2353 matches found
Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities
Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression cha...
Vulnerabilities fixed in Oracle Database Server products
Oracle has fixed vulnerabilities in Oracle Database Server products. The vulnerabilities in Oracle Database Server allow unauthenticated attackers to compromise the integrity and confidentiality of data. This could lead to unauthorized access to sensitive data and even a possible takeover of the...
EUVD-2026-3539
Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications component: Security Management System. Supported versions that are affected are 14.5.0.15.0, 14.7.0.8.0 and 14.8.0.1.0. Easily exploitable vulnerability allows low privileged attacker with...
ROS-20260121-73-0037
A vulnerability in the x86/mm component of the Linux operating system kernel is related to a flaw in the data security mechanism. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
EUVD-2026-1888
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is...
EUVD-2026-1895
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...
CVE-2023-40383
A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data...
CVE-2018-4397
Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS...
CVE-2021-22316
There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability...
CVE-2020-12037
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...
ALPRs are recording your daily drive (Lock and Code S06E26)
This week on the Lock and Code podcast … There's an entire surveillance network popping up across the United States that has likely already captured your information, all for the non-suspicion of driving a car. Automated License Plate Readers, or ALPRs, are AI-powered cameras that scan and store ...
EUVD-2025-205402
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'mediadeleteaction' function in all versions up to, and including, 1.2.6. This makes it possible for...
CVE-2025-64676
CVE-2025-64676 concerns Microsoft Purview eDiscovery Remote Code Execution. A flaw in Purview (via the // path) allows an authorized attacker to execute code over the network. Affected software is Microsoft Purview/eDiscovery; the root cause is a path-related/code-execution flaw that can enable t...
Why Data Security and Privacy Need to Start in Code
AI-assisted coding and AI app generation platforms have created an unprecedented surge in software development. Companies are now facing rapid growth in both the number of applications and the pace of change within those applications. Security and privacy teams are under significant pressure as t...
PT-2025-50700
In SwDcpItg of up L2commonPdcpSecurity.cpp, there is a possible denial of service due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-20373
In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...
EUVD-2025-199736
In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...
CVE-2025-20373
In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...
CVE-2025-20373 Sensitive Information Disclosure in “_internal“ index through Splunk Add-On for Palo Alto Networks
In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...
CVE-2025-20373
CVE-2025-20373 affects the Splunk Add-on for Palo Alto Networks (versions below 2.0.2). The issue is that client secrets are exposed in plaintext in the _internal index during the addition of new “Data Security Accounts.” Exploitation would require local access to log files or administrative acce...