22 matches found
CVE-2025-47319 Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS
Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...
EUVD-2018-5744
Malware in sbrugna...
EUVD-2023-32589
Malicious code in bioql PyPI...
CVE-2018-13808
A vulnerability has been identified in CP 1604 All versions, CP 1616 All versions. An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time o...
Data Leaks and AI Agents: Why Your APIs Could Be Exposing Sensitive Information
Most organizations are using AI in some way today, whether they know it or not. Some are merely beginning to experiment with it, using tools like chatbots. Others, however, have integrated agentic AI directly into their business procedures and APIs. While both types of organizations are undoubted...
CVE-2020-15087
In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication,...
Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti
Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti By Jambul Tologonov· November 22, 2022 Introduction On October 31, 2022, Yanluowang’s TOR site was hacked displaying a message “check and mate!! Yanluowang Matrix chat hacked @yanluowangleaks Time’s...
Privilege Escalation
pcs is vulnerable to privilege escalation. The vulnerability exists because it occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons...
CVE-2022-2735
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...
CVE-2022-2735
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...
CVE-2022-2735
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...
CVE-2022-2735
CVE-2022-2735 affects the PCS project. The root cause is incorrect permissions on the Unix socket used for internal PCS daemon communication, enabling a privilege escalation by obtaining an authentication token for a hacluster user. With that token, an attacker could gain complete control over th...
Apache Ozone 安全漏洞
Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments. Apache Ozone version 1.2.0 has a security vulnerability that stems from various internal server-to-server RPC endpoints that can be used to connect, and an attacker can...
Information disclosure
Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the...
Moxa MXview Improper Access Control Vulnerability
An improper access control vulnerability exists in Moxa MXview, a network management software used to monitor and diagnose industrial networks. The vulnerability stems from the fact that the affected product has a misconfigured service that allows remote connections to internal communication...
CVE-2020-15087
In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication,...
Privilege escalation in Presto
Affected This affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. Impact Authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured...
PT-2020-14175 · Presto · Presto
Name of the Vulnerable Software and Affected Versions: Presto versions prior to 337 Description: Authenticated users can bypass authorization checks by directly accessing internal APIs. This issue impacts Presto server installations with secure internal communication configured. It does not affec...
CVE-2020-1628
Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet,...
How to implement Multi-Factor Authentication (MFA)
Another day, another data breach. If the regular drumbeat of leaked and phished accounts hasn't persuaded you to switch to Multi-Factor Authentication MFA already, maybe the usual January rush of 'back to work' password reset requests is making you reconsider. When such an effective option for...