CVE-2026-31271

megagao productionssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert...

HACK NDSU: A Real-World Event to Promote Student Interest in Cybersecurity

Hack NDSU let students scan, probe, and hack North Dakota State University's campus network, under professionals' supervision, providing an aspirational experience, potentially motivating them to enter the field. This paper provides a blueprint for educational hacking events against production...

Malicious code in kwp-shared-components-production-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b2bf82ab1e7b02c2c3398dc73b6c1635e7f3e8da7f0a3aa11123d5db5a19b56 The package kwp-shared-components-production-system was found to contain malicious code. Source: ghsa-malware...

MAL-2026-480 Malicious code in kwp-shared-components-production-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b2bf82ab1e7b02c2c3398dc73b6c1635e7f3e8da7f0a3aa11123d5db5a19b56 The package kwp-shared-components-production-system was found to contain malicious code. Source: ghsa-malware...

INF113-SQLINJECTION-CHALLENGE

INF113-SQLINJECTION-CHALLENGE You are a junior software engine...

EUVD-2024-53577

Malicious code in bioql PyPI...

PT-2025-3437 · Unknown · Safety Production Process Management System

Name of the Vulnerable Software and Affected Versions: Safety production process management system version 1.0 Description: The issue allows a remote attacker to escalate privileges, execute arbitrary code, and obtain sensitive information via the password and account number parameters...

Safety-production-process-management-system 安全漏洞

Safety-production-process-management-system is a safety production process management system from China's Zhichuang Control and Safety Company. A security vulnerability exists in Safety-production-process-management-system v1.0, which stems from incorrect handling of password and account...

Security above all else—expanding Microsoft’s Secure Future Initiative

Last November, we launched the Secure Future Initiative SFI to prepare for the increasing scale and high stakes of cyberattacks. SFI brings together every part of Microsoft to advance cybersecurity protection across our company and products. Since then, the threat landscape has continued to rapid...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affected IBM Workflow for Bluemix October 2015

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8. that is used by IBM Workflow for Bluemix. These issues were disclosed as part of the IBM® SDK, Java™ Technology Edition updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An...

Vulnerabilities in the Intelligent Weaving Production Management System of Changzhou Juzhi Information Technology Co.

Changzhou Jumbo Information Technology Co., Ltd. is a comprehensive software company integrating R&D and operation. Ltd. intelligent weaving production management system has a universal password login vulnerability, which can be exploited by attackers to obtain sensitive information from the...

Legal Robot: Privilege Escalation to Admin-level Account

A security researcher discovered a potentially serious privilege escalation issue in our system which was ultimately traced to our use of the allow-deny package provided in the open source Meteor framework. We implemented a short-term fix using triggers - not great performance on the same day thi...

Pop Under Ads Network 1.0 MySQL Credential Disclosure

| Title : pop under ads network v1.0 MySQL connection credentials Vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : 1.0 | Vendor : http://dl.20script.ir/script/ads/20S-pop-under-ads-network-v1.0www.20script.ir.zip...

Java JMX Server code execution exploits and Defense-vulnerability warning-the black bar safety net

jmx basic concepts Java Management Extensions JMX Technology Unsafe configuration From the oracle official documentation: Disabling Security To disable both password authentication and SSL namely to disable all security, you should set the following system properties when you start the Java VM...

Workbox Plugin loads full HTML of JIRA comment, leads to GC loop of death on large comment

To reproduce: start Confluence with GC logging enabled optional, but helps Link Confluence and JIRA create an issue in JIRA watch it add a large comment to the JIRA issue, e.g. paste a 7.7MB log file between \code\ tags open the workbox in Confluence optional: in network tab of web developer tool...

[NEWS] Apache Cocoon Directory Traversal Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

More Sonata Conferencing software vulnerabilities.

Vulnerability Report 2 For Voyant Technologies Sonata Conferencing product. Larry W. Cashdollar Vapid Labs Date Published: 12/18/2000 Advisory ID: 12182000-02 CVE CAN: None currently assigned. Title: Sonata doroot command vulnerability. Class: Design Error Remotely Exploitable: no Locally...