CVE-2025-63667

Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication...

Vatilon IP camera 安全漏洞

Vatilon IP camera is a series of IP cameras from China-based Vatilon Vatilon. A security vulnerability exists in Vatilon IP camera that stems from improper access control and could lead to unauthorized access to sensitive API endpoints...

CVE-2024-57157

Summary (CVE-2024-57157): Jantent v1.1 has an incorrect access control flaw that allows unauthenticated access to sensitive APIs. Affected component is the application’s authentication/authorization logic; root cause is improper access checks, enabling a network-based bypass without a token. CVSS...

CVE-2024-57157

Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to incomplete certificate verification during HTTPS communication between Core and Agent endpoints. An attacker can execute arbitrary commands with high privileges by bypassing authentication and accessin...

MalGuard: Towards Real-Time, Accurate, and Actionable Detection of Malicious Packages in PyPI Ecosystem

Malicious package detection has become a critical task in ensuring the security and stability of the PyPI. Existing detection approaches have focused on advancing model selection, evolving from traditional machine learning ML models to large language models LLMs. However, as the complexity of the...

PT-2023-13720 · Hertzbeat · Hertzbeat

Name of the Vulnerable Software and Affected Versions: Hertzbeat versions 1.20 and prior Description: Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless capabilities. The system has a permission bypass issue,...

Secure containerized environments with updated threat matrix for Kubernetes

Last April, we released the first version of the threat matrix for Kubernetes. It was the first attempt to systematically map the threat landscape of Kubernetes. As we described in the previous post, we chose to adapt the structure of MITRE ATT&CK® framework which, became almost an industry...

CVE-2018-21049

An issue was discovered on Samsung mobile devices with N7.x and O8.X Exynos chipsets software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881 November 2018...

Remote Code Execution Vulnerability in Stranger Client

Stranger is a location-based mobile social networking tool. There is a remote code execution vulnerability in the Stranger client, which can be exploited by an attacker to trigger an attack code to automatically download and automatically use the interface to install any application, call sensiti...