22 matches found
EUVD-2003-0356
Malware in sbrugna...
EUVD-2019-15755
Malware in sbrugna...
EUVD-2020-22483
Malware in sbrugna...
EUVD-2016-4744
Malware in sbrugna...
EUVD-2021-17104
Malware in sbrugna...
EUVD-2022-1792
Malicious code in bioql PyPI...
EUVD-2022-25898
Malicious code in bioql PyPI...
CVE-2025-6391 JSON Web Token (JWT) Exposure in Log Files
Brocade ASCG before 3.3.0 logs JSON Web Tokens JWT in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure...
CVE-2025-49739 Visual Studio Elevation of Privilege Vulnerability
...
GHSA-Q7C3-X7HM-QQ72 Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens
In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...
CVE-2024-41795
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices is vulnerable to Cross-Site Request Forgery CSRF attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device...
CVE-2024-6577
In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...
Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems
Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition SCADA system used in operational technology OT environments, that could allow malicious actors to take control of susceptible systems. "These vulnerabilities,...
CVE-2024-55930 Weak default folder permissions
Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files...
Cross-Site WebSocket Hijacking
HTML5 WebSockets allow developers to create bi-directionnal communication channels between clients usually web browsers and servers. To initialize the communication, the WebSocket protocol requires a handshake performed with the HTTP protocol to ugprade the communication. When a web application...
PT-2024-18213 · WordPress · Print Labels With Barcodes
Name of the Vulnerable Software and Affected Versions: The Print Labels with Barcodes plugin for WordPress versions up to, and including, 3.4.6 Description: The issue allows for unauthorized access, modification, and loss of data due to an improper capability check on 42 separate AJAX functions...
PT-2023-6853 · Moxa · Moxa Pt-G503 Series
Name of the Vulnerable Software and Affected Versions: Moxa PT-G503 Series firmware versions prior to v5.2 Description: The issue is related to the absence of the secure flag in session cookies, which could allow a remote attacker to gain unauthorized access to protected information. This may lea...
TP-LINK TD-W8950N router suffers from weak password vulnerability
hereinafter referred to as "TP-LINK" is a leading global supplier of network communication equipment. A weak password vulnerability exists in the TP-LINK TD-W8950N router, which can be exploited by an attacker to log in to the system backend and perform unauthorized operations...
PT-2020-16526 · Ruckus · Ruckus Vriot
Name of the Vulnerable Software and Affected Versions: Ruckus vRioT versions 1.5.1.0.21 and earlier Description: The issue concerns an API backdoor that is hardcoded into the validate token.py file. This backdoor allows an unauthenticated attacker to interact with the service API by using a...
RUS-CERT Advisory 2001-09:01
Vulnerabilities in PAM and NSS modules using a PostgreSQL database During investigating the problem described in RUS-CERT Advisory 2001-08:01, it became evident that a few PAM and NSS modules which use PostgreSQL as database backend are vulnerable to SQL code injections attacks, too. Systems...