EUVD-2024-50215

Malicious code in bioql PyPI...

UTT 1250GW和UTT 1200GW 安全漏洞

The UTT 1250GW and UTT 1200GW are both wireless routers from China Ai Tai UTT. A security vulnerability exists in the UTT 1250GW and UTT 1200GW versions 3.0.0-170831 through 3.2.2-200710, which stems from an incorrect manipulation of the parameter senderEmail in the file /goform/formApMail, which...

CISA Releases Thirteen Industrial Control Systems Advisories

CISA released thirteen Industrial Control Systems ICS advisories on July 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-191-01 Siemens SINEC NMS ICSA-25-191-02 Siemens Solid Edge ICSA-25-191-03 Siemens TI...

CVE-2025-38193

CVE-2025-38193 affects the Linux kernel net_sched component sch_sfq. The issue is a missing range check for perturb_period, which could cause perturb_period * HZ to overflow and become invalid, enabling a race condition. The provided examples show invalid values producing errors and a valid value...

CVE-2023-21226

In SAEMMRetrieveTaiList of SAEMMContextManagement.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2023-37034

A Null pointer dereference vulnerability in the Mobile Management Entity MME in Magma = 1.8.0 fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486 allows network-adjacent attackers to crash the MME via an S1AP Initial UE Message packet missing an expected TAI field...

PT-2025-1426 · Magma · Magma

Name of the Vulnerable Software and Affected Versions: Magma versions 1.8.0 and earlier Description: A null pointer dereference issue in the Mobile Management Entity MME allows network-adjacent attackers to crash the MME via an S1AP "Initial UE Message" packet missing an expected TAI field. This...

CVE-2024-9925

SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the ‘email’ parameter on the ‘RequestPasswordChange’ endpoint...

CVE-2024-9925 SQL injection in QPLANT by TAI Smart Factory

SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the ‘email’ parameter on the ‘RequestPasswordChange’ endpoint...

CVE-2024-9925

CVE-2024-9925 describes a SQL injection in QPLANT SF 1.0 by TAI Smart Factory. The vulnerability allows a remote attacker to exfiltrate all database information by crafting a SQL payload against the email parameter on the RequestPasswordChange endpoint. Impact is high (confidentiality, integrity,...

CVE-2024-9925 SQL injection in QPLANT by TAI Smart Factory

SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the ‘email’ parameter on the ‘RequestPasswordChange’ endpoint...

tai-jutsu.nl Improper Access Control vulnerability OBB-3924648

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Premium Addons for Elementor plugin <= 4.10.27 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Dau Hoang Tai in WordPress Plugin Premium Addons for Elementor versions = 4.10.27...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Tai-e for CVE-2021-44228 This a sample project that utilize...

CVE-2023-21226

In SAEMMRetrieveTaiList of SAEMMContextManagement.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

PT-2023-18012 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to an incorrect bounds check in the SAEMM RetrieveTaiList function of SAEMM ContextManagement.c. This could lead to a possible out of bounds read, resulting in remote information disclosure...

Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin

Cybersecurity researchers have unmasked the identity of one of the individuals who is believed to be associated with the e-crime actor known as XE Group. According to Menlo Security, which pieced together the information from different online sources, "Nguyen Huu Tai, who also goes by the names J...

Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin

Cybersecurity researchers have unmasked the identity of one of the individuals who is believed to be associated with the e-crime actor known as XE Group. According to Menlo Security, which pieced together the information from different online sources, "Nguyen Huu Tai, who also goes by the names J...

worldtaichiday.org Cross Site Scripting vulnerability OBB-3320824

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-29754

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor TAI. IBM X-Force ID: 202006...