CVE-2025-36755

The CVE-2025-36755 entry describes the CleverDisplay BlueOne hardware player. When its USB interfaces are physically enclosed, the device is normally inaccessible; after circumventing the enclosure, a USB keyboard can be connected and ESC pressed during boot to access the BIOS setup interface. BI...

CVE-2025-36755 CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard

The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during...

CVE-2025-9977

Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...

EUVD-2017-14486

Malware in sbrugna...

CVE-2025-58581 Information Disclosure Through Stacktrace-/MQTT/Config/changeAll

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application...

CVE-2023-46736

EspoCRM is an Open Source CRM Customer Relationship Management software. In affected versions there is Server-Side Request Forgery SSRF vulnerability via the upload image from url api. Users who have access to the /Attachment/fromImageUrl endpoint can specify URL to point to an internal host. Eve...

CVE-2020-7578

A vulnerability has been identified in Camstar Enterprise Platform All versions, Opcenter Execution Core All versions V8.2. Authenticated users could have access to resources they normally would not have. This vulnerability could allow an attacker to view internal information and perform...

CVE-2019-7162

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation...

Rockwell Automation 1756-ENBT/A Web Server Internal Information Exposure

Binary data 720208.prm...

CVE-2017-5382

CVE-2017-5382 affects Mozilla Firefox prior to 51.0. The feed preview for RSS feeds can expose internal errors/exceptions generated by privileged content, potentially revealing sensitive information. Rationale: described in the CVE entry and corroborated by multiple advisories (OpenSUSE/Mageia/Ub...