Lucene search
K

34 matches found

CVE
CVE
added 2026/06/25 5:49 p.m.37 views

CVE-2026-54088

File Browser (web UI) before version 2.63.6 is affected by a pre-authentication RCE. The Hook Authentication feature interpolates user-supplied credentials into a shell command using os.Expand without sanitization, enabling unauthenticated remote attackers to inject shell metacharacters in the lo...

9.3CVSS6.3AI score0.00533EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.11 views

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability that stems from the incorrect reuse of existing HTTP proxy connections, which may lead to errors in processing new requests with different credentials...

6.5CVSS7.1AI score0.00302EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/09 9:56 a.m.14 views

CVE-2020-12127

An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication...

7.5CVSS6.3AI score0.06443EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2025/09/16 10:20 a.m.7 views

“A dare, a challenge, a bit of fun:” Children are hacking their own schools’ systems, says study

As if ransomware wasn’t enough of a security problem for the sector, educational institutions also need to worry about their own students, a recent study shows. Last week, the UK Information Commissioner’s Office ICO published a report about the "insider threat of students". Here are a few key...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/06/03 1:40 p.m.51 views

WhatsApp cryptocurrency scam goes for the cash prize

This weekend a scammer tried his luck by reaching out to me on WhatsApp. It’s not that I don’t appreciate it, but trust me, it’s bad for your business. I received one message from a number hailing from the Togolese Republic. WhatsApp message from an unknow sender “Jay, your financial account has...

7.3AI score
Exploits0
HackRead
HackRead
added 2024/03/13 6:4 p.m.16 views

ChatGPT Plugins Exposed to Critical Vulnerabilities, Risked User Data

By Deeba Ahmed Critical security flaws found in ChatGPT plugins expose users to data breaches. Attackers could steal login details and… This is a post from HackRead.com Read the original post: ChatGPT Plugins Exposed to Critical Vulnerabilities, Risked User Data...

7.3AI score
Exploits0
Prion
Prion
added 2024/01/17 8:15 a.m.13 views

Authentication flaw

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...

5CVSS7.6AI score0.00372EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2023/09/15 10:20 a.m.46 views

NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers

An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities. "The attacks are reaching victims mainly in Southern Europe...

6.7AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2023/08/09 8:30 p.m.20 views

A Clever Honeypot Tricked Hackers Into Revealing Their Secrets

Security researchers set up a remote machine and recorded every move cybercriminals made—including their login details...

7AI score
Exploits0
Prion
Prion
added 2023/04/11 1:15 a.m.18 views

Cross site scripting

Stored Cross site scripting XSS vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page...

5.8CVSS6AI score0.9881EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2023/03/28 12:0 a.m.283 views

Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access Vulnerability

Exploit Title: Tapo C310 RTSP server v1.3.0- Unauthorised Video Stream Access Date: 19th July 2022 Exploit Author: dsclee1 Vendor Homepage: tp-link.com Software Link: http://download.tplinkcloud.com/firmware/TapoC310v1en1.3.0Build220328Rel.64283nu1649923652150.bin Version: 1.3.0 Tested on: Linux ...

7.5CVSS7.6AI score0.04944EPSS
Exploits4
HackRead
HackRead
added 2023/02/21 8:4 p.m.26 views

Login Details of Tech Giants Leaked in Two Data Center Hacks

By Waqas Threat actors have hacked two data centers in Asia and accessed login credentials of top technology giants, including Apple, Uber, Microsoft, Samsung, Alibaba, etc., and leaked them on a hacker forum. This is a post from HackRead.com Read the original post: Login Details of Tech Giants...

2.3AI score
Exploits0
OSV
OSV
added 2022/02/01 12:0 a.m.34 views

ASB-A-193890833

In cleardatadlgtext of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not...

5.5CVSS5.1AI score0.00111EPSS
Exploits0References3
CNVD
CNVD
added 2021/02/05 12:0 a.m.12 views

SolarWinds Orion Platform Access Control Error Vulnerability

SolarWinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user opinions, and a mapped view of the entire network. An...

7.8CVSS6.7AI score0.00593EPSS
Exploits1References1
CVE
CVE
added 2021/02/03 4:49 p.m.154 views

CVE-2021-25275

SolarWinds Orion Platform before 2020.2.4 stores database credentials for the SQL Server backend in a file readable by unprivileged users. An attacker with filesystem access can read login names and passwords, then gain database owner access to SWNetPerfMon.DB and potentially administer the appli...

7.8CVSS8.9AI score0.00593EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/02/03 12:0 a.m.6 views

Solarwinds Orion Platform 信任管理问题漏洞

SolarWinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user opinions, and a mapped view of the entire network. An...

7.8CVSS7.3AI score0.00593EPSS
Exploits1References2
Hacker One
Hacker One
added 2020/06/11 2:35 a.m.160 views

h1-ctf: [h1-2006 2020] Write up for H1-2006 CTF

I huffed and puffed my way up a flight of stairs into a dimly lit, dusty room, looking for Sherlock. As I made way through scattered books, I exclaimed, "Sherlock, wake up! It’s that time of the year. h1-ctf, a chance to get an invitation to hackerone’s live hacking event. “zer0ttl, of course! Yo...

7AI score
Exploits0
HackRead
HackRead
added 2020/05/02 8:52 p.m.50 views

Tokopedia hacked – Login details of 91 million users sold on dark web

By Waqas Another day, another data breach - This time hackers have targeted Tokopedia and stole login data of 91 million user accounts. This is a post from HackRead.com Read the original post: Tokopedia hacked - Login details of 91 million users sold on dark web...

6.9AI score
Exploits0
Securelist
Securelist
added 2019/10/28 10:0 a.m.77 views

Steam-powered scammers

Digital game distribution services have not only simplified the sale of games themselves, but provided developers with additional monetization levers. For example, in-game items, such as skins, equipment, and other character-enhancing elements as well as those that help one show up, can be sold f...

7.6AI score
Exploits0
Cvelist
Cvelist
added 2019/10/15 8:33 p.m.23 views

CVE-2019-17356

The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network...

6.6AI score0.0035EPSS
Exploits1References2
Rows per page
Query Builder