ROS-20260121-73-0037

A vulnerability in the x86/mm component of the Linux operating system kernel is related to a flaw in the data security mechanism. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

EUVD-2026-1888

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is...

EUVD-2026-1895

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...

CVE-2023-40383

A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data...

CVE-2018-4397

Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS...

CVE-2021-22316

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability...

CVE-2020-12037

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...

ALPRs are recording your daily drive (Lock and Code S06E26)

This week on the Lock and Code podcast … There's an entire surveillance network popping up across the United States that has likely already captured your information, all for the non-suspicion of driving a car. Automated License Plate Readers, or ALPRs, are AI-powered cameras that scan and store ...

EUVD-2025-205402

The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'mediadeleteaction' function in all versions up to, and including, 1.2.6. This makes it possible for...

CVE-2025-64676

CVE-2025-64676 concerns Microsoft Purview eDiscovery Remote Code Execution. A flaw in Purview (via the // path) allows an authorized attacker to execute code over the network. Affected software is Microsoft Purview/eDiscovery; the root cause is a path-related/code-execution flaw that can enable t...

Why Data Security and Privacy Need to Start in Code

AI-assisted coding and AI app generation platforms have created an unprecedented surge in software development. Companies are now facing rapid growth in both the number of applications and the pace of change within those applications. Security and privacy teams are under significant pressure as t...

PT-2025-50700

In SwDcpItg of up L2commonPdcpSecurity.cpp, there is a possible denial of service due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-20373

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...

EUVD-2025-199736

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...

CVE-2025-20373

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...

CVE-2025-20373

CVE-2025-20373 affects the Splunk Add-on for Palo Alto Networks (versions below 2.0.2). The issue is that client secrets are exposed in plaintext in the _internal index during the addition of new “Data Security Accounts.” Exploitation would require local access to log files or administrative acce...

CVE-2025-20373 Sensitive Information Disclosure in “_internal“ index through Splunk Add-On for Palo Alto Networks

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...

Agents built into your workflow: Get Security Copilot with Microsoft 365 E5

The cybersecurity landscape is at a historic inflection point. As cyberattackers wield AI to automate cyberattacks at extraordinary speed and scale, the challenge before us is not just to keep pace—but to leap ahead. There are over four million unfilled cybersecurity jobs, so depending solely on...

New Data Security Requirements and the Proceduralization of Mass Surveillance Law after the European Data Retention Case

This paper discusses the regulation of mass metadata surveillance in Europe through the lens of the landmark judgment in which the Court of Justice of the European Union struck down the Data Retention Directive. The controversial directive obliged telecom and Internet access providers in Europe t...

Siemens RUGGEDCOM ROS Devices Observable Timing Discrepancy (CVE-2021-42016)

A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised. This plugin only works with Tenable.ot. Please visit...