ABB多款产品 代码问题漏洞

ABB ASPECT-Enterprise and others are products of ABB Switzerland.ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexib...

PT-2025-22534 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3. NEXUS Series versions through 3. MATRIX Series versions through 3. Description: The issue allows device commissioning parameters in ASPECT to be modified by an external source if administrative credential...

ABB多款产品 安全漏洞

ABB ASPECT and others are products of ABB Switzerland.ABB ASPECT is a scalable building energy management and control solution.ABB MATRIX is an embedded building automation network controller.ABB NEXUS is a wireless and wired solution. A security vulnerability exists in several ABB products that...

PT-2025-22538 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3. NEXUS Series versions through 3. MATRIX Series versions through 3. Description: The issue is related to one way hash with predictable salt vulnerabilities in ASPECT, which may expose sensitive information...

PT-2025-22530 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3.08.03 NEXUS Series versions through 3.08.03 MATRIX Series versions through 3.08.03 Description: Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials...

PT-2025-22541 · Aspect · Aspect-Enterprise +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3. NEXUS Series versions through 3. MATRIX Series versions through 3. Description: The issue concerns the disclosure of serialized configuration information during device commissioning when using ASPECT's...

PT-2025-22531 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3.08.03 NEXUS Series versions through 3.08.03 MATRIX Series versions through 3.08.03 Description: An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resource...

PT-2025-22517 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3.08.03 NEXUS Series versions through 3.08.03 MATRIX Series versions through 3.08.03 Description: Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become...

CVE-2009-2779

SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action...

FedGraM: Defending against Untargeted Attacks in Federated Learning Via Embedding Gram Matrix

Federated Learning FL enables geographically distributed clients to collaboratively train machine learning models by sharing only their local models, ensuring data privacy. However, FL is vulnerable to untargeted attacks that aim to degrade the global model's performance on the underlying data...

A Chaos Driven Metric for Backdoor Attack Detection

The advancement and adoption of Artificial Intelligence AI models across diverse domains have transformed the way we interact with technology. However, it is essential to recognize that while AI models have introduced remarkable advancements, they also present inherent challenges such as their...

BIT-MOODLE-2024-43433 Moodle: matrix user/power level management not always working as expected with suspended users

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to cross-site scripting in Twisted [CVE-2024-41810]

Summary IBM Watson Speech Services Cartridge is vulnerable to to cross-site scripting in Twisted, caused by improper validation of user-supplied input by the HTTP redirect body CVE-2024-41810. Twisted is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the...

DejaVuzz: Disclosing Transient Execution Bugs with Dynamic Swappable Memory and Differential Information Flow Tracking Assisted Processor Fuzzing

Transient execution vulnerabilities have emerged as a critical threat to modern processors. Hardware fuzzing testing techniques have recently shown promising results in discovering transient execution bugs in large-scale out-of-order processor designs. However, their poor microarchitectural...

CVE-2025-29529

ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx...

CVE-2025-29529

ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx...

New whitepaper outlines the taxonomy of failure modes in AI agents

We are releasing a taxonomy of failure modes in AI agents to help security professionals and machine learning engineers think through how AI systems can fail and design them with safety and security in mind. The taxonomy continues Microsoft AI Red Team's work to lead the creation of systematizati...

CVE-2025-29529

CVE-2025-29529 relates to SQL injection in ITC Systems Multiplan/Matrix OneCard platform, specifically in Forgotpassword.aspx of version 3.7.4.1002. The vulnerability arises from a flaw in the Forgotpassword.aspx component that enables SQL injection. Affected product is ITC Systems Multiplan/Matr...

ITC Systems Multiplan/Matrix OneCard platform 安全漏洞

ITC Systems Multiplan/Matrix OneCard platform is a campus or institutional card management platform from ITC Systems. A security vulnerability exists in ITC Systems Multiplan/Matrix OneCard platform version 3.7.4.1002, which originates from a SQL injection vulnerability in the Forgotpassword.aspx...

CVE-2025-29529

ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx...