7059 matches found
CVE-2025-54864
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
CVE-2025-42941
SAP Fiori Launchpad is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary...
CVE-2025-54464
This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted credentials...
CVE-2025-54464
The CVE-2025-54464 entry concerns ZKTeco WL20. The vulnerability is described as cleartext storage of admin and user credentials within the device firmware. An attacker with physical access could extract the firmware, reverse‑engineer the binary data, and obtain unencrypted credentials, impacting...
CVE-2025-54864 Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
CVE-2025-54864 Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
CVE-2025-54864
CVE-2025-54864 affects Hydra (Nix-based CI) where the endpoints /api/push-github and /api/push-gitea were called without HTTP Basic authentication, despite the forges implementing HMAC with a secret key. The root cause is missing authentication on those calls, enabling heavy evaluations that can ...
CVE-2025-54864 Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
CVE-2025-54864
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
CVE-2025-42941
SAP Fiori Launchpad is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary...
CVE-2025-42941 Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad)
SAP Fiori Launchpad is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary...
CVE-2025-42941 Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad)
SAP Fiori Launchpad is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary...
CVE-2025-42941
The CVE-2025-42941 entry describes a Reverse Tabnabbing issue in SAP Fiori (Launchpad) caused by insufficient external navigation protections on links. Affected software is SAP Fiori (Launchpad); the root cause is lack of proper navigation safeguards for anchor elements. Consequences stated incl...
SAP Fiori 安全漏洞
SAP Fiori, a user experience UX design system for SAP applications from SAP, Germany, provides designers and developers with a set of tools and guidelines to quickly develop applications for any platform, delivering a consistent, innovative experience for creators and users. A security...
PT-2025-32603 · Sap · Sap Fiori
Name of the Vulnerable Software and Affected Versions: SAP Fiori Launchpad affected versions not specified Description: SAP Fiori Launchpad is susceptible to a Reverse Tabnabbing issue stemming from insufficient external navigation protection for its link elements . An attacker with administrativ...
Designing with Deception: ML- and Covert Gate-Enhanced Camouflaging to Thwart IC Reverse Engineering
Integrated circuits ICs are essential to modern electronic systems, yet they face significant risks from physical reverse engineering RE attacks that compromise intellectual property IP and overall system security. While IC camouflage techniques have emerged to mitigate these risks, existing...
Linux Distros Unpatched Vulnerability : CVE-2020-1935
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some...
Exploit for Out-of-bounds Write in Cypress Cyw20735_Firmware
This repository is an offensive tool for firmware emulation and fuzzing. It provides a virtual environment to fuzz wireless firmwares, allowing for the extraction of their current state and re-execution in a virtual environment for fuzzing. The tool is currently optimized for the CYW20735 Bluetoo...
Linux Distros Unpatched Vulnerability : CVE-2022-42252
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting...
📄 Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated Remote Code Execution
Shenzhen Aitemi M300 Wi-Fi Repeater suffers from a remote code execution vulnerability. package main import "flag" "fmt" "io" "net/http" "net/url" "os" "strings" / Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE CVE-2025-34152 - does not require authentication even when the login panel is...