PT-2026-29742

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...

CVE-2025-0928

In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or...

CVE-2025-0928

In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or...

PT-2025-28503

Name of the Vulnerable Software and Affected Versions: Juju versions prior to 3.6.8 Juju versions prior to 2.9.52 Description: The issue allows any authenticated controller user to upload arbitrary agent binaries to any model or to the controller itself without verifying model membership or...

Arbitrary File Upload

Overview django-filer is an A file management application for django that makes handling of files and images a breeze. Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload mechanism allowing, by default, the upload of binary or unknown file types...

Carna Botnet Analysis Enumerates Vulnerable Network Devices

The Carna botnet, more formally known as the Internet Census 2012, stirred up a hornet’s nest of controversy when it was unveiled in March to a number of popular security mailing lists. An unidentified researcher had found more than 420,000 embedded devices that were accessible online with defaul...