PT-2025-19323

Name of the Vulnerable Software and Affected Versions Synology Router Manager SRM affected versions not specified portenable cgi affected versions not specified Description A security issue exists in Synology Router Manager SRM related to insufficient protection of service data. Remote attackers...

Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025

As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the attac...

The vulnerability of the Golang programming language, related to insufficient protection of sensitive data, allows attackers to gain unauthorized access to user credentials.

The vulnerability of the Golang programming language is related to insufficient protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to account information...

The vulnerability of the Telemetry component of TP-Link Tapo P125M and Kasa KP125M software devices allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Telemetry component in the microprogramming software of TP-Link Tapo P125M and Kasa KP125M lies in the lack of protection for operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the protected...

Is Your Cloud App Server Secure? Best Practices for Data Protection

Almost every company nowadays depends on cloud computing since it is a necessary tool in the world of…...

SAP Business Objects Business Intelligence Platform 安全漏洞

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. An information disclosure vulnerability exists in SAP Business Objects Business Intelligence Platform, which stems from the application's inadequate...

The vulnerability of the personal assistant Siri in operating systems such as macOS, iOS, and iPadOS allows a hacker to disclose protected information.

The vulnerability of the personal assistant Siri in operating systems such as macOS, iOS, and iPadOS is related to a breach of data protection mechanisms. Exploiting this vulnerability could allow an attacker to disclose protected information...

The vulnerability of the Image Capture application on macOS operating systems allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the Image Capture application in macOS operating systems relates to a flaw in the data protection mechanism. Exploiting this vulnerability can allow attackers to circumvent security restrictions and gain unauthorized access to protected information...

The vulnerability of the microprogramming software of TP-Link Tapo P125M and Kasa KP125M lies in the insufficient protection of operational data, allowing attackers to execute a “man-in-the-middle” type attack.

The vulnerability of the microprogramming software of TP-Link Tapo P125M and Kasa KP125M lies in the insufficient protection of operational data. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middle” attack...

The vulnerability of the virtual learning environment Moodle, related to insufficient protection of operational data, allows a intruder to gain unauthorized access to protected information.

The vulnerability in the virtual learning environment Moodle is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the virtual learning environment Moodle, related to insufficient protection of operational data, allows a intruder to gain unauthorized access to protected information.

The vulnerability in the virtual learning environment Moodle is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

U.K. ICO Investigates TikTok, Reddit, and Imgur Over Children's Data Protection Practices

The U.K.'s Information Commissioner's Office ICO has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between the ages of 13 and 17 in the country. To that end, the watchdog said it's probing how the ByteDance-owned...

TikTok: Major investigation launched into platform’s use of children’s data

TikTok is the subject of yet another major investigation, reports BBC News. This time around, the UK’s Information Commissioner's Office ICO is going to look at how the data of 13 to 17-year-olds feeds the algorithm that decides what further content to show. The ICO introduced a children’s code f...

The vulnerability of Acronis Cyber Protect 16’s data protection software lies in its uncontrolled search path, which allows attackers to exploit their privileges.

The vulnerability of Acronis Cyber Protect 16 data protection software is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the `avformat_free_context()` function in the libavformat multimedia library of FFmpeg allows attackers to compromise the integrity of protected information.

The vulnerability of the avformatfreecontext function in the library for multiplexing and demultiplexing media containers in the libavformat multimedia library of FFmpeg is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to compromise the integrity of the...

The vulnerability of the software for data integration and analysis in Hitachi Vantara Pentaho Data Integration & Analytics lies in the insufficient protection of registration data, which allows attackers to disclose confidential information.

The vulnerability of the software for data integration and analytics in Hitachi Vantara Pentaho Data Integration & Analytics relates to insufficient protection of registration data. Exploiting this vulnerability could allow a malicious actor to disclose confidential information...

The vulnerability of the libavutil library, a multimedia library used in FFmpeg, allows attackers to disclose protected information.

The vulnerability of the libavutil library, a multimedia library used in FFmpeg, is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...

Countries and companies are fighting at the expense of our data privacy

Data privacy issues are a hot topic in a world where we apparently don’t know who to trust anymore. A few weeks ago, we reported how the UK had secretly ordered Apple to provide blanket access to protected cloud backups around the world. This week, Apple decided to pull the plug on Advanced Data...

89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals

Organizations are either already adopting GenAI solutions, evaluating strategies for integrating these tools into their business plans, or both. To drive informed decision-making and effective planning, the availability of hard data is essential—yet such data remains surprisingly scarce. The...

DRUPAL-CONTRIB-2025-018

The GDPR Task submodule enables you to create GDPR tasks. The module doesn't sufficiently protect against Cross Site Request Forgery CSRF attacks by validating user identity and intent when creating tasks...