Hybrid IDS Using Signature-Based and Anomaly-Based Detection

Intrusion detection systems IDS are essential for protecting computer systems and networks against a wide range of cyber threats that continue to evolve over time. IDS are commonly categorized into two main types, each with its own strengths and limitations, such as difficulty in detecting...

CVE-2025-67793

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the...

CVE-2025-67793

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the...

PT-2025-51919

Name of the Vulnerable Software and Affected Versions DriveLock versions 24.1 through 24.1. DriveLock versions 24.2 through 24.2. DriveLock versions 25.1 through 25.1.5 Description A flaw exists in DriveLock where users possessing the "Manage roles and permissions" privilege can elevate their own...

CVE-2025-67793

DriveLock vulnerable to privilege escalation where users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role via an API call. Affected versions include 24.1 through 24.1., 24.2 through 24.2. , and 25.1 before 25.1.6. The issue is stat...

Project View: A New Era of Prioritized and Actionable Cloud Security

In today's cloud-first world, security teams face an overwhelming flood of alerts, fragmented visibility, and reactive workflows. The complexity of modern cloud environments—spanning multi-cloud deployments, ephemeral assets, and decentralized ownership—demands a new approach to risk management...

CVE-2025-66206 Frappe vulnerable to a path traversal allowing reading certain files

Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, certain requests were vulnerable to path traversal attacks, wherein some files from the server could be retrieved if the full path was known. Sites hosted on Frappe Cloud, and even other setups that are behind a rever...

Towards a Blockchain-Based CI/CD Framework to Enhance Security in Cloud Environments

Security is becoming a pivotal point in cloud platforms. Several divisions, such as business organisations, health care, government, etc., have experienced cyber-attacks on their infrastructures. This research focuses on security issues within Continuous Integration and Deployment CI/CD pipelines...

EUVD-2025-30276

Malicious code in bioql PyPI...

CVE-2025-34220

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contains a /api-gateway/identity/search-groups endpoint that does not require authentication. Requests to...

CVE-2025-34225

Vasion Print (PrinterLogic) Virtual Appliance Host before 25.1.102 and Application before 25.1.1413 suffer SSRF via an unauthenticated console_release directory. Dozens of PHP scripts build URLs from user-controlled input and invoke curl_exec() or file_get_contents() without sufficient validation...

PT-2025-39885

Name of the Vulnerable Software and Affected Versions Vasion Print versions prior to 25.1.102 Vasion Print Application versions prior to 25.1.1413 Description The /api-gateway/identity/search-groups API endpoint does not require authentication. An unauthenticated remote attacker can enumerate eve...

CVE-2025-58434 Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker...

CVE-2025-58434 Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker...

CVE-2025-59049 Mockoon has a Path Traversal and LFI in the static file serving endpoint

Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable to Path Traversal...

The API Security Dilemma: Why Traditional Approaches Are Failing in the AI Era

Throughout the past few years, APIs have become the backbone of digital infrastructure. They enable software-to-software communication, improve integration and interoperability, support modular architecture, and more. But as API use has exploded, so has API traffic volume and complexity, making...

Adversarial Threats in Quantum Machine Learning: a Survey of Attacks and Defenses

Quantum Machine Learning QML integrates quantum computing with classical machine learning, primarily to solve classification, regression and generative tasks. However, its rapid development raises critical security challenges in the Noisy Intermediate-Scale Quantum NISQ era. This chapter examines...

CVE-2025-20286

CVE-2025-20286 concerns Cisco Identity Services Engine (ISE) deployed on cloud platforms (AWS, Azure, OCI). The root cause is improper credential generation that causes different ISE deployments using the same credentials when the software release and cloud platform are identical. An unauthentica...

CVE-2025-20286 ISE on AWS Static Credential

A vulnerability in Amazon Web Services AWS, Microsoft Azure, and Oracle Cloud Infrastructure OCI cloud deployments of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configuration...

PT-2025-23828

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine ISE versions 3.1 through 3.4 Description A vulnerability in the cloud deployments of Cisco Identity Services Engine ISE on Amazon Web Services AWS, Microsoft Azure, and Oracle Cloud Infrastructure OCI could allow...