SUSE CVE-2023-51448

Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file 'managers.php'. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTT...

PT-2026-38281

Name of the Vulnerable Software and Affected Versions azureauthextension versions 0.124.0 through 0.150.0 Description A server-side authentication bypass exists in the azureauthextension when used by an OpenTelemetry receiver with auth: azure auth. The Authenticate function fails to validate...

PT-2026-33063

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description In the alerting system, users with specific edit permissions for a contact point, such as alert.notifications:write or alert.notifications.receivers:test granted via the Contact Point Writer...

[SECURITY] Fedora 42 Update: alertmanager-0.31.1-2.fc42

The Alertmanager handles alerts sent by client applications such as the Prometheus server. It takes care of deduplicating, grouping, and routing them to the correct receiver integrations such as email, PagerDuty, or OpsGenie. It a lso takes care of silencing and inhibition of alerts...

CVE-2026-29125

IDC SFX2100 Satalite Recievers set the /etc/resolv.conf file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service...

PT-2026-23121

Name of the Vulnerable Software and Affected Versions IDC SFX2100 Satellite Receiver affected versions not specified Description The device sets the /etc/resolv.conf file to be world-writable, allowing any local user to modify DNS configuration. This can lead to DNS resolver tampering, potentiall...

Improper Initialization

Overview Affected versions of this package are vulnerable to Improper Initialization via the MultiScalarMult function when the receiver is not properly initialized. An attacker can cause invalid results or undefined behavior by invoking this function on an uninitialized or non-identity receiver...

GNSS SpAmming: A Spoofing-Based GNSS Denial-Of-Service Attack

GNSSs are vulnerable to attacks of two kinds: jamming i.e. denying access to the signal and spoofing i.e. impersonating a legitimate satellite. These attacks have been extensively studied, and we have a myriad of countermeasures to mitigate them. In this paper we expose a new type of attack:...

Debian dla-4441 : gpsd - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4441 advisory. [email protected] Subject: SECURITY DLA 4441-1 gpsd security update - ------------------------------------------------------------------------- Debia...

CVE-2022-26131

Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals...

Leica Geosystems多款产品 跨站请求伪造漏洞

The Leica Geosystems GR10, among others, is a reference station receiver from Leica Germany. A cross-site request forgery vulnerability exists in various Leica Geosystems products, which stems from a lack of request validation and could lead to a cross-site request forgery attack. The following...

CVE-2025-63725

Reflected Cross-Site Scripting XSS vulnerability in SVX Portal 2.7A via the id parameter to Recivers.php...

CVE-2025-63725

Reflected Cross-Site Scripting XSS vulnerability in SVX Portal 2.7A via the id parameter to Recivers.php...

PT-2025-46988

Name of the Vulnerable Software and Affected Versions SVX Portal version 2.7A Description A Reflected Cross-Site Scripting XSS issue exists in SVX Portal version 2.7A. The issue is located in the Recivers.php file, specifically through the id parameter. An attacker can exploit this to inject...

EUVD-2012-4977

Malware in sbrugna...

EUVD-2021-3210

Malicious code in bioql PyPI...

EUVD-2022-30698

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-51448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notificatio...

TEMPEST-LoRa: Cross-Technology Covert Communication

Electromagnetic EM covert channels pose significant threats to computer and communications security in air-gapped networks. Previous works exploit EM radiation from various components e.g., video cables, memory buses, CPUs to secretly send sensitive information. These approaches typically require...

CVE-2024-27207

Exported broadcast receivers allowing malicious apps to bypass broadcast protection...