299 matches found
EUVD-2025-19634
Malicious code in bioql PyPI...
EUVD-2025-31761
Malicious code in bioql PyPI...
CVE-2025-34233
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a protection mechanism failure vulnerability within the filegetcontents function. When an administrator configures a printer’s hostname or...
VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)
Advisory ID: | VMSA-2025-0015.1 ---|--- Advisory Severity: | Important CVSSv3 Range: | 4.9 -7.8 Synopsis: | VMware Aria Operations and VMware Tools updates address multiple vulnerabilities CVE-2025-41244,CVE-2025-41245, CVE-2025-41246 Issue date: | 2025-09-29 Updated on: | 2025-10-30 CVEs |...
The Cybersecurity of a Humanoid Robot
The rapid advancement of humanoid robotics presents unprecedented cybersecurity challenges that existing theoretical frameworks fail to adequately address. This report presents a comprehensive security assessment of a production humanoid robot platform, bridging the gap between abstract security...
CVE-2025-49264
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login cloud-sso-single-sign-on allows PHP Local File Inclusion.This issue affects Cloud SAML SSO - Single Sign On...
CVE-2025-49264
CVE-2025-49264 is a Local File Inclusion in the WordPress plugin Cloud SAML SSO – Single Sign On Login (versions up to 1.0.18). The flaw stems from improper control of the filename used by Include/Require, enabling potential PHP local file inclusion. Affected product version range is from n/a thr...
CVE-2025-49264 WordPress Cloud SAML SSO - Single Sign On Login <= 1.0.18 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login cloud-sso-single-sign-on allows PHP Local File Inclusion.This issue affects Cloud SAML SSO - Single Sign On...
CVE-2025-34064
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket onelogin-adc-logs-production without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. The...
CVE-2025-34064
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket onelogin-adc-logs-production without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. The...
CVE-2025-34064 OneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data Leakage
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket onelogin-adc-logs-production without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. The...
PT-2025-27552 · Onelogin · Onelogin Ad Connector
Name of the Vulnerable Software and Affected Versions: OneLogin AD Connector affected versions not specified Description: A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket onelogin-adc-logs-production without validating bucket...
AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
AI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI can break — if you're not paying attention. Behind every AI agent, chatbot, or automation script lies a growing number of non-human...
CVE-2025-20286
A vulnerability in Amazon Web Services AWS, Microsoft Azure, and Oracle Cloud Infrastructure OCI cloud deployments of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configuration...
Vulnerability fixed in Cisco Identity Services Engine for cloud platforms
Cisco has fixed a vulnerability in Identity Services Engine ISE for cloud platforms. The vulnerability involves a flaw in automatic password generation when Cisco ISE is installed on a cloud platform. This causes the same passwords to be used in different ISE cloud environments. This allows an...
CVE-2025-20286
A vulnerability in Amazon Web Services AWS, Microsoft Azure, and Oracle Cloud Infrastructure OCI cloud deployments of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configuration...
CVE-2025-20286
A vulnerability in Amazon Web Services AWS, Microsoft Azure, and Oracle Cloud Infrastructure OCI cloud deployments of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configuration...
CVE-2023-23917
A prototype pollution vulnerability exists in Rocket.Chat server 5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may...
CVE-2022-21503
Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to Oracle...
CVE-2021-2320
Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...