PT-2025-5866 · Unknown · Orthanc Dicom Server

Name of the Vulnerable Software and Affected Versions: Orthanc DICOM Server versions prior to 1.5.8 Description: The issue allows unauthorized access to medical images due to missing authentication. This exposes medical data to potential unauthorized access. Remote attackers can exploit this to...

CVE-2024-10591

The MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hubwoosaveupdates function in all version...

CVE-2024-45394

Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVPBytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the...

CVE-2024-6660

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpressimportdatacontinueprocessfunc function in all...

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

Watch Out For These 8 Cloud Security Shifts in 2025

As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could...

CVE-2025-20894

CVE-2025-20894 concerns Samsung Email. multiple sources confirm an improper access control flaw in Samsung Email prior to version 6.1.97.1, enabling physical attackers to access data across multiple user profiles. The PT-Security advisory explicitly lists affected versions and the fix path: updat...

Apache Cassandra 安全漏洞

Apache Cassandra is a distributed Nosql database from the American Apache Apache Foundation. Apache Cassandra suffers from an authorization issue vulnerability that stems from the inclusion of an incorrect authorization, which can be exploited by an attacker to access a datacenter or IP/CIDR grou...

PT-2025-4176 · Samsung · Samsung Email

Name of the Vulnerable Software and Affected Versions: Samsung Email versions prior to 6.1.97.1 Description: The issue is related to improper access control, allowing physical attackers to access data across multiple user profiles. Recommendations: For versions prior to 6.1.97.1, update to versio...

CISA Releases Fact Sheet Detailing Embedded Backdoor Function of Contec CMS8000 Firmware

CISA released a fact sheet, Contec CMS8000 Contains a Backdoor, detailing an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health HPH sector. Analysts discovered that an embedded backdoor function with a hard-coded IP...

Key Performance Indicators for Effective DSPM Implementation

What are the most important KPI’s for a successful DSPM implementation? Let's explore what KPI’s to monitor, why they matter, and how you can take advantage of them for improved security at your org...

CVE-2025-24357

vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...

CVE-2024-22316 IBM Sterling File Gateway improper access control

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls...

CVE-2025-0543

Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in...

CVE-2025-0543 G DATA Security Client Local privilege escalation

Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in...

CVE-2025-0543 G DATA Security Client Local privilege escalation

Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in...

CVE-2025-0543

CVE-2025-0543 describes a local privilege escalation in the G DATA Security Client caused by incorrect assignment of directory privileges. An unprivileged local attacker can escalate to SYSTEM by placing an arbitrary executable in a globally writable directory, which is then executed by the Setup...

G DATA Security Client 安全漏洞

G DATA Security Client is an antivirus software security client from G DATA. A security vulnerability exists in G DATA Security Client that stems from an incorrect assignment of directory permissions, resulting in local elevation of privileges...

PT-2025-3948 · G Data · G Data Security Client

Name of the Vulnerable Software and Affected Versions: G DATA Security Client versions are not explicitly specified in the provided descriptions. Description: The issue is related to incorrect assignment of privileges to directories in G DATA Security Client, allowing a local, unprivileged attack...

Product Walkthrough: How Satori Secures Sensitive Data From Production to AI

Every week seems to bring news of another data breach, and it's no surprise why: securing sensitive data has become harder than ever. And it's not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across...