447 matches found
EUVD-2024-48235
Malicious code in bioql PyPI...
EUVD-2024-18247
Malicious code in bioql PyPI...
EUVD-2025-24469
Malicious code in bioql PyPI...
EUVD-2024-18047
Malicious code in bioql PyPI...
CVE-2025-27231
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change...
DEBIAN-CVE-2025-27231
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change...
CVE-2025-27231
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change...
CVE-2025-27231 LDAP 'Bind password' field value can be leaked by a Zabbix Super Admin
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change...
CVE-2025-27231 LDAP 'Bind password' field value can be leaked by a Zabbix Super Admin
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change...
CVE-2025-27231
CVE-2025-27231 involves leakage of the LDAP Bind password in Zabbix deployments. According to connected advisories, the issue allows a Super Admin to exfiltrate the Bind password by altering the LDAP Host to a rogue server, even though the password cannot be read after saving under normal conditi...
CVE-2025-27231
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change...
Linux Distros Unpatched Vulnerability : CVE-2023-28634
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile...
CVE-2025-3671 WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrar...
CVE-2025-53744
An incorrect privilege assignment vulnerability CWE-266 in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via...
CVE-2025-53744
An incorrect privilege assignment vulnerability CWE-266 in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via...
CVE-2025-53744
An incorrect privilege assignment vulnerability CWE-266 in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via...
CVE-2025-53744
CVE-2025-53744 affects FortiOS Security Fabric across multiple lines: FortiOS Security Fabric versions 7.6.0–7.6.2, 7.4.0–7.4.7, 7.2, 7.0, and 6.4 all are vulnerable to an improper privilege assignment (CWE-266) that can let a remote authenticated attacker with high privileges escalate to super-a...
CVE-2025-53744
An incorrect privilege assignment vulnerability CWE-266 in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via...
PT-2025-32884 · Fortinet · Fortios Security Fabric
Name of the Vulnerable Software and Affected Versions: FortiOS Security Fabric versions 6.4 all versions FortiOS Security Fabric versions 7.0 all versions FortiOS Security Fabric versions 7.2 all versions FortiOS Security Fabric versions 7.4.0 through 7.4.7 FortiOS Security Fabric versions 7.6.0...
Spying on People Through Airportr Luggage Delivery Service
Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it's used by wealthy or important people. So if the company's website is insecure, you'd be able to spy on lots of wealthy or important people. And mayb...