bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

CVE-2025-62308

Technical details about CVE-2025-62308 are not publicly available in the provided documents. Monitor for updates from the vendor and NVD to assess affected components, impact, and remediation.

EUVD-2025-209849

HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...

CVE-2025-62308 HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed

HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...

CVE-2025-62308 HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed

HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...

How AI Hallucinations Are Creating Real Security Risks

AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most probable...

PT-2026-40951

HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...

CVE-2026-38740

Foscam VD1 Video Doorbell before V5.3.131072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol SDP, including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the possibility of exposing sensitive details related to backend infrastructure. This could lead to the disclosure of internal system architecture or...

CVE-2026-44478 hoppscotch: Unauthenticated Onboarding Config Disclosure via Empty Recovery Token

hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config overwrites. However, GET /v1/onboarding/config sti...

CVE-2026-44478

CVE-2026-44478 concerns Hoppscotch, an open source API development ecosystem. The vulnerability chain involves an unauthenticated POST to /v1/onboarding/config that, prior to 2026.2.0, allowed overwriting the infrastructure configuration without verifying onboarding completion, potentially compro...

Malicious Package

Overview github.com/BufferZoneCorp/go-envconfig is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a cluste...

Why Canadian Telecom Providers Are Prime Targets for Cyberattacks

Canadian telecom providers face mounting cyber threats from ransomware, SIM swapping, data breaches, and nation-state attacks targeting critical infrastructure...

Hoppscotch 访问控制错误漏洞

Hoppscotch is an open-source API development ecosystem created by Hoppscotch. Versions of Hoppscotch from 2026.2.0 to 2026.4.0 contained a access control vulnerability. This vulnerability stemmed from the GET /v1/onboarding/config endpoint, which still exposed all infrastructure secrets in plain...

PT-2026-40829

Name of the Vulnerable Software and Affected Versions hoppscotch versions prior to 2026.4.0 Description An information disclosure issue exists where the 'GET /v1/onboarding/config' endpoint leaks infrastructure secrets in plaintext to unauthenticated users. This occurs specifically when the...

CVE-2026-40131 SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

[SECURITY] Fedora 43 Update: nss-3.122.2-1.fc43

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

Cisco Prime Infrastructure Information Disclosure (cisco-sa-pi-unauth-infodiscl-LFnLgmey)

The version of Cisco Prime Infrastructure installed on the remote host is prior to Migrate to a fixed release.. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-pi-unauth-infodiscl-LFnLgmey advisory. - A vulnerability in the log file download functionality of Cisco Prim...

SAP HANA Deployment Infrastructure deploy library SQL注入漏洞

SAP HANA Deployment Infrastructure deploy library is a deployment support library developed by SAP, a German company, for the deployment and lifecycle management of SAP HANA applications. The SAP HANA Deployment Infrastructure deploy library contains a SQL injection vulnerability. This...

CVE-2026-34314

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Platform. Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows low privileged attacker wit...