Framework for Integrating Zero Trust in Cloud-Based Endpoint Security for Critical Infrastructure

Cyber threats have become highly sophisticated, prompting a heightened concern for endpoint security, especially in critical infrastructure, to new heights. A security model, such as Zero Trust Architecture ZTA, is required to overcome this challenge. ZTA treats every access request as new and...

Tanium Threat Response 安全漏洞

Tanium Threat Response is a core security module for endpoint detection and response developed by the American company Tanium. Tanium Threat Response has a security vulnerability, which stems from information leakage...

CVE-2026-1684

A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcpreports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. The attack can be executed remotely. It is advisable to...

CVE-2018-19367

Portainer through 1.19.2 provides an API endpoint /api/users/admin/check to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case...

CVE-2021-31856

A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint order parameter in GetMesheryPatterns in models/mesherypatternpersister.go...

CVE-2022-38777

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account...

CVE-2022-26699

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to cause a denial-of-service to Endpoint Security clients...

CVE-2020-7251

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security ENS Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS...

CVE-2020-7308

Cleartext Transmission of Sensitive Information between McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence GTI servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining...

GHSA-G59M-GF8J-GJF5 AWS SDK for Rust v1 adopted defense in depth enhancement for region parameter value

Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement has been implemented in th...

DriveLock 安全漏洞

DriveLock is an endpoint security and data protection platform from DriveLock Germany. A security vulnerability exists in DriveLock 24.1 and prior versions 24.1.x, 24.2.8 and prior versions 24.2.8, and 25.1.6 and prior versions 24.1.x. The vulnerability stems from an agent that creates files and...

PubNet 安全漏洞

PubNet is a self-hosted package repository for the individual developer Ricardo Boss. A security vulnerability exists in PubNet versions prior to 1.1.3, which stems from an unauthenticated /api/storage/upload endpoint that could lead to identity spoofing and elevation of privilege...

CVE-2025-64984

Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux any version with anti-virus databases prior to 18.11.2025, Kaspersky Industrial CyberSecurity for Linux Nodes any version with anti-virus databases prior to 18.11.2025, and Kaspersky Endpoint Security for Mac 12.0.0.325...

EUVD-2025-198259

Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux any version with anti-virus databases prior to 18.11.2025, Kaspersky Industrial CyberSecurity for Linux Nodes any version with anti-virus databases prior to 18.11.2025, and Kaspersky Endpoint Security for Mac 12.0.0.325...

CVE-2025-64984

Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux any version with anti-virus databases prior to 18.11.2025, Kaspersky Industrial CyberSecurity for Linux Nodes any version with anti-virus databases prior to 18.11.2025, and Kaspersky Endpoint Security for Mac 12.0.0.325...

CVE-2025-64984

Affected products: Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025), and Kaspersky Endpoint Security for Mac (12.0.0.325, 12.1.0.553, 12...

Kaspersky Endpoint Security和Kaspersky Industrial CyberSecurity for Linux Nodes 安全漏洞

Kaspersky Endpoint Security and Kaspersky Industrial CyberSecurity for Linux Nodes are both products of the Swiss company Kaspersky.Kaspersky Endpoint Security is an endpoint protection software. Kaspersky Industrial CyberSecurity for Linux Nodes is an industrial network security software. A...

EUVD-2025-74033

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac BEST before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the...

CVE-2025-5317

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac BEST before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the...

CVE-2025-5317 Improper access restriction to critical folder in Bitdefender Endpoint Security Tools for Mac

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac BEST before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the...