EUVD-2026-25357

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to...

Suricata security vulnerabilities

Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Vulnerabilities exist in versions of Suricata prior to 8.0.3 and 7.0.14. These vulnerabilities stem from the use of a stack buffer for storing data sets; if the data size is too large, it may lea...

CVE-2020-10611

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this...

EUVD-2020-3061

Malware in sbrugna...

EUVD-2020-3059

Malware in sbrugna...

CVE-2020-10613

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is no...

CLSA-2025-1740823520 bind: Fix of CVE-2024-11187

CVE-2024-11187: Limit the additional processing for large RDATA sets...

Facebook and Instagram passwords were stored in plaintext, Meta fined

Ireland’s privacy watchdog Data Protection Commission DPC has fined Meta €91M $101M after the discovery in 2019 that Meta had stored 600 million Facebook and Instagram passwords in plaintext. The DPC ruled that Meta was in violation of GDPR on several occasions related to this breach. It determin...

PT-2024-29569 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions prior to 3.3.12 Xibo versions prior to 4.0.14 Description: A SQL injection issue was discovered in the API routes of Xibo, a content management system, specifically in the components responsible for filtering DataSets. This allo...

Qualys Is the Outperformer in the New GigaOm Radar Report for Continuous Vulnerability Management

GigaOm has unveiled its third-annual Radar for Continuous Vulnerability Management featuring Qualys. In this Report, GigaOm provides a detailed analysis of the value and progression of vulnerability management VM capabilities to help organizations build the best security and vulnerability...

SUSE CVE-2017-1082

In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if th...

Facebook to Pay Hackers for Reporting Data Scraping Bugs and Scraped Datasets

Meta Platforms, the company formerly known as Facebook, has announced that it's expanding its bug bounty program to start rewarding valid reports of scraping vulnerabilities across its platforms as well as include reports of scraping data sets that are available online. "We know that automated...

Effective Threat-Hunting Queries in a Redacted World

A decade ago, hunting for adversary infrastructure was often as simple as monitoring a domain registrant’s name or phone number in public WHOIS records. As bad actors have moved first toward privacy protection services and then gained further obscurity behind laws such as the General Data...

CVE-2020-10613

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is no...

CVE-2020-10611

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this...

Type confusion

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this...

Design/Logic Flaw

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is no...

CVE-2020-10611

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this...

CVE-2020-10611

CVE-2020-10611 is a real, externally exploitable type-confusion vulnerability in Triangle MicroWorks SCADA Data Gateway (DNP3 Data Sets). The Red Hat and NVD entries confirm it affects versions 2.41.0213–4.0.122 and 3.02.0697–4.0.122, enabling remote code execution with no authentication required...

CVE-2020-10613

Triangle MicroWorks SCADA Data Gateway is affected by CVE-2020-10613 (and related CVEs) in versions 2.41.0213–4.0.122 and 3.02.0697–4.0.122 due to an out-of-bounds read from improper validation of user-supplied data in DNP3 Data Sets. The vulnerability allows remote attackers to disclose sensitiv...