Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component 安全漏洞

The Mesalvo Meona Client Launcher Component and the Mesalvo Meona Server Component are both products of the Mesalvo company. The Mesalvo Meona Client Launcher Component is a component designed for launching clients of medical information systems and facilitating application access. The Mesalvo...

ots has a negative expire override that can bypass its secret retention policy

Summary The /api/create endpoint accepted negative expire query values. For the memory storage backend, negative values were passed to secret creation as a negative duration and treated as no expiry, allowing callers to create secrets that persisted longer than intended. Impact Unauthenticated...

GHSA-H5FQ-653G-GXRM ots has a negative expire override that can bypass its secret retention policy

Summary The /api/create endpoint accepted negative expire query values. For the memory storage backend, negative values were passed to secret creation as a negative duration and treated as no expiry, allowing callers to create secrets that persisted longer than intended. Impact Unauthenticated...

Intel Memory and Storage Tool < 2.5.0 Denial of Service (INTEL-SA-01164)

The version of Intel Memory and Storage Tool installed on the remote host is prior to 2.5.0. It is, therefore, affected by a vulnerability as referenced in the INTEL-SA-01164 advisory. - Incorrect default permissions in software installer for IntelR MAS GUI may allow an authenticated user to...

Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

Summary A Denial of Service DoS vulnerability allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Details The...

GHSA-7RQC-FF8M-7J23 Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

Summary A Denial of Service DoS vulnerability allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Details The...

CVE-2025-66910

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...

CVE-2025-66910

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...

EUVD-2025-204537

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...

CVE-2025-65832

The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. ...

PT-2025-50540

Name of the Vulnerable Software and Affected Versions Meatmeet affected versions not specified Description The mobile application improperly manages sensitive information stored in memory. A memory dump of the application, following user logout and termination, can reveal Wi-Fi credentials...

CVE-2025-65320

Abacre Restaurant Point of Sale POS up to 15.0.0.1656 are vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory during an activation attempt...

CVE-2025-65320

Abacre Restaurant Point of Sale POS up to 15.0.0.1656 are vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory during an activation attempt...

CVE-2025-65320

Abacre Restaurant Point of Sale POS up to 15.0.0.1656 are vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory during an activation attempt...

Abacre Restaurant Point of Sale 安全漏洞

Abacre Restaurant Point of Sale is a restaurant point of sale software from Abacre. A security vulnerability exists in Abacre Restaurant Point of Sale 15.0.0.1656 and earlier versions, which originates from the explicit storage of sensitive information in memory and could lead to information...

CVE-2025-61713

A Cleartext Storage of Sensitive Information in Memory vulnerability CWE-316 in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated...

CVE-2025-61713

A Cleartext Storage of Sensitive Information in Memory vulnerability CWE-316 in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated...

Fortinet FortiPAM 安全漏洞

Fortinet FortiPAM is a platform for privilege access control from Fortinet. A security vulnerability exists in Fortinet FortiPAM that stems from the explicit storage of sensitive information in memory, which could lead to credential disclosure. The following versions are affected: version 1.6.0 a...

CVE-2025-60791

Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory dump an...

CVE-2025-60791

Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory dump an...