CVE-2025-36373

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user...

Security Bulletin: Incorrect administrative access control in IBM DataPower Gateway

Summary This issue allowed valid administrative users to see services within domains to which they should have had no access. Vulnerability Details CVEID:CVE-2025-36373 DESCRIPTION: IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user...

Security update for xrdp

This update for xrdp fixes the following issues: CVE-2025-68670: Fix a potential overflow when processing user domain information. bsc1257362 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you c...

Security update for xrdp

This update for xrdp fixes the following issues: CVE-2025-68670: Fix a potential overflow when processing user domain information. bsc1257362 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you c...

SUSE-SU-2026:0433-1 Security update for xrdp

This update for xrdp fixes the following issues: - CVE-2025-68670: Fix a potential overflow when processing user domain information. bsc1257362...

SUSE SLES12 Security Update : xrdp (SUSE-SU-2026:0404-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0404-1 advisory. - CVE-2025-68670: Fix a potential overflow when processing user domain information. bsc1257362 Tenable has extracted the preceding description block...

[SECURITY] [DLA 4464-1] xrdp security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4464-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 03, 2026 https://wiki.debian.org/LTS -...

CVE-2005-1932

Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and 1 modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, 2 close, open, or respond to arbitrary support tickets via the close, open, or...

A-Red-Teamer-diaries

The provided context is a GitHub repository containing a Python script named RunFinger.py and a README.md file. The script is designed to gather information about the domain name and Windows machine running in the network. The README.md file contains information about the purpose of the script an...

API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc

APIs For OSINT This is a Collection of APIs that will be useful for automating various tasks in OSINT. Thank you for following me! https://cybdetective.com IOT/IP Search engines Name | Link | Description | Price ---|---|---|--- Shodan | https://developer.shodan.io | Search engine for Internet...

A journey into forgotten Null Session and MS-RPC interfaces, part 2

In the first part of our research, I demonstrated how we revived the concept of no authentication null session after many years. This involved enumerating domain information, such as users, without authentication. I walked you through the entire process, starting with the difference between no-au...

USN-7191-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2025-0237, CVE-2025-0239,...

CVE-2023-47146

IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372...

USN-6074-3 firefox regressions

USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were...

SUSE CVE-2014-0028

libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:searchdomains restrictions in ACLs and obtain sensitive domain object information via a request to the 1 virConnectDomainEventRegister and 2 virConnectDomainEventRegisterAny functions in the...

USN-5816-1 firefox vulnerabilities

Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. CVE-2023-23597 Tom...

USN-5709-2 firefox vulnerabilities

USN-5709-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...

FortiMail - Inter-domain information leakage

An improper access control vulnerability CWE-284 in FortiMail may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references IDOR...

Strategies, tools, and frameworks for building an effective threat intelligence team

How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...

Strategies, tools, and frameworks for building an effective threat intelligence team

How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...