58 matches found
Exploit for CVE-2026-10795
CVE-2026-10795 UpdraftPlus Auto-Exploit & Mass Scanner Au...
CVE-2025-68420
Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...
CVE-2025-68420
Summary: CVE-2025-68420 affects the Comarch ERP Optima client, where the client connects to a database using a high-privilege account regardless of the user’s application account. A local attacker-controlled client process can dump memory, extract credentials, and gain privileged database access....
Incorrect Implementation of Authentication Algorithm
Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to the too broad path-template matching in the runtime authentication layer. An attacker can cause sensitive authentication credentials to be sent to unintended endpoints that may...
CVE-2026-5199 Cross Namespace Access via Batch Operation
A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...
CVE-2026-5199
A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...
CVE-2026-28713
CVE-2026-28713 concerns default credentials assigned to a local privileged user in a Virtual Appliance. Affected are: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, and Acronis Cyber Protect 17 (VMware) before build 41186. The vulnerability allows high impact on confidentiality an...
📄 Microsoft Event Log Remote Protocol Arbitrary File Write
This Python script demonstrates the abuse of the Microsoft Event Log Remote Protocol MS-EVEN to achieve an arbitrary file write over SMB using low-privileged credentials. By interacting with the Windows \pipe\eventlog named pipe through DCERPC, the script leverages the ElfrOpenBELW and...
Running OpenClaw safely: identity, isolation, and runtime risk
Self-hosted agent runtimes like OpenClaw are showing up fast in enterprise pilots, and they introduce a blunt reality: OpenClaw includes limited built-in security controls. The runtime can ingest untrusted text, download and execute skills i.e. code from external sources, and perform actions usin...
Running OpenClaw safely: identity, isolation, and runtime risk
Self-hosted agent runtimes like OpenClaw are showing up fast in enterprise pilots, and they introduce a blunt reality: OpenClaw includes limited built-in security controls. The runtime can ingest untrusted text, download and execute skills i.e. code from external sources, and perform actions usin...
EUVD-2018-11832
Malware in sbrugna...
EUVD-2025-30190
Malicious code in bioql PyPI...
CVE-2025-47698
An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of user-privileged credentials. These credentials are present during the firmware upgrade procedure...
Cognex多款产品 安全漏洞
Cognex In-Sight Explorer is a tool from Cognex USA that has the ability to debug and program the software of its line of smart cameras. A security vulnerability exists in various Cognex products that stems from the presence of user privileged credentials during firmware upgrades, which could allo...
CVE-2025-20284
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...
CVE-2025-20283
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...
CVE-2025-20284 Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...
CVE-2025-20284 Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...
CVE-2025-20283
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...
CVE-2025-20283 Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...