CVE-2024-8773

SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...

CVE-2024-8773

SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...

CVE-2024-8773

The CVE-2024-8773 issue affects SIMPLE.ERP clients (versions 6.20–6.30). A server-side MS SQL protocol downgrade can force unencrypted communication, enabling data interception and modification. Only version 6.30 received a patch ([email protected]) to enforce encryption. Versions 6.20 and 6.25 remain u...

CVE-2024-8773 Protocol Downgrade in SIMPLE.ERP

SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...

CVE-2025-0254

HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle MitM attacks prior to 9.5 CF226. An attacker could intercept and potentially alter communication between two parties...

CVE-2025-0254 HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226.

HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle MitM attacks prior to 9.5 CF226. An attacker could intercept and potentially alter communication between two parties...

CVE-2024-10948 Arbitrary File Read via Upload Function in binary-husky/gpt_academic

A vulnerability in the upload function of binary-husky/gptacademic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket...

CVE-2025-30132

An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that this domain was not owned by IROAD, allowing an attacker to register it and potentially intercept sensitive device...

CVE-2025-30132

An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that this domain was not owned by IROAD, allowing an attacker to register it and potentially intercept sensitive device...

CVE-2025-30140

An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered public domain name as an internal domain, creating a security risk. This domain was not owned by GNET originally, allowing an attacker to register it and...

PT-2025-11646 · Unknown · G-Net Dashcam Bb Gonx

Name of the Vulnerable Software and Affected Versions: G-Net Dashcam BB GONX devices affected versions not specified Description: The issue concerns the use of an unregistered public domain name as an internal domain, posing a security risk. This allows an attacker to potentially register the...

CVE-2025-30132

CVE-2025-30132 concerns the IROAD Dashcam V series, where an unregistered public domain name was used as an internal domain. This misconfiguration means the domain may not be owned by IROAD, allowing an attacker to register it and potentially intercept sensitive device traffic. If the dashcam or ...

The vulnerability of the OData protocol implementation in the SAP Fiori for SAP ERP business application platform allows a attacker to perform a cache poisoning attack or intercept sessions.

The vulnerability of the OData protocol implementation in SAP Fiori for SAP ERP business application development platforms is related to deficiencies in handling HTTP header requests. Exploiting this vulnerability allows a malicious actor to perform a cache poisoning attack or intercept sessions ...

Fortinet FortiNAC-F 信任管理问题漏洞

Fortinet FortiNAC-F is a set of network access control solutions from the American Fiat Fortinet. The product is mainly used for network access control and IoT security. Fortinet FortiNAC-F suffers from a trust management issue vulnerability that stems from improper certificate validation, which...

Fortinet FortiPortal 信任管理问题漏洞

Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A trust management issue vulnerability exists in Fortinet FortiPortal, which stems from...

UBUNTU-CVE-2025-21839

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpurun loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpurun loop to fix a bug where KVM can load hardware with a stale...

PT-2025-10133 · Microsoft · Dotnet-Debugger-Extensions +3

Name of the Vulnerable Software and Affected Versions: WinDbg versions prior to 9.0.607501 dotnet-sos versions prior to 9.0.607501 dotnet-dump versions prior to 9.0.607501 dotnet-debugger-extensions versions prior to 9.0.607601 Description: The issue arises from improper verification of...

CVE-2025-1868

Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. This vulnerability can be exploited by...

Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool

In recent months, we've seen an increase in the use of Windows Packet Divert drivers to intercept and modify network traffic in Windows systems. This technology is used in various utilities, including ones for bypassing blocks and restrictions of access to resources worldwide. Over the past six...

Linux Distros Unpatched Vulnerability : CVE-2024-47080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method...