Missing Authorization

BackendAI is vulnerable to Missing Authorization. The vulnerability is due to session takeover caused by improper validation of session access, allowing attackers to hijack active sessions and access, steal, or alter session data...

Withdrawn Advisory: Axios has Transitive Critical Vulnerability via form-data

Withdrawn Advisory This advisory has been withdrawn because users of Axios 1.10.0 have the flexibility to use a patched version of form-data, the software in which the vulnerability originates, without upgrading Axios to address GHSA-fjxv-7rqg-78g4. Original Description A critical vulnerability...

Trusted Data Fusion, Multi-Agent Autonomy, Autonomous Vehicles

Multi-agent collaboration enhances situational awareness in intelligence, surveillance, and reconnaissance ISR missions. Ad hoc networks of unmanned aerial vehicles UAVs allow for real-time data sharing, but they face security challenges due to their decentralized nature, making them vulnerable t...

PT-2025-30446 · Undefined · Undefined

Is your SharePoint Server safe? 🛡️ This video in Hindi reveals a critical global cyber attack CVE-2020-53770 & provides crucial steps to secure your data. Don't miss out! https://t.co/95fcHzzBBD sharepointsecurity vulnerability TechNews...

form-data uses unsafe random function in form-data for choosing boundary

Summary form-data uses Math.random to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker: 1. can observe other values produced by Math.random in the target application, and 2. can control one field of a request made using form-data Because th...

Microsoft Purview 安全漏洞

Microsoft Purview is a data security and management software from Microsoft Corporation USA. A security vulnerability exists in Microsoft Purview that stems from an overly loose list of allowed inputs that could lead to elevated privileges...

Security Bulletin: DataStage on Cloud Pak for Data has vulnerabilities due to transformers package (CVE-2024-11392, CVE-2024-11393, CVE-2024-11394)

Summary transformers is used by DataStage on Cloud Pak for Data as part of the model-definition framework. Vulnerability Details CVEID:CVE-2024-11392 DESCRIPTION: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows...

CVE-2025-53823

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Versions prior to 3.4.5 have a SQL Injection vulnerability in the endpoint /WeGIA/html/socio/sistema/processadeletarsocio.php, in the idsocio parameter. This vulnerability allows the execution...

CVE-2025-49034

CVE-2025-49034 : WordPress Funnel Builder by FunnelKit plugin (

From VPN to Zero Trust: Why It’s Time to Retire Traditional VPNs, Part 2

...

PT-2025-29669 · Oracle · Virtualbox

Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox version 7.1.10 Description: An easily exploitable issue exists within the Core component of Oracle VM VirtualBox. Successful exploitation may lead to unauthorized access to critical data or complete access to all Oracle V...

CVE-2025-53823

WeGIA, an open source web manager for charitable organizations, has a SQL Injection vulnerability in versions prior to 3.4.5. The flaw is in the endpoint /WeGIA/html/socio/sistema/processa_deletar_socio.php, in the id_socio parameter, allowing execution of arbitrary SQL commands. This can comprom...

CVE-2025-25180

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kern...

PT-2025-29518 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.5 Description: WeGIA is an open source web manager designed for the Portuguese language and charitable institutions. A SQL Injection vulnerability exists that allows the execution of arbitrary SQL commands,...

What Security Leaders Need to Know About AI Governance for SaaS

Generative AI is not arriving with a bang, it's slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries o...

CVE-2024-49783

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability t...

CVE-2024-49783

IBM OpenPages with Watson 8.3 and 9.0 are affected by CVE-2024-49783, which describes weaker-than-expected encryption data storage. An authenticated remote attacker with database access or a local attacker with server-file access could extract encrypted data and potentially apply additional crypt...

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and hig...

PT-2025-28179

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 8.0.7 MongoDB Server versions prior to 7.0.20 MongoDB Server versions prior to 6.0.22 Description: An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper...

CVE-2025-27457

All communication between the VNC server and clients is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data...