407 matches found
EUVD-2022-32062
Malicious code in bioql PyPI...
EUVD-2024-54910
Malicious code in bioql PyPI...
EUVD-2025-27541
Malicious code in bioql PyPI...
CVE-2025-10223
Insufficient Session Expiration CWE-613 in the Web Admin Panel in AxxonSoft Axxon One C-Werk prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration...
CVE-2025-9994
The Amp’ed RF BT-AP 111 Bluetooth access point's HTTP admin interface does not have an authentication feature, allowing unauthorized access to anyone with network access...
CVE-2025-10223
Insufficient Session Expiration CWE-613 in the Web Admin Panel in AxxonSoft Axxon One C-Werk prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration...
CVE-2025-10223
Insufficient Session Expiration CWE-613 in the Web Admin Panel in AxxonSoft Axxon One C-Werk prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration...
CVE-2025-10223
The CVE-2025-10223 entry describes Insufficient Session Expiration (CWE-613) in the Web Admin Panel of AxxonSoft Axxon One (C‑Werk) on Windows, prior to version 2.0.3. The root cause is an unexpired session token allowing a local or remote authenticated attacker to retain access with removed priv...
CVE-2025-10223 Improper Session Cleanup on Role Removal in Web Admin Panel in AxxonSoft Axxon One (C-Werk)
Insufficient Session Expiration CWE-613 in the Web Admin Panel in AxxonSoft Axxon One C-Werk prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration...
PT-2025-37041
Name of the Vulnerable Software and Affected Versions: AxxonSoft Axxon One versions prior to 2.0.3 Description: Insufficient session expiration in the Web Admin Panel allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session...
CVE-2025-9994
The Amp’ed RF BT-AP 111 Bluetooth access point exposes an HTTP admin interface that has no authentication. This allows any user with network access to gain full administrative control of the device. Current public details do not indicate a fixed version; some sources note no fix is available yet....
Amp'ed RF BT-AP 111 Bluetooth access point lacks an authentication mechanism
Overview The Amp’ed RF BT-AP 111 Bluetooth Access Point exposes an HTTP-based administrative interface without authentication controls. This allows an unauthenticated remote attacker to gain full administrative access to the device. Description The Amp’ed RF BT-AP 111 is a Bluetooth-to-Ethernet...
PT-2025-36732
Name of the Vulnerable Software and Affected Versions: Amp’ed RF BT-AP 111 Bluetooth access point affected versions not specified Description: The HTTP admin interface lacks an authentication feature, enabling unauthorized access to individuals with network access. Recommendations: At the moment,...
Linux Distros Unpatched Vulnerability : CVE-2022-45868
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specif...
CVE-2025-55443
Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details IP/port that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platfor...
CVE-2025-55443
Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details IP/port that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platfor...
Malicious code in fashiongo-web-admin-v2-web (npm)
The package fashiongo-web-admin-v2-web was found to contain malicious code...
Malicious code in t2c-web-admin (npm)
The package t2c-web-admin was found to contain malicious code...
MAL-2025-34355 Malicious code in t2c-web-admin (npm)
The package t2c-web-admin was found to contain malicious code...
Malicious code in web-admin (npm)
The package web-admin was found to contain malicious code...