Tagged: Cybersecurity Alert

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version...

DVP-12SE – Modbus/TCP Cleartext Transmission of Sensitive Information More information : https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00021_DVP-12SE%20ModbusTCP%20Cleartext%20Transmission%20of%20Sensitive%20Info.pdf

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an...

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for...

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an...

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker...

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS. More information : https://blog.gitea.com/release-of-1.20.1/

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera’s client service does not perform certificate validation. The manufacturer has released...

Gitea before 1.21.8 inadvertently discloses users’ login times by allowing (for example) the lastlogintime explore/users sort order. More information : https://blog.gitea.com/release-of-1.21.8-and-1.21.9-and-1.21.10/

Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries. More information : https://blog.gitea.com/release-of-1.22.2/

In Gitea before 1.21.2, an anonymous user can visit a private user’s project. More information : https://blog.gitea.com/release-of-1.21.2/

A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper...

Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text. More information : https://blog.gitea.com/release-of-1.22.2/

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources. More information : https://blog.gitea.com/release-of-1.22.3/