53 matches found
CVE-2025-68420
Summary: CVE-2025-68420 affects the Comarch ERP Optima client, where the client connects to a database using a high-privilege account regardless of the user’s application account. A local attacker-controlled client process can dump memory, extract credentials, and gain privileged database access....
Incorrect Implementation of Authentication Algorithm
Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to the too broad path-template matching in the runtime authentication layer. An attacker can cause sensitive authentication credentials to be sent to unintended endpoints that may...
CVE-2026-5199
A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...
CVE-2026-5199 Cross Namespace Access via Batch Operation
A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...
CVE-2026-28713
CVE-2026-28713 concerns default credentials assigned to a local privileged user in a Virtual Appliance. Affected are: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, and Acronis Cyber Protect 17 (VMware) before build 41186. The vulnerability allows high impact on confidentiality an...
📄 Microsoft Event Log Remote Protocol Arbitrary File Write
This Python script demonstrates the abuse of the Microsoft Event Log Remote Protocol MS-EVEN to achieve an arbitrary file write over SMB using low-privileged credentials. By interacting with the Windows \pipe\eventlog named pipe through DCERPC, the script leverages the ElfrOpenBELW and...
Running OpenClaw safely: identity, isolation, and runtime risk
Self-hosted agent runtimes like OpenClaw are showing up fast in enterprise pilots, and they introduce a blunt reality: OpenClaw includes limited built-in security controls. The runtime can ingest untrusted text, download and execute skills i.e. code from external sources, and perform actions usin...
Running OpenClaw safely: identity, isolation, and runtime risk
Self-hosted agent runtimes like OpenClaw are showing up fast in enterprise pilots, and they introduce a blunt reality: OpenClaw includes limited built-in security controls. The runtime can ingest untrusted text, download and execute skills i.e. code from external sources, and perform actions usin...
EUVD-2018-11832
Malware in sbrugna...
EUVD-2025-30190
Malicious code in bioql PyPI...
CVE-2025-47698
An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of user-privileged credentials. These credentials are present during the firmware upgrade procedure...
Cognex多款产品 安全漏洞
Cognex In-Sight Explorer is a tool from Cognex USA that has the ability to debug and program the software of its line of smart cameras. A security vulnerability exists in various Cognex products that stems from the presence of user privileged credentials during firmware upgrades, which could allo...
CVE-2025-20284
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...
CVE-2025-20283
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...
CVE-2025-20284 Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...
CVE-2025-20284 Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...
CVE-2025-20283
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...
CVE-2025-20283
The vulnerability (CVE-2025-20283) affects Cisco Identity Services Engine (ISE) and ISE-PIC via a specific API, caused by insufficient validation of user-supplied input. An attacker with valid high-priv credentials could submit crafted API requests to execute commands as root on the underlying OS...
CVE-2025-20283 Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...
Cisco Identity Services Engine Multiple Vulnerabilities (cisco-sa-ise-multi-3VpsXOxO)
According to its self-reported version, Cisco ISE is affected by multiple vulnerabilities. - A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is d...