Description of the security update for SharePoint Server 2019 Language Pack: April 14, 2026 (KB5002856)

Description of the security update for SharePoint Server 2019 Language Pack: April 14, 2026 KB5002856 Summary Important: If you're running 2013-type workflows, you mustinstall the August 2025 update for SharePoint Workflow Manager​​​​​​​to your farm before you install this cumulative update. If...

Description of the security update for SharePoint Server 2019 Language Pack: January 13, 2026 (KB5002823)

Description of the security update for SharePoint Server 2019 Language Pack: January 13, 2026 KB5002823 Summary Important: If you're running 2013-type workflows, you mustinstall the August 2025 update for SharePoint Workflow Manager to your farm before you install this cumulative update.​​​​​​​ I...

Database of 323,986 BreachForums Users Leaked as Admin Disputes Scope

Database of 323,986 BreachForums users leaked online as forum admins claim the exposed data is partial and dates back to August 2025...

CVE-2025-13427

An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific AP...

CVE-2025-13427 Authentication Bypass in Dialogflow CX Messenger

An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific AP...

CVE-2025-13427

CVE-2025-13427 concerns an authentication bypass in Google Cloud Dialogflow CX Messenger. The vulnerability allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents’ knowledge and the ability to trigger their intents by manipulating initialization parame...

Description of the security update for SharePoint Server 2019 Language Pack: December 9, 2025 (KB5002802)

Description of the security update for SharePoint Server 2019 Language Pack: December 9, 2025 KB5002802 Summary Important: If you're running 2013-type workflows, you mustinstall the August 2025 update for SharePoint Workflow Manager to your farm before you install this cumulative update.​​​​​​​ I...

CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

VulnCheck KEV: CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

AMD Graphics August 2025 Security Update

AMD has informed HP of potential vulnerabilities in some AMD Graphics components, which might lead to loss of confidentiality, loss of integrity, loss of availability, system crash, arbitrary writes, out of bounds read, or denial of service. AMD is releasing software updates to mitigate the...

EUVD-2025-24126

Malicious code in bioql PyPI...

EUVD-2025-30835

Malicious code in bioql PyPI...

Inc Ransomware Group Claims 5.7 TB Theft from Pennsylvania Attorney General’s Office

The Inc ransomware gang claims to have stolen 5.7 TB of data from the Pennsylvania Attorney General's office in an August 2025 attack. Find out how the breach unfolded, why government agencies are a top target, and what this means for citizens...

CVE-2025-59434 Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...

CVE-2025-59434 Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...

CVE-2025-47906

If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for August 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 25.0.0-IF001 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be us...

CVE-2025-55144

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...

CVE-2025-55139

SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with admin privileges to enumerate internal...

CVE-2025-8712

Ivanti reports a missing authorization flaw (CVE-2025-8712) affecting Ivanti Connect Secure before 22.7R2.9/22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723, and Ivanti Neurons for Secure Access before 22.8R1.4. The issue allows a remote authenticated attacker ...