Arcserve Unified Data Protection 安全漏洞

Arcserve Unified Data Protection is Arcserve's all-in-one data and ransomware protection solution. A security vulnerability exists in Arcserve Unified Data Protection versions prior to 10.2 that stems from an authentication bypass that could lead to unauthorized access...

PT-2025-34844 · Cgm · Cgm Clininet

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: The system exposes several endpoints, typically including /int/ in their path, that should be restricted to internal services but are publicly accessible without authentication to any host able to...

Protected Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-101

This module enables you to protect individual pages with a password. The module doesn't limit the number of password attempts, making it vulnerable to brute force attacks. This vulnerability is mitigated by the fact that an attacker must know the protected page's URL. CVSS risk score experimental...

Arcserve Unified Data Protection 安全漏洞

Arcserve Unified Data Protection is Arcserve's all-in-one data and ransomware protection solution. A security vulnerability exists in Arcserve Unified Data Protection versions prior to 10.2 that stems from reflective cross-site scripting and could lead to session hijacking...

PT-2025-34864

Name of the Vulnerable Software and Affected Versions: Dell ThinOS 10 versions prior to 2508 10.0127 Description: Dell ThinOS 10 contains a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this issue, leading to a bypass of the...

Linux Distros Unpatched Vulnerability : CVE-2020-17448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat...

15,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Dokan Pro WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

CVE-2025-57770 ZITADEL user enumeration vulnerability in login UI

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login interface. The login UI includes a security...

CVE-2011-10023

MJM QuickPlayer likely now referred to as MJM Player version 2010 contains a stack-based buffer overflow vulnerability triggered by opening a malicious .s3m music file. The flaw occurs due to improper bounds checking in the file parser, allowing an attacker to overwrite memory and execute arbitra...

Wordfence Bug Bounty Program Monthly Report – July 2025

Last month in July 2025, the Wordfence Bug Bounty Program received 325 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence...

CVE-2025-38638 ipv6: add a retry logic in net6_rt_notify()

In the Linux kernel, the following vulnerability has been resolved: ipv6: add a retry logic in net6rtnotify inet6rtnotify can be called under RCU protection only. This means the route could be changed concurrently and rt6fillnode could return -EMSGSIZE. Re-size the skb when this happens and retry...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of lock protection in cfg80211checkandendcac, which could lead to a null pointer dereference...

GHSA-RXC4-3W6R-4V47 vllm API endpoints vulnerable to Denial of Service Attacks

Summary A Denial of Service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making ...

vllm API endpoints vulnerable to Denial of Service Attacks

Summary A Denial of Service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making ...

Google settles YouTube lawsuit over kids’ privacy invasion and data collection

Google has agreed to a $30 million settlement in the US over allegations that it illegally collected data from underage YouTube users for targeted advertising. The lawsuit claims Google tracked the personal information of children under 13 without proper parental consent, which is a violation of...

FUJIFILM Healthcare Americas Synapse Mobility

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access information beyond their assigned roles. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

PT-2025-34225 · Vllm · Vllm

Name of the Vulnerable Software and Affected Versions: vLLM versions 0.1.0 through 0.10.1.0 Description: vLLM is an inference and serving engine for large language models LLMs. A Denial of Service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large head...

Phone Searches at the US Border Hit a Record High

Customs and Border Protection agents searched nearly 15,000 devices from April through June of this year, a nearly 17 percent spike over the previous three-month high in 2022...

CVE-2011-10023 MJM QuickPlayer <= 2010 .s3m Stack-Based Buffer Overflow

MJM QuickPlayer also known as MJM Player version 2010 contains a stack-based buffer overflow vulnerability triggered by opening a malicious .s3m music file. The flaw occurs due to improper bounds checking in the file parser, allowing an attacker to overwrite memory and execute arbitrary code...

GHSA-P9GC-59HF-X48P Liferay Portal Vulnerable to Cross-Site Request Forgery

Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows...