EUVD-2024-24642

Malicious code in bioql PyPI...

Microsoft Windows inconsistent driver blocking

RISK EVALUATION Microsoft Windows Defender Application Control WDAC and the Microsoft vulnerable driver blocklist do not adequately block known-vulnerable drivers. These unexpected behaviors can confuse users about whether or not driver blocking is working and which drivers are being blocked. 2...

CVE-2025-59033

The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control WDAC policy. Entries that specify only the to-be-signed TBS part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash along with a...

CVE-2025-59033

The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control WDAC policy. Entries that specify only the to-be-signed TBS part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash along with a...

PT-2025-36478

Name of the Vulnerable Software and Affected Versions: Windows versions affected versions not specified Description: The Microsoft vulnerable driver block list, implemented as Windows Defender Application Control WDAC policy, does not properly block entries specifying the signing certificate’s TB...

CVE-2025-59033

The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control WDAC policy. Entries that specify only the to-be-signed TBS part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash along with a...

Malicious code in alpha-rqf-project (npm)

The package alpha-rqf-project was found to contain malicious code...

CVE-2025-54583

GitProxy (finos/git-proxy) vulnerability CVE-2025-54583 affects version 1.19.1 and earlier; 1.19.2 fixes the issue. The flaw allows pushing to a remote repository while bypassing policy checks and explicit approvals when multiple branches are pushed, enabling code that should be blocked (e.g., se...

GitProxy Approval Bypass When Pushing Multiple Branches

Summary This vulnerability allows a user to push to the remote repository while bypassing policies and explicit approval. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository. Because it can allow policy violations to go undetected, w...

GHSA-QR93-8WWF-22G4 GitProxy Approval Bypass When Pushing Multiple Branches

Summary This vulnerability allows a user to push to the remote repository while bypassing policies and explicit approval. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository. Because it can allow policy violations to go undetected, w...

July 8, 2025-KB5062064 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016

July 8, 2025-KB5062064 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016 Release Date: July 8, 2025 Version: .NET Framework 4.8 The July 8, 2025 update for Windows 10, version 1607 and Windows Server 2016 includes security and cumulative reliability...

July 8, 2025-KB5062062 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2

July 8, 2025-KB5062062 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 Release Date: July 8, 2025 Version: .NET Framework 3.5 and 4.8.1 The July 8, 2025 update for Microsoft server operating system, version 23H2 includes security and cumulati...

CVE-2021-38178

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious...

CVE-2019-1344

An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for network, system and application resources. A security vulnerability exists in Centreon that stems from insufficient integrity checking of code downloads,...

PT-2025-20881 · Centreon · Centreon Web

Name of the Vulnerable Software and Affected Versions: Centreon web versions 22.10.0 through 22.10.29 Centreon web versions 23.04.0 through 23.04.27 Centreon web versions 23.10.0 through 23.10.22 Centreon web versions 24.04.0 through 24.04.11 Centreon web versions 24.10.0 through 24.10.5...

April 25, 2025-KB5056579 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2

April 25, 2025-KB5056579 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2 IMPORTANT This update was originally released in the Security and Quality Rollup that’s dated April 22, 2025. This update is included in the Security and Quality Rollup that’s dated July 8,...

July 8, 2025-KB5056580 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 and Windows 11, version 23H2

July 8, 2025-KB5056580 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 and Windows 11, version 23H2 Revised July 7, 2025: Updated 'How to get this update' section. Revised July 10, 2025 : Updated 'How to get this update' section. A known issue section has been...

IBM Engineering Requirements Management DOORS Next Reflected File Download (7184506)

The version of IBM Engineering Requirements Management DOORS Next installed on the remote host is 7.0.2 prior to 7.0.2 ifix 33 or 7.0.3 7.0.3 ifix 11 or 7.1.0 7.1.0 ifix 02. It is, therefore, affected by reflected file download vulnerability as referenced in the 7184506 advisory. - IBM Engineerin...

CVE-2024-43169

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code...