13 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-24882
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol RDP. In versions prior to 2.7.0, NT LAN Manager NTLM authentication does not properly abort when...
PT-2025-28222 · Giscus · Giscus
Name of the Vulnerable Software and Affected Versions: giscus affected versions not specified Description: A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which i...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: tcp: correct handling of extreme memory squeeze Testing with iperf3 using the "pasta" protocol splicer has revealed a problem in the way tcp handles window advertising in extreme memory squeeze situations. Under memory pressure, ...
CVE-2025-47697
Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user...
CVE-2022-3147
Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service...
CVE-2025-32359
In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not wh...
Fortinet FortiManager和FortiAnalyzer 安全漏洞
Fortinet FortiManager and Fortinet FortiAnalyzer are both products of Fortinet, Inc. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains AD...
Ivanti Workspace Control 安全漏洞
Ivanti Workspace Control is a suite of workspace control software from Ivanti USA. The software includes features such as user management, application management and report management. A security vulnerability previously existed in Ivanti Workspace Control version 10.18.0.0, which stemmed from th...
ZipSlip Symlink variant allows to read any file within OctoPrint Box
Using the ZipSlip symlink variant, it is possible to steal any file from the OctoPrint remote server via an upload of a maliciously crafted archive as a language pack and download the stolen files within a backup archive. To set up the Octoprint web application, we used the dockerized version bas...
CVE-2022-24883 FreeRDP Server authentication might allow invalid credentials to pass
FreeRDP is a free implementation of the Remote Desktop Protocol RDP. Prior to version 2.7.0, server side authentication against a SAM file might be successful for invalid credentials if the server has configured an invalid SAM file path. FreeRDP based clients are not affected. RDP server...
Bug Exposes Eufy Camera Private Feeds to Random Users
Owners of Eufy home security cameras were warned this week of an internal server bug that allowed strangers to view, pan and zoom in on their home-video feeds for approximately one day. Inversely, customers were also suddenly given access to do the same to other users. The SNAFU, according to...
Uber: Header Injection
Hi Uber , I would like to report an issue on the domain http://m.uber.com Upon testing some back and forth requests to this domain , I figured out that it is possible to inject arbitrary content into the Headers of the requests . Upon increasing the size of the payload in the header , it leads to...
Enter: GA code not verified on the server side allows sending Verification Documents on behalf of another user
Host api.romit.io Endpoint /v0/cash/auth/login/verify Issue The GA Code is not verified on the server side for the users whose "Verification application" has been DENIED by the Romit support Team PoC 1. Setup an account at app.romit.io, use your apiKey, apiSecret and Location-ID to setup. 2. Now...