5335 matches found
CVE-2025-49182
CVE-2025-49182 involves credential disclosure where login credentials for the admin user and property configuration password are stored in source code, potentially giving an attacker full access to affected SICK Field Analytics and SICK Media Server products. Public sources consistently describe ...
CVE-2025-49182 Credential disclosure
Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application...
CVE-2025-49182 Credential disclosure
Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application...
PT-2025-25306
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue allows an attacker to gain full access to the application due to login credentials for the admin user and the property configuration password being stored in files within the source...
Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2025-1014)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1014 advisory. Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called...
CVE-2025-0923
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...
CVE-2025-0923
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...
CVE-2025-0923 IBM Cognos Analytics information disclosure
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...
CVE-2025-0923
IBM Cognos Analytics (versions 11.2.0–11.2.4, 12.0.0–12.0.4) is affected by CVE-2025-0923, which involves storing source code on the web server that could aid attackers. The CVSS v3.1 base score is 5.3 (Confidentiality impact: Low; Integrity/Availability: None). IBM’s bulletin lists remediation t...
CVE-2025-0923 IBM Cognos Analytics information disclosure
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...
EulerOS 2.0 SP13 : git (EulerOS-SA-2025-1631)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the...
GHSA-9HJG-9R4M-MVJ7
creationtimestamp| type| source ---|---|--- 2025-06-09 19:48:12+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17750 2025-11-05 11:48:09+00:00| seen| https://gist.github.com/Token-Eater/a4d1d6ce67e8450e1a8f456b468e3599 2025-11-05 11:55:10+00:00| seen|...
Cross-site WebSocket Hijacking
webpack-dev-server is vulnerable to Cross-site WebSocket hijacking. The vulnerability is due to improper Origin header validation, which permits IP address origins, allows attackers to hijack WebSocket connections and steal source code via malicious websites...
Wireshark Analyzer 4.4.7
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...
Exposed Dangerous Method Or Function
webpack-dev-server is vulnerable to source code exposure. The vulnerability is due to lack of proper origin checks due to requests for classic scripts not being subject to the same-origin policy, allowing attackers to inject malicious scripts that extract source code if the port and script path a...
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
Summary Source code may be stolen when you access a malicious web site with non-Chromium based browser. Details The Origin header is checked to prevent Cross-site WebSocket hijacking from happening which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address Origin header...
GHSA-9JGG-88MC-972H webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
Summary Source code may be stolen when you access a malicious web site with non-Chromium based browser. Details The Origin header is checked to prevent Cross-site WebSocket hijacking from happening which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address Origin header...
GHSA-4V9V-HFQ4-RM2V webpack-dev-server users' source code may be stolen when they access a malicious web site
Summary Source code may be stolen when you access a malicious web site. Details Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject in their site and run the script. Note that the attacker has to know the port and the output entrypoi...
webpack-dev-server users' source code may be stolen when they access a malicious web site
Summary Source code may be stolen when you access a malicious web site. Details Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject in their site and run the script. Note that the attacker has to know the port and the output entrypoi...
CVE-2025-49223
billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...