40447 matches found
The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent arises from the lack of protective measures for the request structure, allowing attackers to enhance their privileges.
The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent is related to the lack of protective measures for the request structure. Exploiting this vulnerability allows a malicious actor to enhance their privileges by using specially crafted authorized HTTP requests...
TencentOS Server 3: curl (TSSA-2022:0142)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0142 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CGA-MH5Q-9FXH-HJ2P
Bulletin has no description...
GHSA-VHGQ-R8GX-5FPV Ibexa Admin UI assets XSS vulnerabilities in back office
Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...
The vulnerability of the Cisco Webex web conferencing platform, which exists due to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.
The vulnerability of the Cisco Webex web conferencing platform exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the Cisco Webex web conferencing platform, which exists due to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.
The vulnerability of the Cisco Webex web conferencing platform exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
GHSA-J6G5-P62X-58HW vantage6 lacks brute-force protection on change password functionality
Impact If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct Patches This issue has been patched in...
vantage6 lacks brute-force protection on change password functionality
Impact If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct Patches This issue has been patched in...
CVE-2025-43863 vantage6 lacks brute-force protection on change password functionality
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...
CVE-2025-43863 vantage6 lacks brute-force protection on change password functionality
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...
CVE-2025-43863
vantage6 contains a brute-force vulnerability in the change password flow when an attacker has an authenticated session. The issue arises from unlimited password-change attempts via the route, enabling password-guessing and account compromise. Multiple sources (CVEs, advisories, and vendor notes)...
CVE-2025-47160
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...
CVE-2025-33050
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network...
Airlines Secretly Selling Passenger Data to the Government
This is news: A data broker owned by the country's major airlines, including Delta, American Airlines, and United, collected U.S. travellers' domestic flight records, sold access to them to Customs and Border Protection CBP, and then as part of the contract told CBP to not reveal where the data...
CVE-2025-49193
The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame Clickjacking attacks or not executing injected malicious JavaScript code XSS attacks...
CVE-2025-49186 No brute-force protection
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks...
RHSA-2025:8844 Red Hat Security Advisory: mod_security security update
Bulletin has no description...
AVEVA PI Web API
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disable content security policy protections. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
ObfusBFA: a Holistic Approach to Safeguarding DNNs from Different Types of Bit-Flip Attacks
Bit-flip attacks BFAs represent a serious threat to Deep Neural Networks DNNs, where flipping a small number of bits in the model parameters or binary code can significantly degrade the model accuracy or mislead the model prediction in a desired way. Existing defenses exclusively focus on...
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2025-1661)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : net: gso: fix ownership in udpgsosegmentCVE-2025-21926 usbnet: gl620a: fix endpoint checking in genelinkbind.CVE-2025-21877 netsched: Prevent...