7022 matches found
Exploit for CVE-2025-32778
CVE-2025-32778 - Web-Check Command Injection Exploit !Criti...
CVE-2025-54464
This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted credentials...
Linux Distros Unpatched Vulnerability : CVE-2025-38377
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rose: fix dangling neighbour pointers in rosertdevicedown There are two bugs in rosertdevicedown that can cause use-after-free: 1. The loop bound t-count is...
Linux Distros Unpatched Vulnerability : CVE-2025-49630
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients...
CVE-2025-54864
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
CVE-2025-42941
SAP Fiori Launchpad is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary...
CVE-2025-54464
This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted credentials...
CVE-2025-54464
The CVE-2025-54464 entry concerns ZKTeco WL20. The vulnerability is described as cleartext storage of admin and user credentials within the device firmware. An attacker with physical access could extract the firmware, reverse‑engineer the binary data, and obtain unencrypted credentials, impacting...
CVE-2025-54864
CVE-2025-54864 affects Hydra (Nix-based CI) where the endpoints /api/push-github and /api/push-gitea were called without HTTP Basic authentication, despite the forges implementing HMAC with a secret key. The root cause is missing authentication on those calls, enabling heavy evaluations that can ...
CVE-2025-54864 Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
CVE-2025-54864 Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
CVE-2025-54864 Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
CVE-2025-54864
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
CVE-2025-42941
SAP Fiori Launchpad is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary...
CVE-2025-42941 Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad)
SAP Fiori Launchpad is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary...
CVE-2025-42941
The CVE-2025-42941 entry describes a Reverse Tabnabbing issue in SAP Fiori (Launchpad) caused by insufficient external navigation protections on links. Affected software is SAP Fiori (Launchpad); the root cause is lack of proper navigation safeguards for anchor elements. Consequences stated incl...
CVE-2025-42941 Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad)
SAP Fiori Launchpad is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary...
SAP Fiori 安全漏洞
SAP Fiori, a user experience UX design system for SAP applications from SAP, Germany, provides designers and developers with a set of tools and guidelines to quickly develop applications for any platform, delivering a consistent, innovative experience for creators and users. A security...
PT-2025-32603 · Sap · Sap Fiori
Name of the Vulnerable Software and Affected Versions: SAP Fiori Launchpad affected versions not specified Description: SAP Fiori Launchpad is susceptible to a Reverse Tabnabbing issue stemming from insufficient external navigation protection for its link elements . An attacker with administrativ...
Designing with Deception: ML- and Covert Gate-Enhanced Camouflaging to Thwart IC Reverse Engineering
Integrated circuits ICs are essential to modern electronic systems, yet they face significant risks from physical reverse engineering RE attacks that compromise intellectual property IP and overall system security. While IC camouflage techniques have emerged to mitigate these risks, existing...