CVE-2020-12036

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...

CVE-2020-11826

Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY...

CVE-2020-13637

An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the clientkey, the deviceid, and the public key for end-to-end encryption in cleartext, enabling an attacker by copying or having access to the local storage databas...

CVE-2020-36767

tinyfiledialogs aka tiny file dialogs before 3.8.0 allows shell metacharacters in titles, messages, and other input data...

CVE-2018-21234

Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set...

CVE-2010-4212

The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data...

New Best Practices Guide for Securing AI Data Released

Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and international partners released a joint Cybersecurity Information Sheet on AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems. This information sheet highlights the critical role...

CVE-2017-9327

Secret data of processes managed by CM is not secured by file permissions...

CVE-2017-13892

An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected...

CVE-2025-32924

CVE-2025-32924 concerns the WordPress plugin Revy (Roninwp Revy). Affected versions are

Update your Chrome to fix serious actively exploited vulnerability

Google released an emergency update for the Chrome browser to patch an actively exploited vulnerability that could have serious ramifications. The update brings the Stable channel to versions 136.0.7103.113/.114 for Windows and Mac and 136.0.7103.113 for Linux. The easiest way to update Chrome is...

MAL-2025-3992 Malicious code in feast-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f88382c749d318e08be547eac655736cdeb1c86d92ae6ab6dd46e489e668c86f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Breachforums Boss to Pay $700k in Healthcare Breach

In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian...

WordPress Ajax Load More plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Ajax Load More plugin, which stems from the application's lack of effective filtering and escaping of user-supplied...

PT-2025-20381 · Telemessage · Telemessage Archiving Backend +1

Name of the Vulnerable Software and Affected Versions: TeleMessage versions prior to 2025-05-05 Description: The TeleMessage archiving backend holds cleartext copies of messages from TM SGNL aka Archive Signal app users, which is different functionality than described in the TeleMessage "End-to-E...

CVE-2025-20968

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery...

Ensure That a User Has Its Own Home Directory

Each user must have its own home directory for storing user-related data. The owner of the home directory must be the user. If the owner of the home directory is not the user, the user cannot read or write the home directory, or the user data stored in the home directory can be read or tampered...

The vulnerability of the PCMan FTP Server relates to the occurrence of operations beyond the buffer boundaries in memory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PCMan FTP Server relates to the execution of operations beyond the buffer in memory when processing the rmdir parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

PT-2025-28188 · Ооо 'Сегнетикс' · Segnetics Smconfig

Уязвимость конфигуратора системных настроек Segnetics SMConfig связана с использованием предустановленных учетных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации, путём...

Federal Data, Meet your New Bodyguard: DSPM joins Wiz for Government

Wiz is excited to bring Data Security Posture Management DSPM into our FedRAMP authorized offering. DSPM enables organizations requiring FedRAMP to automate classification, policy enforcement, and continuous monitoring for their sensitive cloud data...