Researchers Demonstrate 27 Attacks Against Major Password Managers

Researchers demonstrate multiple attacks against major password managers, showing how compromised servers and design flaws can expose encrypted vault data...

Deep Learning for Contextualized NetFlow-Based Network Intrusion Detection: Methods, Data, Evaluation and Deployment

Network Intrusion Detection Systems NIDS have progressively shifted from signature-based techniques toward machine learning and, more recently, deep learning methods. Meanwhile, the widespread adoption of encryption has reduced payload visibility, weakening inspection pipelines that depend on...

CVE-2026-22239

The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable email sending API. Successful exploitation of this vulnerability could allow the...

EUVD-2017-3029

Malware in sbrugna...

EUVD-2012-6578

Malware in sbrugna...

EUVD-2022-47494

Malicious code in bioql PyPI...

CVE-2012-10030

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or...

CVE-2012-10030 FreeFloat FTP Server Arbitrary File Upload

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or...

CVE-2012-10030 FreeFloat FTP Server Arbitrary File Upload

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or...

CVE-2021-37059

There is a Weaknesses Introduced During Design...

CVE-2025-1993

CVE-2025-1993 affects IBM App Connect Enterprise Certified Container DesignerAuthoring instances where flows are stored in a database protected by weaker than expected cryptographic algorithms, potentially exposed to a local user. IBM bulletin (CVE-2025-1993) details affected products/versions: A...

CVE-2024-35325

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2024-35326

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2024-35328

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2024-35329

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Windows CLFS and five exploits used by ransomware operators

In April 2023, we published a blog post about a zero-day exploit we discovered in ransomware attacks that was patched as CVE-2023-28252 after we promptly reported it to Microsoft. In that blog post, we mentioned that the zero-day exploit we discovered was very similar to other Microsoft Windows...

Imperva Unveils Latest API Security Enhancements

Imperva is continuing to evolve its API Security offering to help customers better protect their APIs, wherever they are, and to meet changing market requirements. Since launching API Security in March 2022, we continued investing in our API Security offering with the goal of simplifying the...

The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat Reader Document Cloud, which stem from violations of secure design principles, allow attackers to enhance their privileges.

The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat Reader Document Cloud are related to violations of secure design principles. Exploiting these vulnerabilities can allow attackers, operating remotely, to enhance their privileges...

CVE-2022-46314

The IPC module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability...

New 'Retbleed' Speculative Execution Attack Affects AMD and Intel CPUs

Security researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks. Dubbed Retbleed by ETH Zurich researchers Johannes Wikner and Kaveh Razavi, the issue ...