CVE-2025-65185

There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses...

CVE-2025-65185

Summary: CVE-2025-65185 affects Entrinsik Informer v5.10.1, enabling username enumeration during local login by supplying an OTP code and a new password and observing application responses. The vulnerability's impact is described as low (CVSS v3.1: 2.8, LOCAL access, user interaction required). O...

CVE-2025-65185

There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses...

EUVD-2024-31645

Malicious code in bioql PyPI...

EUVD-2024-49151

Malicious code in bioql PyPI...

Avoid Using the root User to Access the System Locally

Users with the root permission can access all Linux resources. If the root user is used to log in to the Linux OS to perform operations, there are many potential security risks. To avoid the risks, do not use the root user to log in to the Linux OS. If necessary, indirectly use the root user...

Linux Distros Unpatched Vulnerability : CVE-2019-2524

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and...

CVE-2019-9676

Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker lo...

CVE-2024-3037

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege...

F5 BIG-IP Next Central Manager 日志信息泄露漏洞

F5 BIG-IP Next Central Manager is a centralized console from F5 USA. A log information disclosure vulnerability exists in F5 BIG-IP Next Central Manager, which originates from the possibility of recording sensitive information in log files when a user logs in using local authentication via the...

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse that stems from enabling local login and could allow an attacker to bypass Discourse Connect to create...

PT-2024-35383 · Elabftw · Elabftw

Name of the Vulnerable Software and Affected Versions: eLabFTW versions 4.6.0 through 5.1.0 Description: A vulnerability has been found in eLabFTW that allows an attacker to bypass the built-in multifactor authentication mechanism. This can be exploited by an attacker who can authenticate locally...

CVE-2024-8404

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege...

CVE-2024-8404

CVE-2024-8404 describes an arbitrary file deletion vulnerability in PaperCut NG/MF on Windows servers with Web Print enabled. An attacker must have local login access and be able to run low-privilege code via the web-print-hot-folder to delete targeted files. The issue is tied to a split from CVE...

PT-2024-14785 · Synology · Synology Active Backup For Business Agent

Name of the Vulnerable Software and Affected Versions: Synology Active Backup for Business Agent versions prior to 2.6.3-3101 Description: The issue is related to a missing authentication vulnerability in the logout functionality. This allows local users to logout the client via unspecified...

PT-2024-6559 · Papercut · Papercut Ng/Mf

Name of the Vulnerable Software and Affected Versions: PaperCut NG/MF versions affected versions not specified Description: The issue is related to an arbitrary file deletion vulnerability in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. This vulnerability can be...

PT-2024-28714 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.13.0 Description: The issue allows enumeration of existing SSO users in the instance when relying on SSO providers in combination with local authentication. This is possible because if an email address exists in...

CVE-2024-4712

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the image-handler process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can lead ...

CVE-2024-3037

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege...

CVE-2024-4712 Arbitrary File Creation in PaperCut NG/MF Web Print Image Handler

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the image-handler process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can lead ...