Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal

A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m giving a virtual talk on “The Security of Trust in the Age of AI,” hosted by the Financial Women’s Association of New York, at 6:00 PM ET on May 21, 2026. I’m speaking at the Potsdam Conference on National Cybersecurity at the...

MINI-CVPR-Q5XP-V67R

Bulletin has no description...

Dotouch XproUPF 安全漏洞

Dotouch XproUPF is an intelligent conference tablet device from the Dotouch company, featuring integrated touch display and multimedia interaction capabilities. The Dotouch XproUPF 2.0.0-release-088aa7c4 version contains a security vulnerability. This vulnerability stems from improper access...

This Week in Spring - May 5th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's May 5th, 2026, and I'm in Mainz, Germany, for the legendary JAX conference! It's been infinitely far too long since I've been at this amazing show, and I'm oh-so happy to be back here! Tonight, after my two talks here, I...

Vexa 安全漏洞

Vexa is an open-source conference robot and real-time transcription API developed by Vexa.ai. Versions of Vexa prior to 0.10.0-260419-1910 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication and authorization checks for internal endpoints, which could...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April 18, 2026. I’m speaking at the SANS AI Cybersecurity Summit 2026 in Arlington, Virginia, USA, at 9:40 AM ET on April 20, 2026. I'm speaking at the Greater...

PT-2026-31217

Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through = 4.6.6...

CVE-2026-32335

Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through = 1.2.5...

2026 Cybersecurity Excellence Awards Winners Announced during RSA Conference as AI Security Dominates

San Francisco, USA, 25th March 2026, CyberNewswire...

Secure agentic AI end-to-end

Next week, RSAC™ Conference celebrates its 35-year anniversary as a forum that brings the security community together to address new challenges and embrace opportunities in our quest to make the world a safer place for all. As we look towards that milestone, agentic AI is reshaping industries...

CISO Whisperer Names 11 Vendors Leading the Shift from Tools to Outcomes at RSA Conference 2026

Austin, United States, 19th March 2026, CyberNewswire...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m giving the Ross Anderson Lecture at the University of Cambridge’s Churchill College at 5:30 PM GMT on Thursday, March 19, 2026. I’m speaking at RSAC 2026 in San Francisco, California, USA, on Wednesday, March 25, 2026. I’m part...

EUVD-2026-11812

Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through = 1.2.5...

CVE-2026-32335

Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through = 1.2.5...

CVE-2026-32335

Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through = 1.2.5...

CVE-2026-32335 WordPress The Conference theme <= 1.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through = 1.2.5...

CVE-2026-32335

The Conference WordPress theme (vendor: raratheme), affected version

CVE-2026-32335 WordPress The Conference theme <= 1.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through = 1.2.5...

PT-2026-25182

Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through = 1.2.5...