CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....

CVE-2022-44795

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...

The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That

Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half of the equation—is what happens after detection. New research from GitGuardian's State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets...

CVE-2021-38178

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious...

Denial of Service Vulnerability in Omron Small PLC Series CP1L (CNVD-2020-58494)

CP1L is Omron's compact PLC series, an all-in-one PLC with built-in pulse output, analog input/output, and serial communication functions. A denial of service vulnerability exists in the Omron Compact PLC Series CP1L, which can be exploited by an attacker to erase logic files running inside the...

CVE-2019-20509

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it only affected a development version. Notes: none...

How to migrate Citrix Licensing Server component

1. Migrating Citrix Licensing Server component from one server to another server 2. Updating Citrix products to use the new licensing server without any production impact...

kernel: userfaultfd bypasses tmpfs file permissions

A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior. At this time there is an understanding there is no crash or privilege...

Preparing for Y2038 (Already?!)

It somehow doesn't seem that long ago, but nineteen years ago during Y2K I spent my New Year's Eve in the Akamai Network Operations center, waiting to respond to anything that might go awry as the clock struck midnight in key time zones such as Greenwich and Boston. As of January 9, 2019, we are...

Top iPhone Supplier Battles WannaCry Infection

A top iPhone supplier, Taiwan Semiconductor Manufacturing Co. TSMC, has recovered from a WannaCry ransomware infection that impacted the majority of its fabrication tools. The incident could delay mobile phone shipments during the pre-holiday Fall rush, and reduce revenue for Taiwan’s largest...