62 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mmc: davincimmc: Prevents the transmitted data size from exceeding the length of sgm. No check is performed on the size of the data to be transmitted. This can lead to a kernel panic when the transmitted data size exceeds the...
GHSA-JJ54-R8GM-2FCF dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction
Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DefaultUsageTracker.emittoolcalledevent in src/dbtmcp/tracking/tracking.py serializes the complete arguments dictionary of every MCP tool call and transmits it verbatim to...
CVE-2026-2539
The CVE-2026-2539 affects the Micca KE700 car alarm system where the RF protocol transmits data frames in cleartext. The vulnerability arises because random numbers and counters used for authentication are captured via radio interception, enabling an attacker to obtain sensitive authentication-re...
PT-2025-51711
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The CAN driver within the Linux kernel contains an issue in the gs usb xmit callback function related to the handling of failed transmitted URBs. The driver does not properly clean up...
CVE-2025-64898 ColdFusion | Insufficiently Protected Credentials (CWE-522)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or...
EUVD-2025-28560
Malicious code in bioql PyPI...
CVE-2025-39873
CVE-2025-39873 (Linux kernel) : The vulnerability concerns the xilinx_can driver where xcan_write_frame() may use a previously freed skb. The root cause is that can_put_echo_skb() can take ownership of the SKB, which may be freed during or after the call, while xcan_write_frame() continues to tou...
CVE-2025-39873 can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB
In the Linux kernel, the following vulnerability has been resolved: can: xilinxcan: xcanwriteframe: fix use-after-free of transmitted SKB canputechoskb takes ownership of the SKB and it may be freed during or after the call. However, xilinxcan xcanwriteframe keeps using SKB after the call. Fix th...
CVE-2025-8863
YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission...
The vulnerability of the Segnetics SMConfig system configuration tool lies in the lack of protection for transmitted data, which allows attackers to disclose the protected information.
The vulnerability of the Segnetics SMConfig system configuration tool is related to the lack of protection for transmitted data. Exploiting this vulnerability allows a malicious actor to disclose sensitive information by reading the HTTP cookie header...
Netwrix Directory Manager 安全漏洞
Netwrix Directory Manager is a group and user management software from Netwrix. A security vulnerability exists in Netwrix Directory Manager v.11.0.0.0 and earlier and later v.11.1.25134.03, which originates from the insertion of sensitive information in sent data...
Trivision NC227WF 安全漏洞
Trivision NC227WF is a webcam from Trivision. A security vulnerability exists in Trivision NC227WF version v5.8.0, which stems from a password being transmitted via a query string...
The vulnerability of the Drupal CMS system’s Image Sizes module, related to the insertion of confidential information into the transmitted data, allows attackers to circumvent security restrictions and execute a Forceful Browsing attack.
The vulnerability of the Image Sizes module in Drupal systems is related to the insertion of confidential information into the transmitted data. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...
CVE-2024-41026
In the Linux kernel, the following vulnerability has been resolved: mmc: davincimmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the data to be transmiited. This causes a kernel panic when this size exceeds the sgmiter's length. Limit the number of...
CVE-2024-41026 mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length
In the Linux kernel, the following vulnerability has been resolved: mmc: davincimmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the data to be transmiited. This causes a kernel panic when this size exceeds the sgmiter's length. Limit the number of...
CVE-2024-41026 mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length
In the Linux kernel, the following vulnerability has been resolved: mmc: davincimmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the data to be transmiited. This causes a kernel panic when this size exceeds the sgmiter's length. Limit the number of...
CVE-2024-41026 mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length
In the Linux kernel, the following vulnerability has been resolved: mmc: davincimmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the data to be transmiited. This causes a kernel panic when this size exceeds the sgmiter's length. Limit the number of...
The vulnerability of the syslog system for software used in managing SAN networks by Brocade SANnav allows a intruder to gain unauthorized access to protected information.
The vulnerability of the syslog system for SAN management software like Brocade SANnav lies in the fact that data is transmitted in an open manner. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
CVE-2024-38284
Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls...
CVE-2024-38284
CVE-2024-38284 affects Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600), with versions up to 3.1.171.9. The root cause is that transmitted data is logged between the device and the backend, enabling an attacker to perform a replay attack to replicate calls. In the ICS context, mitiga...