Design and Detection of Covert Man-In-The-Middle Cyberattacks on Water Treatment Plants

Cyberattacks targeting critical infrastructures, such as water treatment facilities, represent significant threats to public health, safety, and the environment. This paper introduces a systematic approach for modeling and assessing covert man-in-the-middle MitM attacks that leverage system...

EUVD-2025-37931

Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiarpasswordolvidovalidar.php txtlogin parameter...

PT-2025-45155

Name of the Vulnerable Software and Affected Versions Quipux versions 4.0.1 through e1774ac Description The software allows for the enumeration of usernames and access to the Ecuadorean identification number for all registered users. This is achieved by manipulating the txt login parameter within...

MINI-M2R4-X8JG-MRJP

Bulletin has no description...

CVE-2025-20734

creationtimestamp| type| source ---|---|--- 2025-11-04 08:45:26+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m4s5gzdxtby2 2025-11-04 09:34:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4sa6rpouw2s...

EUVD-2025-37567

In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00447115; Issue ID: MSV-4276...

EUVD-2025-37647

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data...

MINI-HXXR-Q3QJ-CJ3H

Bulletin has no description...

CVE-2025-5397

creationtimestamp| type| source ---|---|--- 2025-10-31 08:43:24+00:00| seen| https://gist.github.com/Darkcrai86/ab96e009d6a99d8289e48bc3ae4088f4 2025-10-31 09:21:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4i5mvgdiq2j 2025-11-01 10:03:46+00:00| seen|...

CGA-VMGP-P9C5-C79F

Bulletin has no description...

MINI-8MCP-H5V9-MCG6

Bulletin has no description...

EUVD-2025-36598

Not used...

PT-2025-43373

Name of the Vulnerable Software and Affected Versions BIND versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1. Description Due to a weakness in the...

CVE-2025-62591

...

CVE-2025-61755

CVE-2025-61755 affects Oracle GraalVM for JDK (Compiler) with affected versions 17.0.16 and 21.0.8. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to read a subset of data. CVSS v3.1 base score is 3.7 (Low), with attack vector NETWORK and high atta...

CVE-2025-53072

CVE-2025-53072 affects Oracle E-Business Suite Marketing Administration (component Marketing Administration) in versions 12.2.3–12.2.14. Root cause: missing authentication for a critical function allowing unauthenticated remote HTTP access. Impact: full takeover of Oracle Marketing with high conf...

CVE-2025-60856

creationtimestamp| type| source ---|---|--- 2025-10-20 17:39:23+00:00| seen| Telegram/s0S5QmsD4PfE5kc7Qnz9Ko0BcagA0ZOeFGFl7RkNviL0Y...

EUVD-2025-34688

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabilities...

CGA-2QC6-PW5F-GP72

Bulletin has no description...

CVE-2025-55687

creationtimestamp| type| source ---|---|--- 2025-10-14 16:03:45+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0310 2025-10-14 16:38:44+00:00| seen| https://www.thezdi.com/blog/2025/10/14/the-october-2025-security-update-review 2025-10-24 06:24:42+00:00| seen|...