40359 matches found
WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.0.3...
How to Protect Personal Data in Today’s API Economy
...
AZL-69766 CVE-2025-10966 affecting package cmake 3.21.4-21
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...
PT-2025-45478
Name of the Vulnerable Software and Affected Versions SourceCodester Leads Manager Tool version 1.0 Description The application is susceptible to Cross-Site Request Forgery CSRF attacks, enabling unauthorized modification of application state. The application does not implement CSRF protection...
Lexmark Printers Improper Validation of Integrity Check Value (CVE-2023-50738)
A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified. Lexmark documentation recommends that access to the Firmware Updates be restricted to trusted personnel. %NASLMINLEVEL 80900 C Tenable, Inc...
New IDC research highlights a major cloud security shift
Cloud security is at a tipping point. While moving to the cloud powers both growth and speed for organizations, it can also bring new risks. According to IDC’s latest research, organizations experienced an average of nine cloud security incidents in 2024, with 89% reporting a year-over-year...
CVE-2025-20305
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechanisms. An attacker with read-only Administrato...
Confidential Computing for Cloud Security: Exploring Hardware Based Encryption Using Trusted Execution Environments
The growth of cloud computing has revolutionized data processing and storage capacities to another levels of scalability and flexibility. But in the process, it has created a huge challenge of security, especially in terms of safeguarding sensitive data. Classical security practices, including...
Security Evaluation of Quantum Circuit Split Compilation under an Oracle-Guided Attack
Quantum circuits are the fundamental representation of quantum algorithms and constitute valuable intellectual property IP. Multiple quantum circuit obfuscation QCO techniques have been proposed in prior research to protect quantum circuit IP against malicious compilers. However, there has not be...
编号撤回
WatchGuard Firebox is a WatchGuard company that provides comprehensive network security services, from traditional IPS and GAV to web site/application control and malicious software prevention. This CVE number has been withdrawn...
DataEase 代码问题漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A code issue vulnerability exists in DataEase version 2.10.14 and versions prio...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990423)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990423 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copytouser...
DRUPAL-CONTRIB-2025-115
The Email TFA module provides additional email-based two-factor authentication for Drupal logins. In certain scenarios, the module does not fully protect all login mechanisms as expected. This issue is mitigated by the fact that an attacker must already have valid user credentials username and...
CVE-2025-20305
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechanisms. An attacker with read-only Administrato...
Securing critical infrastructure: Why Europe’s risk-based regulations matter
The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...
CVE-2025-20305
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechanisms. An attacker with read-only Administrato...
CVE-2025-20305
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechanisms. An attacker with read-only Administrato...
CVE-2025-20305
Cisco ISE (web-based management interface) contains an information-disclosure vulnerability where certain files lack proper data protection, enabling an authenticated, read-only administrator to view passwords normally hidden to that role. Impact is limited to confidentiality (viewing sensitive c...
Apple patches 50 security flaws—update now
Apple has released security updates for iPhones, iPads, Macs, Apple Watches, Apple TVs, Safari, and Xcode, fixing nearly 50 security flaws. Some of these bugs could let cybercriminals see your private data, take control of parts of your device, or break key security protections. Installing these...
CVE-2025-43500
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access sensitive user data...