18 matches found
EUVD-2025-12155
Malicious code in bioql PyPI...
EUVD-2025-12152
Malicious code in bioql PyPI...
CVE-2025-27581
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...
CVE-2025-27580
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...
CVE-2025-27580
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...
CVE-2025-27580
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...
CVE-2025-27581
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...
CVE-2025-27580
CVE-2025-27580 affects NIH BRICS (Biomedical Research Informatics Computing System) up to version 14.0.0-67. The issue is that token generation is predictable, depending on the user’s username, time, and a fixed string (7Dl9#dj-), which enables unauthenticated users with a CAC to escalate privile...
CVE-2025-27581
CVE-2025-27581 affects NIH BRICS (Biomedical Research Informatics Computing System) up to version 14.0.0-67, where users lacking the InET role can access the InET module via direct requests to known endpoints. The issue originates from insufficient access controls on InET endpoints, enabling unau...
PT-2025-17677 · Nih · Nih Brics
Name of the Vulnerable Software and Affected Versions: NIH BRICS aka Biomedical Research Informatics Computing System versions 14.0.0-67 and earlier Description: The issue allows users without the InET role to access the InET module by making direct requests to known endpoints. Recommendations: F...
CVE-2025-27580
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...
CVE-2025-27581
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...
CVE-2025-27580
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...
NIH BRICS 安全漏洞
NIH BRICS is a biomedical research informatics computing system at NIH centers. A security vulnerability exists in NIH BRICS version 14.0.0-67 and prior versions, which stems from the generation of predictable tokens that could lead to elevated privileges...
PT-2025-17676 · Nih · Nih Brics
Name of the Vulnerable Software and Affected Versions: NIH BRICS aka Biomedical Research Informatics Computing System versions 14.0.0 through 14.0.0-67 Description: The issue allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, including...
CVE-2025-27581
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...
Russia to get rid of Android and iOS by launching its own Mobile Operating System
Last month, it was reported that the European Commission is planning to impose a record antitrust fine of about 3 BILLION euros US$3.4 Billion on Google for violating antitrust laws. Not just Europe, Google also lost an anti-monopoly appeal in Russia two months back against ruling for violating i...
[CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
Advisory : JWIG Context-Dependent Template Calling Dos CVE- 2007-3816 Dated : 12 July 2007 Vulnerable Software : BRICS, JWIG Severity : Intermediate Explanation: JWIG might allow context-dependent attackers to cause a denial of service service degradation via loops of references to external...