MAL-2026-1411 Malicious code in nfd (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 09861068d4a40cdebd80dae1ae4db85b45498bdb1f7f039cf44b33f41e68534f Facebook automation/hacking tool, with a part of its code obfuscated. Given that other packages from this uploader exfiltrate user's credentials, this is likel...

CVE-2025-56400

Cross-Site Request Forgery CSRF vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa accoun...

EUVD-2018-18027

Malware in sbrugna...

EUVD-2024-19427

Malicious code in bioql PyPI...

Think You're Secure? 49% of Enterprises Underestimate SaaS Risks

It may come as a surprise to learn that 34% of security practitioners are in the dark about how many SaaS applications are deployed in their organizations. And it's no wonder—the recent AppOmni 2024 State of SaaS Security Report reveals that only 15% of organizations centralize SaaS security with...

CVE-2024-21815

Insufficiently protected credentials CWE-522 for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to vEL8.90.1751 MR3, 8.80 prior to vEL8.80.152...

Command injection

Insufficiently protected credentials CWE-522 for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to vEL8.90.1751 MR3, 8.80 prior to vEL8.80.152...

CVE-2024-21815

Insufficiently protected credentials CWE-522 for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to vEL8.90.1751 MR3, 8.80 prior to vEL8.80.152...

May introduce an invalid Facet into the system

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The saveFacetIfNew has not checked if the newly introduced facet is valid or not a valid contract, therefore, an invalid address might be added as a facet. according to Solidity documentation, "If the...

simplepush 资源管理错误漏洞

simplepush is a mobile application from the German company simplepush. Push notifications can be sent to your device immediately via API or third-party integration. A security vulnerability exists in simplepush that stems from the registration of a fake application using the wrong deviceTokens,...

Improper Assets Management☝️ — What you need to know

Improper Assets Management☝️ — What you need to know Introduction API9:2019 Improper Assets Management What is Improper Assets Management? We should always wonder for every API if all the current endpoint should even be available and if we maybe can’t do with only allowing the API to communicate...

X (Formerly Twitter): Open Redirect on https://www.twitterflightschool.com/widgets/experience?destination_url=https://evil.com

This report details an open redirect issue that enabled crafting potentially malicious URLs which could be used to redirect users to a site specified in a URL parameter of the URL creator's choosing. This may allow an attacker to exploit a user's trust by leveraging open redirect on the affected...

Key considerations for building vs. buying identity access management solutions

Time and time again, organizations learn the hard way that no matter which security solutions they have in place, if they haven’t properly secured the end user, their efforts can be easily rendered moot. The classic slip-up most often associated with end-user-turned-insider-threat is falling for ...

NVIDIA GeForce Experience Vulnerabilities - Lenovo Support US

Lenovo Security Advisory: LEN-25444 Potential Impact: Privilege escalation, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE‑2018‑6263, CVE‑2018‑6265, CVE‑2018‑6266 Summary Description: NVIDIA has released a software update for GeForce Experience. This upda...

NVIDIA GeForce Experience Vulnerabilities - Lenovo Support US

No description provided...

CVE-2018-6266

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure...

Information disclosure

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure...

Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance

Multiple vulnerabilities in NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS Surveillance application Discovered by Pedro Ribeiro [email protected], Agile Information Security http://www.agileinfosec.co.uk/ Disclosure: 04/08/2016 / Last updated: 05/08/2016 Background on the affected...

Mandriva Update for mmc-wizard MDVA-2010:096 (mmc-wizard)

Check for the Version of mmc-wizard OpenVAS Vulnerability Test Mandriva Update for mmc-wizard MDVA-2010:096 mmc-wizard Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

Mandriva Update for mmc-wizard MDVA-2010:096 (mmc-wizard)

Check for the Version of mmc-wizard OpenVAS Vulnerability Test Mandriva Update for mmc-wizard MDVA-2010:096 mmc-wizard Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...