316 matches found
Deep Sea Electronics DSE855 - Authentication Bypass
Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...
EUVD-2026-34041
Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds for very large defects lists via a very bad drive with lots of defects or a maliciously crafted SCSI device’s defect...
CVE-2026-10719 Open Seachest/Seachest NVMe show Format Descriptors Vulnerability
Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of allocated memory which sets a value to 1 via a maliciously crafted NVMe device with a bogus value in the namespace FLBAS byte...
CVE-2026-10718 Open Seachest/Seachest NVMe Trim (Deallocate) Vulnerability
Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation...
Malicious code in ignite-market-contractstest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9babd9b088785649368dbf885050b6a15b218a6b38d2dcd058f0c9eda5109da package.json declares a preinstall lifecycle hook that runs wget --quiet...
MAL-2026-2952 Malicious code in @settle-sea/supporting-documents (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1a578c532adf03529b20a3a434751c75d17e6c7ea31e4ca1881447db490cc78 The package @settle-sea/supporting-documents was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @settle-sea/supporting-documents (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1a578c532adf03529b20a3a434751c75d17e6c7ea31e4ca1881447db490cc78 The package @settle-sea/supporting-documents was found to contain malicious code. Source: ossf-package-analysis...
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN aka USBFect, MISTCLOAK...
Friday Squid Blogging: New Squid Species Discovered
A new species of squid. pretends to be a plant: Scientists have filmed a never-before-seen species of deep-sea squid burying itself upside down in the seafloor--a behavior never documented in cephalopods. They captured the bizarre scene while studying the depths of the Clarion-Clipperton Zone CCZ...
CVE-2020-36932
SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded...
EUVD-2025-204678
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to...
CVE-2025-15002
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to...
CVE-2025-15002 SeaCMS mysqli.class.php sql injection
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to...
CVE-2025-15002 SeaCMS mysqli.class.php sql injection
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to...
Mozilla Firefox < 3.6
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 3.6. It is, therefore, affected by a vulnerability as referenced in the mfsa2010-05 advisory. - Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the...
CVE-2025-29270
Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device...
CVE-2025-29270
Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device...
CVE-2025-29270
The issue CVE-2025-29270 affects Deep Sea Electronics DSE855 devices, specifically versions 1.1.0 through 1.1.26. The vulnerability is an incorrect access control in the realtime.cgi endpoint, which can allow an attacker to access the admin panel and take full control of the device. The impact is...
CVE-2025-29270
Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device...
CVE-2025-29270
Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device...