CVE-2026-42042

Axios is affected by a cross-origin leakage due to XSRF token handling when withXSRFToken is set to truthy non-boolean values. Prior to versions 1.15.1 and 0.31.1, the protection logic used truthy/falsy semantics instead of strict boolean comparison, short-circuiting the isURLSameOrigin check and...

Delphix Continuous Compliance 安全漏洞

Delphix Continuous Compliance is an enterprise-grade automated data desensitization and compliance management platform from US-based Delphix, Inc. A security vulnerability exists in Delphix Continuous Compliance version 2025.3.0 and later, which stems from an EOR misconfiguration that could resul...

CVE-2025-52665

CVE-2025-52665 affects UniFi Access Application 3.3.22–3.4.31, where a misconfigured management API is exposed without proper authentication, allowing attackers on the management network to access management functions. Affected component: the UniFi Access management API; root cause: misconfigurat...

ISC Kea 安全漏洞

ISC Kea is a modern open source DHCPv4 and DHCPv6 server from the ISC organization. A security vulnerability exists in ISC Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2, which stems from an improper setting of specific configuration parameters that could cause kea-dhcp4 to exit...

EUVD-2019-0996

Malware in sbrugna...

CVE-2025-23164

A misconfigured access token mechanism in the Unifi Protect Application Version 5.3.41 and earlier could permit the recipient of a "Share Livestream" link to maintain access to the corresponding livestream subsequent to such link becoming disabled...

CVE-2025-2798

The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom...

CVE-2025-27913

Passbolt API before 5, if the server is misconfigured with an incorrect installation process and disregarding of Health Check results, can send email messages with a domain name taken from an attacker-controlled HTTP Host header...

CVE-2025-27913

Passbolt API before 5, if the server is misconfigured with an incorrect installation process and disregarding of Health Check results, can send email messages with a domain name taken from an attacker-controlled HTTP Host header...

CVE-2024-33103

CVE-2024-33103 describes an arbitrary file upload vulnerability in the DokuWiki Media Manager (version 2024-02-06a). The issue allows an attacker to upload a crafted SVG file that can lead to arbitrary code execution, with the impact described as limited to those conditions where the product is m...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Security

Summary Multiple vulnerabilities in VMware Tanzu Spring Security used by IBM InfoSphere Information Server were addressed. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-34034 DESCRIPTION: VMware Tanzu Spring Security could allow a...

VulnCheck KEV: CVE-2021-33558

Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not...

Black Hat: Novel DNS Hack Spills Confidential Corp Data

LAS VEGAS – Amazon and Google patched a domain name service DNS bug that allowed attackers to snoop on the confidential networking settings of companies – revealing computer and employee names along with office locations and exposed web resources. The vulnerability, outlined in a Black Hat USA 20...

Netgear NETGEAR 安全漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in Netgear NETGEAR that stems from a security misconfiguration in some NETGEAR devices that affects normal...

Unspecified Vulnerability in Multiple NETGEAR Products

The NETGEAR R7800, among others, is a wireless router from NETGEAR. A security vulnerability exists in several NETGEAR products that stems from a misconfiguration of security settings. No details of the vulnerability are available at this time...

ALPINE-CVE-2017-9798

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...

SNMP Incorrect Access Control Vulnerability (CVE 2017-5135) (StringBleed)

In DEFCON 24 IoT Village i gave a talk about the danger of SNMP write properties enabled devices in the IoT, police patrols, ambulances and other in the “critical mission vehicles” were affected in that research. In December 2016 with a colleague from Argentina Ezequiel Fernandez we decided to...