CVE-2022-39013

Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the applicatio...

ABB多款产品 安全漏洞

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Apogee, BacNet ATEC, Desigo CC, Intralog, OZW, Polarion, RUGGEDCOM, SICAM, SIMATIC, SIPROTEC, SIRIUS, Teamcenter and Versicharge The vulnerabilities potentially enable a malicious person to launch attacks that could result in the...

CVE-2025-24008

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System MSS All versions, SIRIUS Safety Relays 3SK2 All versions. The affected devices do not encrypt data in transit. An attacker with network access could eavesdrop the connection and retrieve sensitive information, including...

Malicious code in frau-hoster (npm)

This packages collect system information and attempt to send it to remote servers, details include hostname, OS, IP address, username and current working directory. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...

Drive Data Should Be Managed in Partitions

When installing the OS, plan different partitions for OS data and service data based on the scenario. Do not store all data in the same drive or partition. Properly planning drive partitions avoids or reduces the following risks: 1. Log files are too large and use up the space of the service driv...

Malicious code in bytedmemfdd345 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 19705d4db8178a4b1dd1282ded6d73256dc10b22125280c241524ec3e9e274af During installation, a website with the current working dir is being called. It looks like something between spam and pentest as the website is most probably n...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as SCALANCE, SIMATIC, SINAMICS, SINEMA, SiPass, Teamcenter and Tecnomatix. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS -...

CVE-2025-25763

crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead in /system/SystemDatabackupServices.php...

CVE-2025-27150

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should not have access t...

CVE-2025-27150

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should not have access t...

PT-2025-9687 · Unknown +2 · Tuleap Enterprise Edition +2

Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 16.4.99.1740492866 Tuleap Enterprise Edition versions prior to 16.4-6 and 16.3-11 Description: The issue concerns the management of sensitive information, specifically the password for connecting to the Redis instance...

The vulnerability of the IBM InfoSphere Information Server software platform, related to the exposure of system data to a controlled area, allows an intruder to disclose protected information.

The vulnerability of the IBM InfoSphere Information Server software platform is related to the exposure of system data to an controlled area. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

The vulnerability of the software for providing secure remote access to data through the Palo Alto Networks GlobalProtect App for the PAN-OS operating system allows unauthorized individuals to access protected information.

The vulnerability of the software for providing secure remote access to data through the Palo Alto Networks GlobalProtect App for the PAN-OS operating system relates to the disclosure of system data by unauthorized individuals. Exploiting this vulnerability can allow a intruder to gain unauthoriz...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Avoid out-of-bounds access when system.data modifies xattr under the filesystem. When searching an inline directory, if evalueoffs is changed under the filesystem due to a change in the block device, it may lead to an...

Azure Linux 3.0 Security Update: kernel (CVE-2024-47701)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47701 advisory. - In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr...

Malicious code in lightgboost (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 03aea882aa08832e53ccfb267fe4b95c9ea4f24ea51ceeaaa4a85557e67ce15b Packages are designed to collect basic info about the user when importing them, and have no other purpose. While they claim to do so, some packages from the sa...

MAL-2025-191766 Malicious code in inkpy-jinja (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c230bd12491edc91bbbc1080b2d650c4889a8b9269b85a346839a32900bfad2b Packages are designed to collect basic info about the user when importing them, and have no other purpose. While they claim to do so, some packages from the sa...

The vulnerability of the SAP GUI graphical user interface for Windows involves unauthorized access to system data within the controlled area. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the SAP GUI graphical user interface for Windows relates to the disclosure of system data by unauthorized parties in the controlled area. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

Embedded Malicious Code

Overview uniapi is an A Universal API Framework. Affected versions of this package are vulnerable to Embedded Malicious Code which contains code that executes upon importing the module. This code downloads a script from a remote URL and executes it in a thread. The downloaded script collects syst...