1194 matches found
PT-2025-47558
Name of the Vulnerable Software and Affected Versions Kaspersky Endpoint Security for Linux versions with anti-virus databases prior to 18.11.2025 Kaspersky Industrial CyberSecurity for Linux Nodes versions with anti-virus databases prior to 18.11.2025 Kaspersky Endpoint Security for Mac versions...
CVE-2025-64511 MaxKB has SSRF in sandbox
MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such as databases through Python code in the tool module, although the process runs in a sandbox. Version 2.3.1 fixes the issue...
Malicious Package
Overview SqlUnicorn.Core is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...
Malicious Package
Overview Sharp7Extend is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...
CVE-2025-10870
SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'...
CVE-2025-10870
Summary: CVE-2025-10870 is a SQL injection in DIAL CentrosNet, affecting version(s) prior to 2.65. The flaw exists in the /centrosnet/ultralogin.php endpoint via the ultralogin parameter, allowing an attacker to retrieve, create, update, and delete databases. The primary affected component is Cen...
CVE-2025-12503
CVE-2025-12503 describes a SQL Injection vulnerability in Digiwin EasyFlow .NET and EasyFlow AiNet. Affected: EasyFlow .NET and EasyFlow AiNet by Digiwin. Impact: authenticated remote attackers can inject SQL and read database contents. Root cause/details of vulnerable component/version are not s...
[SECURITY] Fedora 43 Update: openbao-2.4.3-1.fc43
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
Gmail breach panic? It’s a misunderstanding, not a hack
After a misinterpretation of an interview with a security researcher, several media outlets hinted at a major Gmail breach. Reporters claimed the incident took place in April. In reality, the researcher had said there was an enormous amount of Gmail usernames and passwords circulating on the dark...
Exploit for Observable Discrepancy in Openbsd Openssh
Advanced Exploit Finder A comprehensive penetration testing t...
CVE-2025-41019
SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticketdetail'...
The Power of Vector Databases in the New Era of AI Search
In my 15 years as a software engineer, I've seen one truth hold constant: traditional databases are brilliant…...
EUVD-2025-34676
GeoIP processor disables SSL certificate validation when downloading databases...
GeoIP processor disables SSL certificate validation when downloading databases
Impact The GeoIP processor in Data Prepper was configured to trust all SSL certificates and disable hostname verification when downloading GeoIP databases from HTTP URLs, making downloads vulnerable to man-in-the-middle attacks. The GeoIP processor included a custom SSL implementation that...
A Systematic Study on Generating Web Vulnerability Proof-Of-Concepts Using Large Language Models
Recent advances in Large Language Models LLMs have brought remarkable progress in code understanding and reasoning, creating new opportunities and raising new concerns for software security. Among many downstream tasks, generating Proof-of-Concept PoC exploits plays a central role in vulnerabilit...
API Attack Awareness: Injection Attacks in APIs – Old Threat, New Surface
Injection attacks are among the oldest tricks in the attacker playbook. And yet they persist. The problem is that the core weakness, trusting user inputs too much, keeps resurfacing in new forms. As organizations have shifted to API-driven architectures and integrated AI systems that consume...
EUVD-2020-2729
Malware in sbrugna...
EUVD-2019-7988
Malware in sbrugna...
EUVD-2017-9508
Malware in sbrugna...
EUVD-2013-0891
Malware in sbrugna...