146 matches found
CVE-2025-58130
Apache Fineract is affected by an Insufficiently Protected Credentials vulnerability up to version 1.11.0. The issue is fixed in 1.12.1, and users are advised to upgrade to 1.13.0 (latest release). The primary public details indicate credential exposure risk but do not describe specific exploitat...
CVE-2025-58130 Apache Fineract: Server Key not masked
Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release...
CVE-2025-58130 Apache Fineract: Server Key not masked
Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release...
CVE-2025-40818
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...
CVE-2025-11894
The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...
CVE-2025-11894
The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...
CVE-2025-11894 Shelf Planner <= 2.8.1 - Missing Authorization to Unauthenticated Settings Update
The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...
CVE-2025-11894
CVE-2025-11894 : The Shelf Planner WordPress plugin (versions
CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...
WSO2多款产品 安全漏洞
WSO2 API Manager is an API lifecycle management solution, WSO2 API Manager Analytics is an analytics component, and WSO2 API Control Plane is a control panel. A security vulnerability exists in a number of WSO2 products. The vulnerability stems from insufficient enforcement of permissions in the...
EUVD-2014-4668
Malware in sbrugna...
EUVD-2023-43880
Malicious code in bioql PyPI...
EUVD-2025-16874
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-9988
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverkeyexchange that could cause a crash on invalid input...
CVE-2025-48960
Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...
CVE-2025-48960
CVE-2025-48960 concerns a weak server key used for TLS encryption affecting Acronis Cyber Protect 16 on Linux, macOS, and Windows before build 39938 . The vulnerability is caused by inadequate key material in the TLS setup, leading to low confidentiality (C) and partial integrity issues (I) per t...
CVE-2025-48960
Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...
CVE-2025-48960
Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...
CVE-2023-3202
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...
openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected
A flaw was found in OpenSSL's RFC7250 Raw Public Key RPK authentication. This vulnerability allows man-in-the-middle MITM attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSLVERIFYPEER verification mode being set...