3132 matches found
Exploit for Out-of-bounds Read in Openssl
--- Cybersecurity Labs Portfolio This repository contain...
CVE-2025-53899
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances t...
CVE-2025-53899 Kiteworks MFT is vulnerable to an Incorrectly Specified Destination in a Communication Channel
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances t...
EUVD-2025-199896
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances t...
CVE-2025-53899 Kiteworks MFT is vulnerable to an Incorrectly Specified Destination in a Communication Channel
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances t...
CVE-2025-53899 Kiteworks MFT is vulnerable to an Incorrectly Specified Destination in a Communication Channel
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances t...
PT-2025-48361
Name of the Vulnerable Software and Affected Versions Kiteworks MFT versions prior to 9.1.0 Description Kiteworks MFT orchestrates end-to-end file transfer workflows. Versions of Kiteworks MFT before 9.1.0 have an issue where an incorrectly specified destination in a communication channel could...
CVE-2025-63433
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...
CVE-2025-66269
The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real service executables...
CVE-2025-66269 Unquoted Service Path in UPSilon2000V6.0(RupsMon and USBMate) running as SYSTEM
The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real service executables...
EUVD-2025-199687
The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real service executables...
PT-2025-48123
The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real service executables...
EUVD-2024-55101
In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory of the path, and Windows will resolve tha...
CVE-2024-47856
In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory of the path, and Windows will resolve tha...
CVE-2024-47856
In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory of the path, and Windows will resolve tha...
CVE-2025-63433
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...
CVE-2025-63432
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...
PT-2025-47947
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...
CVE-2025-63433
Summary of CVE-2025-63433 : Xtooltech Xtool AnyScan Android Application 4.40.40 and earlier uses a hardcoded cryptographic key and IV stored statically in code to decrypt update metadata. This enables an attacker who can intercept network traffic to use the hardcoded key to decrypt, modify, and r...
CVE-2024-47856
In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory of the path, and Windows will resolve tha...