The vulnerability of the virtual learning environment Moodle, related to insufficient protection of operational data, allows a hacker to disclose protected information.

The vulnerability in the virtual learning environment Moodle is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...

The vulnerability of the Synology Router Manager operating system, related to insufficient protection of sensitive data, allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Synology Router Manager operating system is related to insufficient protection for service data. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

Product Walkthrough: Securing Microsoft Copilot with Reco

Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats - all while keeping productivity high. Microsoft 365 Copilot promises to boost productivity by turning natural language prompts into actions. Employees can...

SoK: Enhancing Privacy-Preserving Software Development from a Developers' Perspective

In software development, privacy preservation has become essential with the rise of privacy concerns and regulations such as GDPR and CCPA. While several tools, guidelines, methods, methodologies, and frameworks have been proposed to support developers embedding privacy into software applications...

The vulnerability of the FreeIpa server, related to insufficient protection of service data, allows attackers to circumvent existing security restrictions and disclose the protected information.

The vulnerability of the FreeIpa server is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and disclose the protected information...

CVE-2023-35814

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms...

DevExpress 安全漏洞

DevExpress is a software from the American company DevExpress, Inc. for providing best-in-class UI controls, tools and frameworks for WinForms, ASP.NET, MVC, Blazor, ASP.NET Core, WPF, VCL, Xamarin and JavaScript. A security vulnerability exists in DevExpress versions prior to 23.1.3, which stems...

The vulnerability of the Jenkins automation server, related to insufficient protection of service data, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Jenkins automation server is related to insufficient protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

CVE-2023-35814

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET Web Forms. Affects DevExpress XtraReport serialization handling prior to version 23.1.3; impacts confidentiality, integrity and availability as per listed CVSS details. Remediation: upgrade to version 23.1.3 ...

PT-2025-18084 · Devexpress · Devexpress

Name of the Vulnerable Software and Affected Versions: DevExpress versions prior to 23.1.3 Description: The issue is related to the improper protection of XtraReport serialized data in ASP.NET web forms. This affects the security of the data, potentially allowing unauthorized access or...

The vulnerability of the Azure Health Bot, a tool for creating and deploying intelligent chatbots in the healthcare sector, relates to a data protection mechanism breach, allowing attackers to escalate their privileges.

The vulnerability of the tool for creating and deploying intelligent chatbots in the healthcare domain, Azure Health Bot, is related to a breach in data protection mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to enhance their privileges...

The vulnerability of the Jenkins automation server, related to insufficient protection of service data, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Jenkins automation server is related to insufficient protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

Moodle allows IDOR when accessing the cohorts report

A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve...

The vulnerability of the UpdateConnectionVariables method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the UpdateConnectionVariables method in software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the...

CVE-2025-38575

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aeadrequestfree to match aeadrequestalloc Use aeadrequestfree instead of kfree to properly free memory allocated by aeadrequestalloc. This ensures sensitive crypto data is zeroed before being freed...

SUSE CVE-2024-58096

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: add srng-lock for ath11khalsrng in monitor mode ath11khalsrng should be used with srng-lock to protect srng data. For ath11kdprxmondestprocess and ath11kdpfullmonprocessrx, they use ath11khalsrng for many times but...

PT-2025-17090 · Unknown · Revamp Crm For Woocommerce

Name of the Vulnerable Software and Affected Versions: Revamp CRM for WooCommerce versions 1.1.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This means an attacker...

PT-2025-17171 · Unknown · Ashish Ajani Contact Form Vcard Generator

Name of the Vulnerable Software and Affected Versions: Ashish Ajani Contact Form vCard Generator versions n/a through 2.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means th...

Overlapping Error Correction Codes on Two-Dimensional Structures

The growing demand for highly reliable communication systems drives the research and development of algorithms that identify and correct errors during data transmission and storage. This need becomes even more critical in hard-to-access or sensitive systems, such as those used in space...

Insights from the field:  Key Findings from the ICIT report on Government Cloud Security

Wiz partnered with the Institute for Critical Infrastructure Technology ICIT publishing a report around findings from a survey given to federal and state agencies, highlighting the growing importance of cloud and AI technologies, and concerns around available resources and data protections...