CVE-2022-31004

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...

EUVD-2002-0768

Malware in sbrugna...

EUVD-2015-9100

Malware in sbrugna...

EUVD-2019-4351

Malware in sbrugna...

EUVD-2022-52711

Malicious code in bioql PyPI...

EUVD-2025-23857

Malicious code in bioql PyPI...

CVE-2025-53786

On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identifi...

Vulnerability fixed in Microsoft Exchange

Microsoft has fixed a vulnerability in Microsoft Exchange Server hybrid deployments. The vulnerability allows a user with administrative privileges on an on-premises Microsoft Exchange server to elevate privileges to the cloud. Microsoft has released a Hot Fix to fix the vulnerability. See attach...

CVE-2025-53786

On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identifi...

CVE-2025-53786

On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identifi...

CVE-2015-9257

BMC Remedy Action Request AR System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS...

Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 Multiple Vulnerabilities (APSB16-05)

The version of Adobe Experience Manager installed on the remote host is either 5.6.1, 6.0.0, or 6.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB16-05 advisory. - Adobe Experience Manager version 6.1 is affected by a cross-site scripting vulnerability that...

PT-2023-4428 · Intel · Intel Proset/Wireless Wifi

Name of the Vulnerable Software and Affected Versions: IntelR PROSet/Wireless WiFi software for Windows versions prior to 22.220 HF Hot Fix Description: The issue is related to improper access control in the firmware of IntelR PROSet/Wireless WiFi software for Windows. This may allow a privileged...

Security Bulletin: Apache Commons Text vulnerability affects Netcool Operations Insight [CVE-2022-42889]

Summary Apache Commons Text vulnerability affects Netcool Operations Insight. Apache Commons Text is used by multiple Netcool Operation Insight Services. The vulnerability has been addressed. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: OX AppSuite could allow a remote...

CVE-2022-31004

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...

CVE-2022-31004 Potential secrets being logged to disk in CVE Services

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...

CVE-2022-31004 Potential secrets being logged to disk in CVE Services

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...

CVE-2022-31004

CVE-2022-31004 affects the open source CVE services API project cve-services. A conditional in data.js can cause the generated randomKey to be written to disk when not running in development, potentially exposing plaintext secrets on disk in production. Public details do not list a released patch...

GHSA-27G8-R9VW-765X Private Field data leak

This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control related oracle attack in that the attack method guides an attacker during...

CVE-2019-12767

An issue was discovered on D-Link DAP-1650 devices before 1.04B02J65H Hot Fix. Attackers can execute arbitrary commands...