Security update for ucode-intel

This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20250812 release bsc1248438 CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable...

CVE-2025-34523

A heap-based buffer overflow vulnerability exists in the network-facing input handling routines of Arcserve Unified Data Protection UDP. This flaw is reachable without authentication and results from improper bounds checking when processing attacker-controlled input. By sending specially crafted...

CVE-2025-58049 XWiki PDF export jobs store sensitive cookies unencrypted in job statuses

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki...

Security Bulletin: IBM Guardium Data Protection is affected by an SQL Injection via username vulnerability (CVE-2024-55906).

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2024-55906 DESCRIPTION: IBM Security Guardium is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view,...

Vulnerabilities fixed in Arcserve Unified Data Protection

Arcserve has fixed vulnerabilities in Arcserve Unified Data Protection UDP for all versions prior to 10.2. The vulnerabilities include an authentication bypass that allows unauthenticated malicious parties to access protected functions, a reflected cross-site scripting XSS vulnerability that allo...

CVE-2025-34521

A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...

CVE-2025-34520 Arcserve UDP < 10.2 Authentication Bypass

An authentication bypass vulnerability in Arcserve Unified Data Protection UDP allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can bypass login mechanisms...

CVE-2025-34521

A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...

Arcserve Unified Data Protection 安全漏洞

Arcserve Unified Data Protection is Arcserve's all-in-one data and ransomware protection solution. A security vulnerability exists in Arcserve Unified Data Protection versions prior to 10.2 that stems from reflective cross-site scripting and could lead to session hijacking...

Arcserve Unified Data Protection 安全漏洞

Arcserve Unified Data Protection is Arcserve's all-in-one data and ransomware protection solution. A security vulnerability exists in Arcserve Unified Data Protection versions prior to 10.2 that stems from a heap buffer overflow that could lead to remote code execution...

PT-2025-34946

Name of the Vulnerable Software and Affected Versions: Arcserve Unified Data Protection UDP versions prior to 10.2 Arcserve Unified Data Protection UDP versions 8.0 through 10.1 Arcserve Unified Data Protection UDP versions 7.x and earlier Description: An authentication bypass in Arcserve Unified...

Google settles YouTube lawsuit over kids&#8217; privacy invasion and data collection

Google has agreed to a $30 million settlement in the US over allegations that it illegally collected data from underage YouTube users for targeted advertising. The lawsuit claims Google tracked the personal information of children under 13 without proper parental consent, which is a violation of...

Bridging the Mobile Trust Gap: a Zero Trust Framework for Consumer-Facing Applications

Zero Trust Architecture ZTA has become a widely adopted model for securing enterprise environments, promoting continuous verification and minimal trust across systems. However, its application in mobile contexts remains limited, despite mobile applications now accounting for most global digital...

VulnCheck KEV: CVE-2023-26258

Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute a...

Wazuh for Regulatory Compliance

Organizations handling various forms of sensitive data or personally identifiable information PII require adherence to regulatory compliance standards and frameworks. These compliance standards also apply to organizations operating in regulated sectors such as healthcare, finance, government...

CVE-2025-8896

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdprcommunicationpreferences' parameter in all versions up to, and including, 3.14.3 due to insufficient input sanitization and...

PT-2025-33539 · WordPress · User Profile Builder

Name of the Vulnerable Software and Affected Versions: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress versions through 3.14.3 Description: The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Edito...

Dow’s 125-year legacy: Innovating with AI to secure a long future

Founded more than 125 years ago, Dow has demonstrated a commitment to leveraging science to make the world a better place. Today, Dow’s ambition to be the most innovative, inclusive, and sustainable materials science company is supported by a global security team dedicated to keeping employees,...

The Ultimate Battle: Enterprise Browsers vs. Secure Browser Extensions

Most security tools can't see what happens inside the browser, but that's where the majority of work, and risk, now lives. Security leaders deciding how to close that gap often face a choice: deploy a dedicated Enterprise Browser or add an enterprise-grade control layer to the browsers employees...

Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2025-22718)

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A security vulnerability exists in Dell PowerProtect Data Domain, which can be exploited by an attacker to cause arbitrary commands to be...