Vasion Print Virtual Appliance Host 安全漏洞

Vasion Print Virtual Appliance Host is a print management software from Vasion USA. A security vulnerability exists in Vasion Print Virtual Appliance Host versions prior to 22.0.1049, which stems from the fact that private and public key certificates are stored in clear text, which could lead to...

PT-2025-39833

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The credentials needed to access the device’s web server are transmitted in base64 within the HTTP headers. Base64 encoding is not a secure cipher, allowing an...

PT-2025-39880

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1049 Vasion Print formerly PrinterLogic Application versions prior to 20.0.2786 Description The Vasion Print Virtual Appliance Host and Application store a privat...

CVE-2025-10540

iMonitor EAM 9.6394 transmits client/server and monitor/server communications in plaintext with no authentication. An attacker on the network can intercept credentials, keylogger data, PII, and data in transit, and can tamper with traffic, including issuing arbitrary commands to client agents. Do...

PT-2025-39376

Name of the Vulnerable Software and Affected Versions iMonitor EAM version 9.6394 Description The software transmits communication between the EAM client agent and the EAM server, and between the EAM monitor management software and the server, in plaintext without authentication or encryption. An...

PT-2025-38759

Name of the Vulnerable Software and Affected Versions 2wcom IP-4c version 2.15.5 Description The 2wcom IP-4c device version 2.15.5 is subject to a Broken Access Control issue. Manager-level users can bypass intended access restrictions on sensitive endpoints by intercepting and modifying requests...

CVE-2025-57438

The 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Certain sensitive endpoints are intended to be accessible only after the admin explicitly grants access to a manager-level account. However, a manager-level user can bypass these controls by intercepting and modifyi...

CVE-2025-34198

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 VA and SaaS deployments contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys RSA, ECDSA, and ED25519 are present across...

CVE-2025-54810

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channe...

CVE-2025-54810 Cognex In-Sight Explorer and In-Sight Camera Firmware Authentication Bypass by Capture-replay

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channe...

CVE-2025-54810

CVE-2025-54810 affects Cognex In-Sight Explorer and In-Sight Camera Firmware. A proprietary protocol on TCP port 1069 handles management operations, including changing system properties. User management data (usernames and passwords) are transmitted over an unencrypted channel, enabling an adjace...

CVE-2025-7743

Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation. This issue affects Omaspot: before 12.09.2025...

PT-2025-38491

Name of the Vulnerable Software and Affected Versions Cognex In-Sight Explorer and In-Sight Camera Firmware affected versions not specified Description The software exposes a proprietary protocol on TCP port 1069 for management operations, including modifying system properties. The user managemen...

CVE-2025-7743

Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation. This issue affects Omaspot: before 12.09.2025...

CVE-2025-7743 Sensitive Data Exposure in Dolusoft's Omaspot

Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation. This issue affects Omaspot: before 12.09.2025...

CVE-2025-7743

Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation. This issue affects Omaspot: before 12.09.2025...

PT-2025-37925

Name of the Vulnerable Software and Affected Versions: Dolusoft Omaspot versions prior to 12.09.2025 Description: A cleartext transmission of sensitive information issue exists in Dolusoft Omaspot, potentially allowing interception and privilege escalation. Recommendations: Update Dolusoft Omaspo...

PARROT: Portable Android Reproducible Traffic Observation Tool

The rapid evolution of mobile security protocols and limited availability of current datasets constrains research in app traffic analysis. This paper presents PARROT, a reproducible and portable traffic capture system for systematic app traffic collection using Android Virtual Devices. The system...

When Dependencies Turn Dangerous: Responding to the NPM Supply Chain Attack

On September 8, 2025, attackers compromised a set of 18 widely used npm packages —including chalk, debug, ansi-styles, and strip-ansi—collectively downloaded over 2.6 billion times per week. Through a targeted phishing campaign against a maintainer, the attackers published malicious versions...

Embedded Malicious Code

Overview @duckdb/duckdb-wasm is an in-process analytical SQL database for the browser. It is powered by WebAssembly, speaks Arrow fluently, reads Parquet, CSV and JSON files backed by Filesystem APIs or HTTP requests and has been tested with Chrome, Firefox, Safari and Node.js. Affected versions ...