CVE-2025-66050

CVE-2025-66050 (Vivotek IP7137, firmware 0200a) is linked to multiple issues: path traversal (CVE-2025-66051), information disclosure via RTSP without authentication (CVE-2025-66049), and command injection through /cgi-bin/admin/setparam.cgi (CVE-2025-66052). All references indicate default admin...

EUVD-2024-51922

Malicious code in bioql PyPI...

ALPINE-CVE-2021-22923

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...

CVE-2019-2193

In WelcomeActivity.java and related files, there is a possible permissions bypass due to a partially provisioned Device Policy Client. This could lead to local escalation of privilege, leaving an Admin app installed with no indication to the user, with User execution privileges needed. User...

Reddit Publishes its First Transparency Report

Reddit on Thursday published its first transparency report, joining the litany of technology and online service providers who have already shed light on their privacy practices, and the extent to which governments makes requests for user information. Reddit thrives on user-submitted content...

Twitter 'Weighing Legal Options' On Publishing National Security Requests Data

Twitter officials are pushing the United States government for more freedom to publish specific numbers about national security information requests, and said the company is considering its legal options if the government doesn’t allow more data to be made public. In its latest transparency repor...