CVE-2025-0279 HCL Traveler is affected by generation of error messages containing sensitive information

HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and...

CVE-2025-0279

CVE-2025-0279 affects HCL Traveler. Public sources describe a vulnerability where error messages reveal detailed internal information (paths, file names, tokens, credentials, error codes, stack traces), which could aid an attacker in understanding system architecture and planning targeted attacks...

CVE-2025-0279 HCL Traveler is affected by generation of error messages containing sensitive information

HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and...

HCL Traveler 安全漏洞

HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. A security vulnerability exists in HCL Traveler that stems from the provision of detailed error information in error...

About the security content of iOS 16.7.11 and iPadOS 16.7.11

About the security content of iOS 16.7.11 and iPadOS 16.7.11 This document describes the security content of iOS 16.7.11 and iPadOS 16.7.11. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred...

Vulnerability in most browsers abused in targeted attacks

Researchers found a vulnerability in Chrome that was abused in the wild against organizations in Russia. Google has released an update for its Chrome browser which includes patches for this vulnerability. The update brings the Stable channel to versions 134.0.6998.178 for Windows. Other operating...

CVE-2024-10274 Improper Authorization in lunary-ai/lunary

An improper authorization vulnerability exists in lunary-ai/lunary version 1.5.5. The /users/me/org endpoint lacks adequate access control mechanisms, allowing unauthorized users to access sensitive information about all team members in the current organization. This vulnerability can lead to the...

CVE-2024-10274 Improper Authorization in lunary-ai/lunary

An improper authorization vulnerability exists in lunary-ai/lunary version 1.5.5. The /users/me/org endpoint lacks adequate access control mechanisms, allowing unauthorized users to access sensitive information about all team members in the current organization. This vulnerability can lead to the...

PT-2025-12035 · Unknown · Lunary-Ai/Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.5.5 Description: An improper authorization issue exists due to inadequate access control mechanisms in the "/users/me/org" endpoint, allowing unauthorized users to access sensitive team member information, including...

Incident response analyst report 2024

Kaspersky provides rapid and fully informed incident response services to organizations, ensuring impact analysis and effective remediation. Our annual report shares anonymized data about the investigations carried out by the Kaspersky Global Emergency Response Team GERT, as well as statistics an...

Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks

Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component. It has been described as an...

CVE-2025-24201

CVE-2025-24201 is a WebKit/WebKitGTK issue described in connected advisories as an out-of-bounds write that allowed breaking out of the Web Content sandbox. Root cause: out-of-bounds write in WebKit. Impact: potential sandbox breakout affecting Apple WebKit-based products (Safari, iOS/iPadOS 18.x...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed several vulnerabilities in Android and Samsung Mobile, including two zero-day vulnerabilities that were actively exploited in targeted attacks. The vulnerabilities are in the Android kernel and the ExternalStorageProvider.java, which can lead to local privilege escalation and...

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by...

PT-2025-25364

Name of the Vulnerable Software and Affected Versions Apple watchOS versions 11.3.1 and later Apple macOS Ventura versions 13.7.4 and later Apple iOS versions 15.8.4 and later Apple iPadOS versions 15.8.4 and later Apple iOS versions 16.7.11 and later Apple iPadOS versions 16.7.11 and later Apple...

About the security content of macOS Sonoma 14.7.4

About the security content of macOS Sonoma 14.7.4 This document describes the security content of macOS Sonoma 14.7.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild. The flaws are listed below - CVE-2024-44308 CVSS score: 8.8 - A vulnerability in JavaScriptCore that could lead to...

Android malware FakeCall intercepts your calls to the bank

An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device. The...

CVE-2023-50355

HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack...

PT-2024-13922 · Hcl · Hcl Sametime

Name of the Vulnerable Software and Affected Versions: HCL Sametime affected versions not specified Description: The issue concerns error messages that contain sensitive information. An attacker can exploit this sensitive information to launch a more focused attack. Recommendations: At the moment...