CVE-2021-32670

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

CVE-2021-30751

This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass certain Privacy preferences...

CVE-2025-33136

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data...

CVE-2020-9913

This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information...

CVE-2025-33136

CVE-2025-33136 affects IBM Aspera Faspex 5 (versions 5.0.0–5.0.12). The issue is due to improper protection of assumed immutable data (MAID), enabling an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user. According to IBM’s advisory, reme...

CVE-2020-12036

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...

CVE-2018-18660

An issue was discovered in Arcserve Unified Data Protection UDP through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue...

New Best Practices Guide for Securing AI Data Released

Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and international partners released a joint Cybersecurity Information Sheet on AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems. This information sheet highlights the critical role...

CVE-2011-4699

The Ubermedia Twidroyd Legacy com.twidroydlegacy application 4.3.11 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application...

CVE-2011-4698

The AndroidAppTools Easy Filter com.phoneblocker.android application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call records via a crafted application...

CVE-2018-18658

An issue was discovered in Arcserve Unified Data Protection UDP through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue...

CVE-2018-18659

An issue was discovered in Arcserve Unified Data Protection UDP through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue...

Mapping the Future of AI Security

AI security is one of the most pressing challenges facing the world today. Artificial intelligence is extraordinarily powerful, and, especially considering the advent of Agentic AI, growing more so by the day. But it is for this reason that securing it is so important. AI handles massive amounts ...

CVE-2011-4772

The 360 KouXin com.qihoo360.kouxin application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application...

CVE-2011-4705

The Ming Blacklist Free vc.software.blacklist application 1.8.1 and 1.9.2.1 for Android does not properly protect data, which allows remote attackers to read or modify blacklists and a contact list via a crafted application that launches a "data-flow attack."...

CVE-2011-4771

The Scan to PDF Free com.scan.to.pdf.trial application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a crafted application...

CVE-2011-4864

The Tencent MobileQQ com.tencent.mobileqq application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application...

CVE-2012-4616

Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor DPA 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2011-4702

The Nimbuzz com.nimbuzz application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application...

CVE-2011-4701

The CallConfirm jp.gr.javaconf.ofnhwx.callconfirm application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted application...