Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset

Summary Several Kolibri API endpoints accept an unvalidated baseurl parameter and fetch attacker-controlled URLs from the Kolibri server, reflecting the response body back to the caller. The original report identified two endpoints on the RemoteFacilityUser viewsets; remediation review found two...

PT-2026-48808

Summary Several Kolibri API endpoints accept an unvalidated baseurl parameter and fetch attacker-controlled URLs from the Kolibri server, reflecting the response body back to the caller. The original report identified two endpoints on the RemoteFacilityUser viewsets; remediation review found two...

EUVD-2010-0495

Malware in sbrugna...

EUVD-2020-12313

Malware in sbrugna...

EUVD-2010-0494

Malware in sbrugna...

EUVD-2023-25638

Malicious code in bioql PyPI...

CVE-2023-21470

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORKLOCATION action...

CVE-2023-21470

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORKLOCATION action...

CVE-2023-21470

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORKLOCATION action...

CVE-2023-21470

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORKLOCATION action...

CVE-2023-21470

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORKLOCATION action...

CVE-2023-21470

CVE-2023-21470 affects Samsung SLocation prior to SMR Apr-2022 Release 1. The underlying issue is improper access control enabling local attackers to obtain device location information via the com.samsung.android.wifi.NETWORK_LOCATION action. Reported impact includes confidentiality exposure with...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Apr-2022 Release 1 prior to Release 1, which stems from improper access control and coul...

PT-2025-35663

Name of the Vulnerable Software and Affected Versions: SLocation versions prior to SMR Apr-2022 Release 1 Description: An improper access control issue exists in SLocation. Local attackers can obtain device location information by utilizing the com.samsung.android.wifi.NETWORK LOCATION action...

CVE-2021-43339

In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via filename in the export functionality. For example, a new admin user could be created...

CVE-2020-1437

An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'...

DaaS - Client IP detection for Network Location Service

How is actual Client IP determined for Network location detection, when traffic from both internal and external Clients is routed through a Proxy? This is important when Clients access the Cloud Workspace through a Proxy, irrespective of Client's location - inside or outside corporate network...

How to Successfully Test Citrix StoreFront Beacons Inside a Remote Desktop Session

This article describes how to successfully test the Citrix StoreFront Beacons functionality with Citrix Receiver 3.1 Standard or later when connecting to workstations using a Remote Desktop session RDP. By default, a configured Citrix Receiver 3.1 Standard or later with Beacons and stores always...

Okta's Recent Customer Support Data Breach Impacted 134 Customers

Identity and authentication management provider Okta on Friday disclosed that the recent support case management system breach affected 134 of its 18,400 customers. It further noted that the unauthorized intruder gained access to its systems from September 28 to October 17, 2023, and ultimately...

Apple macOS Ventura 安全漏洞

Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura that originates from a user in a privileged network location that could result in a denial of service...