CVE-2024-57906

In the Linux kernel, CVE-2024-57906 affects the iio: adc: ti-ads8688 path, where a local buffer used to push data to userspace from a triggered buffer was not initialized for inactive channels. The root cause is failing to zero-initialize the buffer, risking information leakage to userspace. The ...

CVE-2025-21363 Microsoft Word Remote Code Execution Vulnerability

...

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect thi...

Microsoft Message Queuing Information Disclosure Vulnerability

...

CVE-2025-0063

SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and...

WebKit DocumentFontLoader::fontLoadingTimerFired Use-After-Free

WebKit suffers from a use-after-free vulnerability in DocumentFontLoader::fontLoadingTimerFired. https://packetstorm.news/download/188628...

PT-2025-2628 · Hcl · Hcl Myxalytics

The vulnerable software is HCL MyXalytics. The vulnerability is a cleartext transmission of sensitive information, where the application transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. This vulnerability allows...

CVE-2024-7142

On Arista CloudVision Appliance CVA affected releases running on appliances that support hardware disk encryption DCA-350E-CV only, the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them...

Security Bulletin: Vulnerability in Elasticsearch (CVE-2023-49921) affects IBM Watson CP4D Data Stores

Summary A potential vulnerability CVE-2023-49921 has been identified related to Elasticsearch that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-49921 DESCRIPTION: An issue was...

Data Security: Challenges, Solutions, and the Path Forward

Learn why a more proactive, integrated, and dynamic approach to data security is crucial to effectively safeguard your business in today’s digital landscape...

Command Execution Vulnerability in Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co.

hereinafter referred to as "SinoCom-ArtM" is one of the leading providers of data, intelligent security operation and maintenance, mobile security, security services and other fields in China. A command execution vulnerability exists in the Operations and Maintenance Management and Audit System o...

License Plate Readers Are Leaking Real-Time Video Feeds and Vehicle Data

Misconfigured license-plate-recognition systems reveal the livestreams of individual cameras and the wealth of data they collect about every vehicle that passes by them...

CVE-2024-46542

CVE-2024-46542 affects Veritas / Arctera Data Insight versions prior to 7.1.1. The root cause is improper neutralization of SQL commands, allowing Application Administrators to perform SQL injection. Impact described: potential information disclosure. Remediation: upgrade to 7.1.1 or later; as a ...

CVE-2024-56554

In the Linux kernel, the following vulnerability has been resolved: binder: fix freeze UAF in binderreleasework When a binder reference is cleaned up, any freeze work queued in the associated process should also be removed. Otherwise, the reference is freed while its ref-freeze.work is still queu...

MAL-2024-12146 Malicious code in docu-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6622a889906180340028e70850543b9d34f93618e7dee954ad8d394aa5c86be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Builder.ai Database Misconfiguration Exposes 1.29 TB of Unsecured Records

Cybersecurity researcher Jeremiah Fowler discovered a 1.2TB database containing over 3 million records of Builder.ai, a London-based AI software and app development company. Discover the risks, lessons learned, and best practices for data security...

CVE-2024-11926

CVE-2024-11926 (Travel Booking WordPress Theme) in Travel Booking WordPress Theme (Trav eler) is a capability check bypass vulnerability. The issue arises from missing capability checks on functions: __stPartnerCreateServiceRental, st_delete_order_item, _st_partner_approve_booking, save_order_ite...

The vulnerability of the microprogrammed software of the multifunctional wireless access points Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO lies in the ability to restore a modified backup configuration. This vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the microprogrammed software in multifunctional wireless access points of Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO lies in the ability to restore a modified backup configuration. Exploiting this vulnerability allows an attacker operating remotely to...

CVE-2024-54476

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access user-sensitive data...

ROS-20241211-13

Vulnerability of vrrpipsethandler function fglobalparser.c of network traffic balancing system Keepalived is related to integer overflow. Exploitation of the vulnerability could allow an attacker, acting remotely, to impact the confidentiality, integrity, and availability of protected information...