in Zoho ManageEngine Network Configuration Manager. No...

PT-2021-23073 · Zoho · Zoho Manageengine Network Configuration Manager

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Network Configuration Manager versions prior to 125465 Description: The issue is related to SQL Injection in the hardware details search function. Recommendations: For versions prior to 125465, update to a version that...