AI Agents Are Democratizing Finance but Also Redefining Risk

AI agents are transforming finance, enabling automated trading and payments, but introduce new risks around keys, data inputs and secure execution control...

EUVD-2021-1270

Malware in sbrugna...

EUVD-2008-0869

Malware in sbrugna...

EUVD-2016-7994

Malware in sbrugna...

EUVD-2021-31319

Malicious code in bioql PyPI...

CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

CVE-2025-7353

CVE-2025-7353 affects Rockwell Automation ControlLogix Ethernet Modules via the web-based debugger agent (WDB). The connected PT-2025-33275 entry specifies affected software versions pre-12.001 and explains that connecting to the WDB agent from a specific IP can enable remote attackers to perform...

PT-2025-33275

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ControlLogix Ethernet Modules versions prior to 12.001 Description: A security issue exists in Rockwell Automation ControlLogix Ethernet Modules due to the web-based debugger agent. Connecting to the WDB agent using a...

CVE-2025-42947

SAP FICA ODN framework allows a high privileged user to inject value inside the local variable which can then be executed by the application. An attacker could thereby control the behaviour of the application causing high impact on integrity, low impact on availability and no impact on...

OESA-2025-1833 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2025:01702-2)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01702-2 advisory. - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen...

CVE-2023-0221

Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program...

CVE-2024-45034

Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later...

An expired parameter is required because there may be slippage in the calculation.

Lines of code Vulnerability details Impact Due to changes in interest rates, failure to process transactions in a timely manner may result in missing out on ideal rewards. Proof of Concept The calculation of the clainRewards function involves interest rates, which are variable. If...

Trellix Application and Change Control 安全漏洞

Trellix Application and Change Control Trellix ACC is an application and change control program from American FireEye Trellix. A security vulnerability exists in Trellix Application and Change Control versions prior to 8.3.4, which stems from a vulnerability that allows a locally logged-in attack...

TP-LINK AX10 Code Injection Vulnerability

TP-LINK AX10 is a router from TP-LINK, China. TP-LINK AX10 version 1.3.1 is vulnerable to a code injection vulnerability, which stems from the ability to execute arbitrary code via a specially crafted backup file. An attacker could use this vulnerability to generate illegal code segments that...

CVE-2022-39274 Buffer Overflow in `ProcessRadioRxDone` in LoRaMac-node

LoRaMac-node is a reference implementation and documentation of a LoRa network node. Versions of LoRaMac-node prior to 4.7.0 are vulnerable to a buffer overflow. Improper size validation of the incoming radio frames can lead to an 65280-byte out-of-bounds write. The function ProcessRadioRxDone...

CVE-2022-36899

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

User can bypass entryFee by sending arbitrary calldata to ParaSwap operator

Lines of code Vulnerability details Impact Any user is able to bypass the entryFee collection when using NestedFactory.create by passing in arbitrary calldata when using the ParaSwap router. High level, a user can pass in calldata to swap from a miniscule amount of input token to an ERC777 with...