SUSE CVE-2024-58036

Net::Dropbox::API 1.9 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test...

Security Updates for Microsoft Excel Products (April 2025)

The Microsoft Excel Products are missing a security update. They are, therefore, affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has...

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data in scanner.py, which does not include numpy.testing.private.utils or other modules that can be leveraged for...

The vulnerability of the SIEM systems’ load testing tool, Kraken Stress Testing Toolkit, arises from the improper use of Content Security Policy (CSP) protection mechanisms. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to the improper use of Content Security Policy CSP protection mechanisms. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and...

The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, arises from improper restrictions on the visible layers of the user interface. This allows attackers to compromise the integrity of the protected information.

The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to improper restrictions on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the protected informati...

The vulnerability of the SIEM systems’ load testing tool, Kraken Stress Testing Toolkit, arises from the improper use of X-Content-Type-Options headers. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to the improper use of X-Content-Type-Options headers for protection mechanisms. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and...

The vulnerability of the SIEM system testing tool Kraken Stress Testing Toolkit lies in the reading beyond the buffer in memory, allowing a malicious actor to trigger a service failure.

The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, lies in the reading of data beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the SIEM system testing tool Kraken Stress Testing Toolkit lies in its uncontrolled resource consumption, which allows a malicious actor to trigger a service failure.

The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

The vulnerability of the SIEM systems’ load testing tools, Kraken Stress Testing Toolkit, arises due to deficiencies in the authentication process, allowing unauthorized users to gain access to protected information.

The vulnerability of the SIEM systems’ stress testing tools, such as Kraken Stress Testing Toolkit, stems from deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

📄 Blood Bank and Donor Management System 2.4 SQL Injection

Blood Bank and Donor Management System version 2.4 suffers from a remote SQL injection vulnerability. Exploit Title: Blood Bank & Donor Management System v2.4 - Union Based SQLi Manuel Exploit Date: 2025-04-07 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...

PT-2025-18454

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability has been identified in the Linux kernel related to virtiofs, where in certain scenarios, such as during fuzz testing, the source name may be NULL. This could lead to a...

Fedora 40 : exim (2025-3a56fe6159)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3a56fe6159 advisory. This is an update fixing CVE 2025-30232. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Pentales: Red Team vs. N-Day (and How We Won)

During a recent Vector Command operation, I had the chance to sit down with one of our red teamers to hear firsthand how they identified and exploited an N-Day vulnerability in a customer’s environment. It’s a clear example of how continuous red teaming can uncover and validate real-world risks...

CVE-2025-31116

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in validhost uses socket.gethostbyname, which is vulnerable to SSRF abuse using DNS rebinding technique. This...

AZL-60324 CVE-2025-21964 affecting package kernel for versions less than 5.15.180.1-1

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies...

CVE-2025-30354

Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This...

CVE-2025-30210

Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content in this case the Environment name as raw HTML which then gets injected into DOM on hover. This, combined with loose Content...

Exploit for CVE-2025-0401

CVE-2025-0401 - Local Privilege Escalation via SUID Binary Abu...

Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign

Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly 24,000 unique IP addresses attempting to access these portals. "This pattern suggests a coordinated effort to probe network defenses and...

com.atomikos:transactions-spring-boot-integration-tests (>=5.0.9 <=6.0.1), com.atomikos:transactions-spring-boot3-integration-tests (>=6.0.0 <=6.0.1) +158 more potentially affected by CVE-2025-27427 via org.apache.activemq:artemis-server (>=2.0.0 <=2.3.0)

org.apache.activemq:artemis-server MAVEN version =2.0.0, =5.0.9, =6.0.0, =2.2.1, =2.2.1, =2.2.2, =2.2.1, =2018.9.23, =2018.12.15, =2018.9.23, =2018.9.23, =0.0.1, =0.0.2, =1.14.2, =2.0.0, =6u3 and more Source cves: CVE-2025-27427 Source advisory: OSV:GHSA-3W85-5P9G-H334...