774 matches found
VMware ESXi和VMware vCenter Server 安全漏洞
VMware ESXi and VMware vCenter Server are both products of VMware, Inc.VMware ESXi is a server virtualization platform that can be installed directly on physical servers.VMware vCenter Server is a suite of server and virtualization management software. The software provides a centralized platform...
Side Channel Analysis in Homomorphic Encryption
Homomorphic encryption provides many opportunities for privacy-aware processing, including with methods related to machine learning. Many of our existing cryptographic methods have been shown in the past to be susceptible to side channel attacks. With these, the implementation of the cryptographi...
The vulnerability in the Accessibility component of operating system frameworks like iPadOS, iOS, and MacOS allows attackers to disclose protected information.
The vulnerability of the Accessibility component in iPadOS, iOS, and MacOS is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to disclose protected information...
The vulnerability of the Core Bluetooth framework in operating systems such as macOS, tvOS, iPadOS, iOS, visionOS, and watchOS allows attackers to disclose sensitive information.
The vulnerability of the Core Bluetooth framework in operating systems such as macOS, tvOS, iPadOS, iOS, visionOS, and watchOS is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to disclose sensitive information that should be protected...
CVE-2025-3218
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access...
IBM Concert 加密问题漏洞
IBM Concert Software is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert Software suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which could be...
The vulnerability of the Multi-Factor Authentication component in the virtual learning environment Moodle allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Multi-Factor Authentication component in the virtual learning environment Moodle is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
SecRepoBench: Benchmarking LLMs for Secure Code Generation in Real-World Repositories
This paper introduces SecRepoBench, a benchmark to evaluate LLMs on secure code generation in real-world repositories. SecRepoBench has 318 code generation tasks in 27 C/C++ repositories, covering 15 CWEs. We evaluate 19 state-of-the-art LLMs using our benchmark and find that the models struggle...
The vulnerability of the UpdateProjectUserRights method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the UpdateProjectUserRights method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the...
The vulnerability of the SAP NetWeaver Application Server ABAP software integration platform, related to deficiencies in the authentication process, allows attackers to compromise the confidentiality of protected information.
The vulnerability of the SAP NetWeaver Application Server ABAP software integration platform is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to compromise the confidentiality of the protected information...
CVE-2024-42177
HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system...
UBUNTU-CVE-2025-3576
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...
The software client’s vulnerability for providing remote access with SonicWall NetExtender allows a intruder to gain access to modify data.
The vulnerability of the software client for remote access support provided by SonicWall NetExtender is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain access to modify data...
The vulnerability of the PowerScale OneFS operating system, related to deficiencies in authentication procedures, allows a perpetrator to gain access to user accounts.
The vulnerability of the PowerScale OneFS operating system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain access to the user account...
CVE-2025-29809 Windows Kerberos Security Feature Bypass Vulnerability
...
ROS-20250403-05
A vulnerability in the Media component of the Google Chrome browser is related to memory usage after it is released. after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page V8 JavaScript scrip...
The vulnerability of the Process Chains component of the SAP Business Warehouse system allows attackers to compromise the integrity of the protected information.
The vulnerability of the Process Chains component in the SAP Business Warehouse data management and analytics system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the protected information...
The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software, related to deficiencies in access control, allows attackers to escalate their privileges.
The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...
CVE-2025-26486
Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user password...
Mattermost Fails to Enforce Certain Search APIs
Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...