EUVD-2025-12135

Malicious code in bioql PyPI...

CVE-2025-32730

Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool affects the network system for i-PRO Co., Ltd. surveillance cameras and recorders. This vulnerability allows a local authenticated attacker to use the authentication information from the last connected surveillance...

CVE-2025-32730

The CVE-2025-32730 entry affects i-PRO Configuration Tool used with i-PRO Co., Ltd. surveillance cameras/recorders. The root cause is use of a hard-coded cryptographic key (CWE-321) that enables a local authenticated attacker to leverage authentication data from the last connected cameras/recorde...

CVE-2025-32730

Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool affects the network system for i-PRO Co., Ltd. surveillance cameras and recorders. This vulnerability allows a local authenticated attacker to use the authentication information from the last connected surveillance...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-42246)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42246 advisory. - In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of...

PT-2024-6114

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software affected versions not specified Description A vulnerability in the Python interpreter could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying...

CVE-2024-42246

CVE-2024-42246 is a Linux kernel issue where -EPERM from a BPF program on kernel_connect() could cause xs_tcp_setup_socket() to loop and potentially freeze the kernel. The vulnerability’s root cause is EPERM propagation in the TCP/XS path; mitigations described in public notes include remapping E...

Cisco IOS XR Security Vulnerability

Cisco IOS XR is a set of operating systems developed by the U.S.-based Cisco for its network devices. A security vulnerability exists in the Cisco IOS XR Software that stems from a security flaw in the Access Control Lists ACLs on MPLS interfaces that allows an unauthenticated attacker to bypass...

F5 BIG-IP path traversal vulnerability (CNVD-2023-82309)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP suffers from a path traversal vulnerability that stems from a failure of a network system or product to properly...

SAP ABAP Platform Path Traversal Vulnerability

SAP ABAP Platform is an ABAP-based SAP solution from SAP Germany. A path traversal vulnerability exists in SAP ABAP Platform, which stems from a failure of the network system or product to properly filter special elements in the path of a resource or file. An attacker could exploit this...

Rocket.Chat Command Injection Vulnerability

Rocket.Chat is an open source team chat software. A command injection vulnerability exists in versions of Rocket.Chat prior to 3.8.14. The vulnerability stems from a failure of a network system or product to properly filter special characters, commands, etc. during user input to construct and...

Apache Airflow code injection vulnerability

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform is scalable and dynamic monitoring features. Apache Airflow has a code injection vulnerability, the vulnerability stems from the user input structure during the...

Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation that allows unified access to data from a variety of sources.A remote code execution vulnerability exists in Microsoft OLE DB Provider for SQL Server, which stems from An attacker can exploit the vulnerability to cause...

Microsoft Windows DHCP Client Information Disclosure Vulnerability

Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation. Microsoft Windows DHCP Client has an information disclosure vulnerability that stems from insufficient protection of sensitive information on the network system or product, which can be exploited by...

Microsoft Office Remote Code Execution Vulnerability

Microsoft Office is an office software suite product from Microsoft Corporation USA. Microsoft Office has a remote code execution vulnerability, which originates from the process of constructing code segments from external input data, the network system or product fails to properly filter the...

Microsoft Windows CD-ROM File System Driver Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Windows CD-ROM File System Driver, which stems from the failure of a network system or product to properly filter special elements in the external input data used to construct code segments. The vulnerability can be exploited by an attacker to...

Microsoft ODBC Driver Remote Code Execution Vulnerability

Microsoft ODBC Driver is a driver from Microsoft Corporation USA. A remote code execution vulnerability exists in the Microsoft Windows ODBC Driver, which stems from the failure of a network system or product to properly filter special elements of the external input data during the construction o...

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software IPv6 VPN. An attacker...

NuProcess Command Injection Vulnerability

NuProcess is a low-overhead, non-blocking I/O, external process implementation of Java from Brett Wooldridge's personal developer. NuProcess 1.2.0 and later, and versions prior to 2.0.5, are vulnerable to command injection, which stems from the failure of a network system or product to properly...

Dell SmartFabric storage software command injection vulnerability

Dell SmartFabric Storage Software is a stand-alone storage software solution from Dell USA. A command injection vulnerability exists in Dell SmartFabric storage software version 1.0.0, which arises from a failure of a network system or product to properly filter special characters, commands, etc...