WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from an insecure direct object reference in the plugin/Live/view/Liverestreams/list.json.php endpoint...

CVE-2025-65396

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...

CVE-2025-65396

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...

CVE-2025-65396

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...

CVE-2025-65396

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...

CVE-2025-65396

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...

CVE-2025-65396

Affected product: Blurams Flare Camera (versions 24.1114.151.929 and earlier). Vulnerability cause: In the boot process, a read error from the SPI flash memory is induced by shorting a data pin to ground, allowing a physically proximate attacker to hijack the boot mechanism and gain a bootloader ...

PT-2026-2919

Name of the Vulnerable Software and Affected Versions Blurams Flare Camera versions 24.1114.151.929 and earlier Description A flaw exists in the boot process of the Blurams Flare Camera that allows a nearby attacker to take control of the boot mechanism and obtain a bootloader shell through the...

EUVD-2024-19411

Malicious code in bioql PyPI...

HashiCorp Vault ldap auth method may not have correctly enforced MFA

Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

Authenticator Login - Critical - Access bypass - SA-CONTRIB-2025-009

This module allows a site to setup two factor authentication via QR code using authenticator applications on mobile devices including phones. The module does not properly protect its custom paths, allowing one user to access a different user's two factor configuration...

CVE-2024-43176

IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users...

GaussDB Kernel: Enabling the Separation of Duties

If the parameter enableSeparationOfDuty is set to on, the separation of duties is enabled to control system administrator permissions. In this mode, system administrators cannot create or modify user configurations or access data in private users SPDX-FileCopyrightText: 2020 Greenbone AG Some tex...

Design/Logic Flaw

An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an...

Security and Privacy Implications of Zoom

Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom. Over that same period, the company has been exposed for...

Citrix Receiver Updates Troubleshooting Guide

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the...