Trend Vision One™ Now Supports Azure vTAP

Effective April 2025, Microsoft is launching their Azure vTAP and integrating it with Trend Vision One Network Detection and Response solution. This integration allows organizations to gain deep visibility into cloud network traffic without compromising performance. It ensures real-time detection...

Dnn.Platform 安全漏洞

Dnn.Platform is an open source web content management platform CMS open sourced by Dnn Software. A security vulnerability exists in Dnn.Platform, which stems from a low complexity CAPTCHA generation algorithm that is easily recognized by OCR tools...

cpython: python: Uncontrolled CPU resource consumption when in http.cookies module

A flaw was found in the http.cookies module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption...

CVE-2025-3329 Consumer Comanda Mobile Restaurant Order cleartext transmission

A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmission of sensitive information. The attack...

CVE-2025-3329 Consumer Comanda Mobile Restaurant Order cleartext transmission

A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmission of sensitive information. The attack...

CVE-2025-3329

CVE-2025-3329 affects Consumer Comanda Mobile (versions 14.9.3.2 through 15.0.0.8) in the Restaurant Order Handler component. The issue is the manipulation of the Login/Password argument, which results in sensitive information being transmitted in clear text. Exploitation requires proximity (loca...

CVE-2025-3177

A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The...

CVE-2025-3177

A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The...

CVE-2025-3177

Concerning CVE-2025-3177, multiple connected sources confirm a vulnerability in FastCMS 0.1.5 affecting the JWT Handler component, specifically the use of a hard-coded cryptographic key. Access is remote, attack complexity is high, and no privileges are required. The Public disclosure status is n...

CVE-2025-3177 FastCMS JWT hard-coded key

A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The...

CVE-2025-3122

A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched...

CVE-2025-3122 WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference

A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched...

CVE-2025-3122

A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched...

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the codec process. An attacker can cause a considerable CPU load on the server by initiating connections with colliding Source Connection IDs SCIDs. Remediation Upgrade...

Production-Grade K8s without Complexity: Introducing LKE-Enterprise

...

CVE-2025-2920

A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. The complexity of an attack is rather...

Exploit for CVE-2025-29927

CVE-2025-29927 - Next.js Middleware Authorization Bypass PoC...

CVE-2025-2922

CVE-2025-2922 affects Netis WF-2404 (firmware 1.1.124EN). The vulnerability involves an unknown BusyBox Shell functionality and results in cleartext storage of sensitive information when the attacker has physical access to the device. The attack vector is physical with HIGH complexity and require...

CVE-2025-2920

A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. The complexity of an attack is rather...

CVE-2025-2920 Netis WF-2404 passwd weak hash

A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. The complexity of an attack is rather...