EUVD-2026-33845

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader...

CVE-2026-24088 Missing Authentication for Critical Function in Boot

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader...

CVE-2026-24088

Technical details are not publicly available in the provided documents for CVE-2026-24088. Monitor for updates.

Astra Linux - уязвимость в jackson-databind

In FasterXML Jackson-Databind before version 2.13.4, resource exhaustion can occur due to the lack of a check in BeanDeserializer.deserializeFromArray, which prevents the use of deeply nested arrays. An application becomes vulnerable only with certain customized choices for deserialization...

CVE-2026-7287

UNSUPPORTED WHEN ASSIGNED A buffer overflow vulnerability in the formWep, formWlAc, formPasswordSetup, formUpgradeCert, and formDelcert functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1.00AACE.1C0 could allow an attacker to trigger a denial-of-service DoS condition b...

Open Redirect

Overview Products.isurlinportal is a replacement for isURLInPortal method in Plone. Affected versions of this package are vulnerable to Open Redirect via the login form. An attacker can cause users to be redirected to an external website by crafting a URL with more than two forward slashes in the...

NanaZip 安全漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1638.0, as well as versions before 6.5.1638.0, have security vulnerabilities. These vulnerabilities stem from memory corruption in the UFS parser. Customized .ufs/.ufs2/.img files may trigger...

Microsoft Azure Cognitive Service for Language Elevation of Privilege Vulnerability

Microsoft Azure Cognitive Service for Language is a cloud-based natural language processing service from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Azure Cognitive Service for Language, which is caused by a flaw in a customized question and answer. An attacker coul...

A Novel and Practical Universal Adversarial Perturbations against Deep Reinforcement Learning Based Intrusion Detection Systems

Intrusion Detection Systems IDS play a vital role in defending modern cyber physical systems against increasingly sophisticated cyber threats. Deep Reinforcement Learning-based IDS, have shown promise due to their adaptive and generalization capabilities. However, recent studies reveal their...

EUVD-2021-23762

Malware in sbrugna...

OptiFLIDS: Optimized Federated Learning for Energy-Efficient Intrusion Detection in IoT

In critical IoT environments, such as smart homes and industrial systems, effective Intrusion Detection Systems IDS are essential for ensuring security. However, developing robust IDS solutions remains a significant challenge. Traditional machine learning-based IDS models typically require large...

CVE-2025-47569

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Blind SQL Injection.This issue affects WooCommerce Ultimate Gift Card: from n/a through = 2.9.6...

PT-2025-36761

Name of the Vulnerable Software and Affected Versions: WPSwings WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates versions through 2.8.10 Description: The software contains an SQL injection flaw that allows attackers to manipulate commands. This...

Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools

A Chinese-speaking advanced persistent threat APT actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access within high-value victim environments. The activity has been attributed by Cisco Talo...

New Ransomware Charon Uses Earth Baxia APT Techniques To Target Enterprises

We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...

New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises

We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...

Salesforce OmniStudio 安全漏洞

Salesforce OmniStudio is a digitization platform from US-based Salesforce, Inc. A security vulnerability exists in versions prior to Salesforce OmniStudio 254, which stems from an improper privilege retention issue that could lead to a data leak of customized settings...

NetScaler-How to return a customized error page when the LB is Out Of Service

How to return a customized error page when the LB is Out Of Service in NetScaler...

CVE-2023-20995

In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2021-37188

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware because the bootloader does not verify that it is authentic, changing the behavior of the gateway...