PT-2025-18505 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel, specifically in the vmci host do receive datagram function. The issue is related to an information leak, where the struct vmci...

Unauthorized Data Access

moodle/moodle is vulnerable to Unauthorized Data Access. The vulnerability is due to lack of proper validation of user permissions before allowing access to cohort data, which allows an attacker to view cohort information they are not authorized to access...

ZTE GoldenDB SQL Injection Vulnerability (CNVD-2025-10854)

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. ZTE GoldenDB suffers from a SQL injection vulnerability, which can be...

PT-2025-18229 · WordPress · Wp Statistics

Name of the Vulnerable Software and Affected Versions: The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin versions up to, and including, 14.13.3 Description: The issue is related to unauthorized modification of data due to a missing capability check on the optionUpdater...

Building Trust in Healthcare with Privacy Techniques: Blockchain in the Cloud

This study introduces a cutting-edge architecture developed for the NewbornTime project, which uses advanced AI to analyze video data at birth and during newborn resuscitation, with the aim of improving newborn care. The proposed architecture addresses the crucial issues of patient consent, data...

​​Explore practical best practices to secure your data with Microsoft Purview​​

According to the Microsoft 2024 Data Security Index, organizations experience an average of 156 data security incidents annually, and this cyberthreat continues to be a top concern for data security decision-makers.1 A full 82% of security decision-makers believe a comprehensive, fully integrated...

​​Explore practical best practices to secure your data with Microsoft Purview​​

According to the Microsoft 2024 Data Security Index, organizations experience an average of 156 data security incidents annually, and this cyberthreat continues to be a top concern for data security decision-makers.1 A full 82% of security decision-makers believe a comprehensive, fully integrated...

Information Disclosure Vulnerability in Oracle E-Business Suite

Oracle E-Business Suite is a fully integrated set of global business management software from Oracle. An information disclosure vulnerability exists in Oracle User Management for Oracle E-Business Suite, which arises from a flaw in the search and register users component and can be exploited by a...

Lattica Emerges from Stealth to Solve AI’s Biggest Privacy Challenge with FHE

Lattica’s cloud-based solution uses Fully Homomorphic Encryption to query encrypted data on AI models without decrypting it, preserving privacy and bolstering security...

The vulnerability of the UpdateDatabaseSettings method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the UpdateDatabaseSettings method in software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the...

The vulnerability of the UpdateSmtpSettings method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the UpdateSmtpSettings method in software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the...

PT-2025-17598 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 7.1.1-42962-8 Synology DiskStation Manager DSM versions prior to 7.2.1-69057-7 Synology DiskStation Manager DSM versions prior to 7.2.2-72806-3 Description: A missing authorization...

Wiz Data Foundations: Where’s My Sensitive Data—And Who Can Access It?

A hands-on walkthrough of how to use Wiz to find sensitive data and uncover who can access it...

PT-2025-17499 · Sirv · Sirv

Name of the Vulnerable Software and Affected Versions: Sirv versions through 7.5.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. Specifically, it is a Stored XSS vulnerability, which means that an attacker can...

CVE-2025-39595

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Quentn.com GmbH Quentn WP quentn-wp allows SQL Injection.This issue affects Quentn WP: from n/a through = 1.2.8...

PT-2025-17093 · Unknown · Terminal Africa

Name of the Vulnerable Software and Affected Versions: Terminal Africa versions 1.13.17 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This means that an attacker can...

PT-2025-17040 · Unknown · Beacon Lead Magnets/Lead Capture

Name of the Vulnerable Software and Affected Versions: Beacon Lead Magnets and Lead Capture versions 1.5.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This means a...

SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions

Palo Alto, California, 16th April 2025, CyberNewsWire...

PT-2025-16411 · Oracle · Jd Edwards Enterpriseone Tools

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.9.2 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools, requiring human interaction from a person other...

CVE-2025-32375

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized...