EUVD-2025-208690

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

adversarial-attacks-white-black-box (=0.1.7), americodraws (>=0.1.0 <=0.1.5) +90 more potentially affected by CVE-2025-25302 via rembg (>=2.0.57 <=2.0.75)

rembg PYPI version =2.0.57, =0.1.0, =0.0.64, =0.3.3, =0.1.0, =0.1.0, =2.0.2, =2.1.49 - damon-devtools =0.9.0 and more Source cves: CVE-2025-25302 Source advisory: SNYK:PYTHON-REMBG-9296365...

lk-j.co.jp Cross Site Scripting vulnerability OBB-3888981

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

lk-j.co.jp Cross Site Scripting vulnerability OBB-3876300

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

lk-verden.de Improper Access Control vulnerability OBB-3778886

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Why is .US Being Used to Phish So Many of Us?

Domain names ending in ".US" -- the top-level domain for the United States -- are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains...

lk-j.co.jp Cross Site Scripting vulnerability OBB-3399139

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious Package

Overview relap-lk is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Google Android LK elevation of privilege vulnerability

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Google Android LK has a security vulnerability. An attacker can exploit this vulnerability to elevate privileges...

CVE-2021-0468

In LK, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

lk-vr.de Cross Site Scripting vulnerability

Security Researcher Hchabik Helped patch 2345 vulnerabilities Received 5 Coordinated Disclosure badges Received 2 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting lk-vr.de website and its users. Following coordinated and...

lk-tronics.com Improper Access Control vulnerability

Security Researcher geeknik Helped patch 8525 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting lk-tronics.com website and its users. Following coordinate...

Samsung, Huawei and other phone Bootloader was traced to the presence of many high-risk bug-vulnerability warning-the black bar safety net

California University research team to create the main stream mobile platform in the bootloader exists in the code test and the DOS of the security gap. Workshop staff with a BootStomp to create 6 new found cracks, 5 of which division is the manufacturer to confirm. There is also a su XI reported...

CVE-2013-2598

The CVE affects the Little Kernel (LK) bootloader used in Qualcomm Innovation Center Android contributions for MSM devices. A vulnerability in app/aboot/aboot.c allows overwriting the bootloader’s signature-verification code when a crafted boot-image load-destination header specifies memory locat...

Authentication flaw

The imageverify function in platform/msmshared/imageverify.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSApublicdecrypt API...

CVE-2014-0973

CVE-2014-0973 affects the Little Kernel (LK) bootloader used with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices. The image_verify function in platform/msm_shared/image_verify.c does not ensure the digest size is consistent with the RSA_public_decrypt API, enabling bypass...

Joomla! Component Flash Uploader 2.5.1 - Remote File Inclusion

Joomla! Component Flash Uploader 2.5.1 - Remote File Inclusion -------------------------------------------- = = = Mdx c 2007 = = = -------------------------------------------- = = =Joomla comjoomlaflashuploader Remote File Include 2.5.1,2.5.2 = = ============================================ = =...