PT-2026-48910

Name of the Vulnerable Software and Affected Versions Aqara IAM/SSO gateway affected versions not specified Description The IAM/SSO gateway at 'gw-builder.aqara.com' exposes an unauthenticated AES oracle, allowing bidirectional AES round-trips against the platform's signing key. This occurs due t...

CVE-2009-4166

SQL injection vulnerability in the Trips mchtrips extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

EUVD-2009-4136

Malware in sbrugna...

Bykea: Lack of minimum value bid wheel verification on customer_bid in Rental Trips

A missing validation on the customerbid field when creating rental trips allowed passengers to submit arbitrary bid amounts, including very low fares. Proper validation was added to prevent unrealistic values...

SAMSUNG S Assistant 安全漏洞

SAMSUNG S Assistant is a cell phone application from the South Korean company Samsung SAMSUNG. It provides a cell phone management function. A security vulnerability exists in SAMSUNG S Assistant prior to version 9.3.2, which stems from insufficient validation of intent by...

MAL-2025-36502 Malicious code in test-mlw2-trips-drats (npm)

The package test-mlw2-trips-drats was found to contain malicious code...

Malicious code in @malware-test-trips-hance-binds-ungum/test-mlw3-trips-hance-binds-ungum (npm)

The package @malware-test-trips-hance-binds-ungum/test-mlw3-trips-hance-binds-ungum was found to contain malicious code...

Malicious code in test-mlw2-trips-drats (npm)

The package test-mlw2-trips-drats was found to contain malicious code...

CVE-2020-6301

SAP ERP HCM Travel Management, versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check...

Malicious code in trips-pwa-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2711cf5153838983e0237668dc1baaa1ad85959278de51e6e06702482099b582 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7997 Malicious code in trips-pwa-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2711cf5153838983e0237668dc1baaa1ad85959278de51e6e06702482099b582 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the thermal_zone_device_register_with_trips() function in the drivers/thermal/thermal_core.c file of the Linux kernel’s temperature control driver allows a hacker to cause a service failure.

The vulnerability of the thermalzonedeviceregisterwithtrips function in the drivers/thermal/thermalcore.c file of the Linux kernel’s temperature control driver is related to a pointer dereferencing error. Exploiting this vulnerability could allow an attacker to cause a service failure...

bookings.cornwallboattrips.co.uk Cross Site Scripting vulnerability OBB-3320500

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2020-29510

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

DEBIAN-CVE-2020-29510

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

CVE-2020-29510

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

CVE-2020-29511

The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

Even More on Threat Hunting

In response to my post More on Threat Hunting, Rob Lee asked: Do you consider detection through ID’ing/“matching” TTPs not hunting? To answer this question, we must begin by clarifying "TTPs." Most readers know TTPs to mean tactics, techniques and procedures, defined by David Bianco in his Pyrami...

Girls Who Code Summer Immersion Program - Week One

Written by Lisa Adams The Girls Who Code Summer Immersion program at Akamai Technologies is off to a great start! During Week 1 we welcomed the class of 20 girls and the teaching team of three instructors from Girls Who Code. The girls began learning how to program in the Scratch language, and...

MyLog GPS Trips Logbook - Customized SSL, Insecure KeyStore, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application MyLog GPS Trips Logbook published at the 'play' market has multiple vulnerabilities...