672 matches found
CVE-2025-22460
Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges...
CVE-2025-22460
Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges...
CVE-2025-22460
Ivanti Cloud Services Application (CSA) is affected by CVE-2025-22460 due to default credentials in versions prior to 5.0.5. The vulnerability enables a local, authenticated attacker to escalate privileges (local privilege escalation) with high impact. The CVSS vector indicates LOCAL attack, low ...
Security Advisory Ivanti Cloud Services Application (CVE-2025-22460)
Summary: Ivanti has released updates for Ivanti Cloud Services Application which addresses one high severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being exploited by this vulnerability at the time of disclosure...
Ivanti Cloud Services Application 安全漏洞
The Ivanti Cloud Services Application CSA is a locally deployed virtual appliance designed to simplify and enhance the integration of Ivanti products with cloud services. An elevation of privilege vulnerability exists in Ivanti Cloud Services Application, which is derived from default credentials...
PT-2025-20907 · Ivanti · Ivanti Cloud Services Application
Name of the Vulnerable Software and Affected Versions: Ivanti Cloud Services Application versions prior to 5.0.5 Description: The issue concerns default credentials in the Ivanti Cloud Services Application, allowing a local authenticated attacker to escalate their privileges. Recommendations: For...
PT-2025-20253 · Cisco · Cisco Catalyst Sd-Wan Manager
Name of the Vulnerable Software and Affected Versions: Cisco Catalyst SD-WAN Manager versions affected versions not specified Description: A vulnerability in certificate validation processing could allow an unauthenticated, remote attacker to gain access to sensitive information. This issue is du...
14 secure coding tips: Learn from the experts at Microsoft Build
Hey friends! If you are a developer, you know that writing clean and efficient code is just the starting point. Now, with AI playing a bigger role, secure coding isn't just a 'nice-to-have'—it's a must. Whether you're building web apps, working on cloud services, or adding AI to your projects,...
[SECURITY] Fedora 42 Update: trafficserver-10.0.5-1.fc42
Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...
The vulnerability in the web console of the network device Ivanti Cloud Services Application allows a hacker to execute arbitrary code.
The vulnerability of the web console of the network device Ivanti Cloud Services Application exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Trump’s Aggression Sours Europe on US Cloud Giants
Companies in the EU are starting to look for ways to ditch Amazon, Google, and Microsoft cloud services amid fears of rising security risks from the US. But cutting ties won’t be easy...
CBL Mariner 2.0 Security Update: azure-iot-sdk-c (CVE-2024-29195)
The version of azure-iot-sdk-c installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-29195 advisory. - The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This...
SQL Injection Vulnerability in UFIDA BIP of UFIDA Network Technology Co.
UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...
[SECURITY] Fedora 41 Update: trafficserver-9.2.9-1.fc41
Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...
Chinese Silk Typhoon Group Targets IT Tools for Network Breaches
Microsoft warns that Chinese espionage group Silk Typhoon now exploits IT tools like remote management apps and cloud services to breach networks...
Linux Distros Unpatched Vulnerability : CVE-2024-29195
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication...
Exploit for OS Command Injection in Ivanti Cloud_Services_Appliance
CVE-2024-8190 unauthenticated Description Combining CVE-...
Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools
Cisco Talos discovered multiple cyber espionage campaigns that target government, manufacturing, telecommunications and media, delivering Sagerunex and other hacking tools for post-compromise activities. Talos attributes these attacks to the threat actor known as Lotus Blossom. Lotus Blossom has...
FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services
Various industrial organizations in the Asia-Pacific APAC region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT. "The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network CDN myqcloud and the Youdao Cloud...
CVE-2025-0108
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PH...