CVE-2025-24936

The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. An attacker with low privileged access to th...

CVE-2023-0869

Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridian and Horizon installation instructions state th...

Ubiquiti Inc.: Public Jenkins instance with /script enabled

Hi, First of all. I'm not 100% able to verify that this server is actually owned by Ubnt as there are multiple DNS Name's in the SSL certificate. DNS Name: .uum.com DNS Name: .ubnt.com DNS Name: .svc.ubnt.com DNS Name: .api.uum.com DNS Name: .svc.uum.com DNS Name: uum.com So, the server hosted on...

coTURN TURN server unsafe loopback forwarding default configuration vulnerability

Summary An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running o...

PCI DSS compliance

Binary data pcicompliance.nbin...