40449 matches found
Take back control of your browser—Malwarebytes Browser Guard now blocks search hijacking attempts
Search hijacking, often referred to as browser hijacking, occurs when cybercriminals modify users’ browser settings without their consent. This often results in users being redirected to potentially malicious websites, such as fake customer service offerings. Search hijacking commonly happens...
The US Is Storing Migrant Children’s DNA in a Criminal Database
Customs and Border Protection has swabbed the DNA of migrant children as young as 4, whose genetic data is uploaded to an FBI-run database that can track them if they commit crimes in the future...
MINI-7X3P-C79F-R6J4
Bulletin has no description...
MINI-7HJ5-V8WJ-V2Q8
Bulletin has no description...
MINI-5J9M-85V6-GC24
Bulletin has no description...
MINI-9FF4-9C66-M479
Bulletin has no description...
MINI-3FVV-8F63-VFRV
Bulletin has no description...
MINI-2JC9-HR3W-8C8X
Bulletin has no description...
The vulnerability of the Shamir’s secret platform implementation for archiving corporate information, HashiCorp Vault and Vault Enterprise, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Shamir’s secret platform implementation for archiving corporate information, both HashiCorp Vault and Vault Enterprise, is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow an intruder to gain unauthorized access to the...
The vulnerability of the CreateLog method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, as well as in the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.
The vulnerability of the CreateLog method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...
DLA-4190-1 mydumper - security update
Bulletin has no description...
DRUPAL-CONTRIB-2025-072
This module addresses the General Data Protection Regulation GDPR and the EU Directive on Privacy and Electronic Communications. The module doesn't sufficiently verify whether "disabled JavaScript" entries are valid or correspond to actual scripts on the page. As a result, an attacker could injec...
CVE-2024-47056 Mautic does not shield .env files from web traffic
SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system...
IBM Security Guardium 安全漏洞
IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from an information disclosur...
The vulnerability of the include() function in Twig template rendering handlers allows attackers to circumvent existing security restrictions.
The vulnerability of the include function in Twig template rendering engines is related to a breach of data protection mechanisms. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions remotely...
IBM Security Guardium 安全漏洞
IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from an information disclosur...
PT-2025-23098 · Apache +2 · Apache +2
Name of the Vulnerable Software and Affected Versions: Mautic affected versions not specified Description: The issue concerns the potential exposure of sensitive information, including database credentials, API keys, and other critical system configurations, due to the direct accessibility of .en...
Drupal EU Cookie Compliance (GDPR Compliance) module < 1.26.0 - Authenticated Cross Site Scripting (XSS) vulnerability
Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module EU Cookie Compliance GDPR Compliance versions 1.26.0...
CVE-2025-32802
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...
DLA-4183-1 setuptools - security update
Bulletin has no description...