PT-2025-51421

Name of the Vulnerable Software and Affected Versions WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions through 4.0.7 Description An authorization issue exists in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent. The issue involves incorrectly configured...

Canary Mail 安全漏洞

Canary Mail is an email client application from Canary Mail, Inc. in the United States. A security vulnerability exists in Canary Mail version 5.1.40 and earlier, which stems from a failure to add the Mark-of-the-Web tag when saving a document, which could lead to a bypass of the file protection...

Welcome to the new Project Zero Blog

Posted by Natalie Silvanovich While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to dust off old blog posts that never quite saw the light of day. And...

LegionITS: A Federated Intrusion-Tolerant System Architecture

The growing sophistication, frequency, and diversity of cyberattacks increasingly exceed the capacity of individual entities to fully understand and counter them. While existing solutions, such as Security Information and Event Management SIEM systems, Security Orchestration, Automation, and...

Cybercrime and Computer Forensics in Epoch of Artificial Intelligence in India

The integration of generative Artificial Intelligence into the digital ecosystem necessitates a critical re-evaluation of Indian criminal jurisprudence regarding computational forensics integrity. While algorithmic efficiency enhances evidence extraction, a research gap exists regarding the Digit...

CVE-2025-65318

When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...

CVE-2025-65318

CVE-2025-65318 : Red Hat and NVD/NVD-derived records describe a vulnerability in Canary Mail 5.1.40 and earlier where saving documents via the attachment interaction leads to files being written to the filesystem without a Mark-of-the-Web tag. This tag omission can bypass built-in file protection...

CVE-2025-65319

When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...

Linux Distros Unpatched Vulnerability : CVE-2025-68261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data destruction and block mapping. The function...

PT-2025-51573

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the SMC Stream Management Control subsystem that can lead to a general protection fault. Specifically, a crash can occur in the smc diag dump...

PT-2025-51703

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the allocation of a cell's anonymous key within the AFS Andrew File System subsystem. Specifically, the issue arises from delayed allocation ...

Exploit for CVE-2025-65318

PoC for CVE-2025-65318 and CVE-2025-65319 - CVE-2025-65318...

Microsoft named an overall leader in KuppingerCole Leadership Compass for Generative AI Defense

Today, we are proud to share that Microsoft has been recognized as an overall leader in the KuppingerCole Leadership Compass for Generative AI Defense GAD, an independent report from a leading European analyst firm. This recognition reinforces the work we’ve been doing to deliver enterprise-ready...

CVE-2025-34412

...

CVE-2025-34412

The CVE-2025-34412 entry, based on connected documents, concerns the Convercent Whistleblowing Platform (EQ S Group) with a browser/session handling protection mechanism failure. By default deployments omit critical HTTP security headers (Content-Security-Policy, Referrer-Policy, Permissions-Poli...

CVE-2025-34412

...

Weak Enforcement and Low Compliance in PCI~DSS: A Comparative Security Study

Although credit and debit card data continue to be a prime target for attackers, organizational adherence to the Payment Card Industry Data Security Standard PCI DSS remains surprisingly low. Despite prior work showing that PCI DSS can reduce card fraud, only 32.4% of organizations were fully...

PT-2025-51235

Name of the Vulnerable Software and Affected Versions Convercent Whistleblowing Platform versions affected versions not specified Description The application exhibits a protection mechanism failure in browser and session handling. It lacks essential HTTP security headers, including...

ROS-20251215-7308

Vulnerability in phpldapadmin related to failure to take measures to protect web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

RHEL 8 : kernel (RHSA-2025:14985)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14985 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipv6: mcast: extend RCU...