CVE-2026-25137

The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...

Nixpkgs 安全漏洞

Nixpkgs is a collection of over 100,000 software packages open source from NixOS. It can be installed using the Nix package manager. Nixpkgs versions prior to 21.11, 25.11, and 26.05 have security vulnerabilities. These vulnerabilities stem from the database manager being exposed publicly without...

Mirion Medical EC2 Software NMIS BioDose 安全漏洞

Mirion Medical EC2 Software NMIS BioDose is a software for managing and analyzing biological dosimetry data from Mirion Medical, Germany. A security vulnerability exists in Mirion Medical EC2 Software NMIS BioDose V22.02 and prior versions that originates from accessing the database using a publi...

CVE-2025-9313

An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attackers to bypass authentication mechanisms and...

CVE-2025-9313

An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attackers to bypass authentication mechanisms and...

CVE-2025-9313

Summary: CVE-2025-9313 affects Asseco mMedica prior to 11.9.5. An unauthenticated user can access a publicly reachable database by reusing an already-authenticated connection via the mmBackup application, effectively bypassing authentication to gain full access to sensitive data. The issue is evi...

CVE-2025-4442

creationtimestamp| type| source ---|---|--- 2025-05-08 18:22:03+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114473600518783822 2025-05-09 00:25:01+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15648 2025-05-09 00:41:25+00:00| seen|...

Over 100 Million JustDial Users' Personal Data Found Exposed On the Internet

An unprotected database belonging to JustDial , India's largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy "88888 88888" customer care number, The...

Facebook Data of Millions Exposed in Leaky Datasets

UPDATE Hundreds of millions of Facebook records – including account names, personal data, and more – have been found in two separate publicly-exposed app datasets. The first publicly-exposed dataset originates from a Mexico-based media company, Cultura Colectiva, and contains over 540 million...

13 Million MacKeeper Records Found in Public Database

A trove of MacKeeper user data—some 13 million records—has been locked down after a researcher found an exposed and accessible database using a simple Shodan query. Chris Vickery revealed his discovery on Monday on Reddit in more of an appeal to reach officials at Kromtech, the parent company tha...

Active Inbound Connection From Host Listed in Known Bot Database

This plugin has been temporarily disabled. According to the output from netstat, the remote host has an inbound connection from one or more hosts that are listed in a public database as part of a botnet. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2018/08/14. Disabling threat feed...