Malicious code in flask-tdg-cyberx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d5dae82b81352867ea79466352b02c279be8b7ca2f0415f0534058e20b943436 Package is prepared for exfiltration of detailed data about the running system. The exact behaviour depends on the version: some does nothing, some exfiltrate...

CVE-2025-55280 Information Disclosure Vulnerability in ZKTeco WL20

This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the...

The vulnerability of NVIDIA GeForce, Quadro, NVS, and Tesla graphics processors’ microprogramming software relates to the disclosure of system data by unauthorized individuals, allowing attackers to gain unauthorized access to protected information.

The vulnerability of NVIDIA GeForce, Quadro, NVS, and Tesla graphics processors’ microprogramming software relates to the disclosure of system data by unauthorized individuals. Exploiting this vulnerability can allow a hacker to gain unauthorized access to protected information...

The vulnerability of NVIDIA GeForce, Quadro, NVS, and Tesla graphics processors’ microprogramming software relates to the disclosure of system data by unauthorized individuals, allowing attackers to gain unauthorized access to protected information.

The vulnerability of NVIDIA GeForce, Quadro, NVS, and Tesla graphics processors’ microprogramming software relates to the disclosure of system data by unauthorized individuals. Exploiting this vulnerability can allow a hacker to gain unauthorized access to protected information...

The vulnerability of the SD-WAN function in the PAN-OS operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the SD-WAN function in the PAN-OS operating system relates to the exposure of system data to unauthorized individuals. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

Digiwin EAI 安全漏洞

Digiwin EAI is a cross-system data exchange and automation platform from China-based Digiwin. A security vulnerability exists in Digiwin EAI that stems from an elevation of privilege issue in a specific API that could allow a remote attacker to elevate privileges to the administrator level...

PT-2025-35974

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw where a maliciously fuzzed file system can trigger a BUG ON in the ext4 update inline data function when an inode has the INLINE DATA FL flag set but is...

Marvell QConvergeConsole path traversal vulnerability (CNVD-2025-20445)

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the getAppFileBytes method. An attacker could exploit the vulnerability to disclose information in the SYSTE...

Marvell QConvergeConsole path traversal vulnerability (CNVD-2025-20446)

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. Marvell QConvergeConsole has a path traversal vulnerability that is caused by an error in the getDriverTmpPath method. An attacker could exploit the vulnerability to disclose information in the...

Marvell QConvergeConsole 路径遍历漏洞

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the compressFirmwareDumpFiles method. An attacker could exploit this vulnerability to disclose information i...

The vulnerability of Nokia’s Single Radio Access Network management platform lies in the fact that system data can be disclosed to unauthorized individuals, allowing a intruder to gain unauthorized access to protected information.

The vulnerability of the Nokia Single RAN network management platform lies in the ability to expose system data to unauthorized individuals. Exploiting this vulnerability could allow a hacker to gain unauthorized access to protected information by sending a specially crafted POST request...

Malicious code in node-mongoose-orm (npm)

The package employs typosquatting to impersonate a legitimate author and package, and it contains obfuscated code that exfiltrates sensitive user data and creates a backdoor for remote code execution, The core of the malicious activity is found in the package/lib/writer.js file. The lib/writer.js...

The vulnerability of the libsoup library, related to the exposure of system data to unauthorized individuals, allows a violator to disclose protected information.

The vulnerability of the libsoup library relates to the exposure of system data by unauthorized individuals. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

Malicious code in win32evtlogutil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5d62d03c43564c8087172222e65beaf334bd9f219291eb6c36a142ad88adef4f Research packages targeting typosquatting and dependency confusions, without really harmful behaviour - just calling home through DNS resolver. Related to...

CVE-2025-33035

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...

CVE-2025-33035 File Station 5

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...

CVE-2025-33035

CVE-2025-33035 concerns a path traversal vulnerability in QNAP File Station 5 . The issue allows a remote attacker who has a user account to read unexpected files or system data. Affected version range is File Station 5 prior to 5.5.6.4847 ; the vulnerability is mitigated by upgrading to 5.5.6.48...

The vulnerability of Intel microprogramming software, related to insufficient protection of system data, allows attackers to gain unauthorized access to protected information.

The vulnerability of Intel microprogramming software is related to insufficient protection of system data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

CVE-2024-24018

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list...

CVE-2023-36922

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...