Achieving Zero-Disruption Patch Management with Qualys’ Latest Capabilities

Keeping systems patched is essential, but doing it efficiently and confidently is what sets great IT operations apart. With the latest capabilities in Qualys Patch Management, you can achieve just that. The most recent advancements in Qualys Patch Management – Intelligent Job Chaining and...

BIT-TOMCAT-2025-31651 Apache Tomcat: Bypass of rules in Rewrite Valve

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-6218-WinRAR-Directory-Traversal-RCE CVE-2025-6218 is...

CVE-2025-42970

SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system,...

CLSA-2025-1752087582 Fix CVE(s): CVE-2025-31651

SECURITY UPDATE: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability - debian/patches/CVE-2025-31651.patch: Enforces rewrite rules to preventing bypass of security constraints in specific configurations - CVE-2025-31651...

CVE-2025-44177

A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences...

CVE-2025-44177

A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the charms HTTP API endpoint when handling uploaded ZIP files. An attacker can overwrite arbitrary files on the server by uploading a specially crafted ZIP archive containing directory traversal sequences,...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the charms HTTP API endpoint when handling uploaded ZIP files. An attacker can overwrite arbitrary files on the server by uploading a specially crafted ZIP archive containing directory traversal sequences,...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the charms HTTP API endpoint when handling uploaded ZIP files. An attacker can overwrite arbitrary files on the server by uploading a specially crafted ZIP archive containing directory traversal sequences,...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses an application is vulnerable to a reflected file download (RFD) attack.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses an application is vulnerable to a reflected file download RFD attack.The filename is derived from user-supplied input but sanitized by the application. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION:...

Shuffling for Semantic Secrecy

Deep learning draws heavily on the latest progress in semantic communications. The present paper aims to examine the security aspect of this cutting-edge technique from a novel shuffling perspective. Our goal is to improve upon the conventional secure coding scheme to strike a desirable tradeoff...

PT-2025-28952 · Ruckus +1 · Smartzone +2

Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: RUCKUS SmartZone SZ is susceptible to a directory traversal issue that allows unauthorized access to files. The issue is caused by insufficient validation of user-suppli...

CVE-2025-44177

A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences...

PT-2025-28901 · White Star · Protop

Name of the Vulnerable Software and Affected Versions: White Star Software Protop version 4.4.2-2024-11-27 Description: A directory traversal issue exists in White Star Software Protop version 4.4.2-2024-11-27. An unauthenticated attacker can remotely read arbitrary files on the underlying...

Automated Attack Testflow Extraction from Cyber Threat Report Using BERT for Contextual Analysis

In the ever-evolving landscape of cybersecurity, the rapid identification and mitigation of Advanced Persistent Threats APTs is crucial. Security practitioners rely on detailed threat reports to understand the tactics, techniques, and procedures TTPs employed by attackers. However, manually...

CVE-2025-44177

A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences...

CVE-2025-44177

Summary (concrete details from connected docs): White Star Software Protop (version 4.4.2-2024-11-27) is vulnerable to a directory traversal in the /pt3upd/ endpoint. An unauthenticated attacker can read arbitrary files on the OS by using encoded traversal sequences (e.g., URL-encoded payloads). ...

SUSE CVE-2025-38236

In the Linux kernel, the following vulnerability has been resolved: afunix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unixstreamreadgeneric. The following sequences reproduce the issue: $ python3 from socket import s1, s2 = socketpairAFUNIX, SOCKSTREAM...

Security Bulletin: A denial-of-service attack, heap use after free, network server exploit, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to denial-of-service attack, heap use after free, network server exploit, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-32873 DESCRIPTION: An issue was discovered in Django 4.2 before 4.2.2...