402 matches found
EUVD-2023-24299
Malicious code in bioql PyPI...
EUVD-2024-30650
Malicious code in bioql PyPI...
EUVD-2025-24586
Malicious code in bioql PyPI...
CLSA-2025-1758822697 perl-CPAN: Fix of 2 CVEs
CVE-2023-31484: verify TLS certificates when downloading distributions over HTTPS - CVE-2020-16156: fix Signature Verification Bypass...
security-guide-for-developers
This is a security guide for web developers, covering various security topics such as authentication, authorization, data validation, and encryption. The guide is divided into several sections, including a security checklist, authentication and authorization, data validation and sanitation, and...
Palo Alto Networks Acknowledges SquareX Research on Limitations of SWGs Against Last Mile Reassembly Attacks
Palo Alto, California, 18th September 2025, CyberNewsWire...
CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...
Linux Distros Unpatched Vulnerability : CVE-2023-22081
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions tha...
CVE-2025-54809 F5 Access for Android vulnerability
F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
The vulnerability of the HTTPS protocol implementation in macOS operating systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the HTTPS protocol’s implementation in macOS systems is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...
Measuring the Carbon Footprint of Cryptographic Privacy-Enhancing Technologies
Privacy-enhancing technologies PETs have attracted significant attention in response to privacy regulations, driving the development of applications that prioritize user data protection. At the same time, the information and communication technology ICT sector faces growing pressure to reduce its...
The vulnerability of the HTTPS-Only Mode mode in the Mozilla Firefox browser allows a hacker to carry out a clickjacking attack.
The vulnerability of the HTTPS-Only Mode mode in the Mozilla Firefox browser is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to carry out a clickjacking attack remotely...
CVE-2024-6398
An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because oth...
CVE-2023-4400
A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...
CVE-2022-3320
It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled...
CVE-2022-20952
A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance WSA, could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked...
CVE-2018-20809
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure PCS 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX...
CVE-2025-32490
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebsiteDefender wp secure wp-secure-by-sitesecuritymonitorcom allows Stored XSS.This issue affects wp secure: from n/a through = 1.2...
PT-2025-9137
Name of the Vulnerable Software and Affected Versions Brocade ASCG versions prior to 3.2.0 Description The issue concerns the lack of HTTP Strict Transport Security HSTS enforcement in the web interface, as defined by RFC 6797. HSTS is an optional response header that can be configured on the...
The vulnerability of the implementation of the Simple Network Management Protocol (SNMP) in Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the implementation of the Simple Network Management Protocol SNMP for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance lies in the insufficient protection of operational data. Exploiting this vulnerability can allow a malicious...