MAL-2025-46912 Malicious code in monolith-twirp-features-core (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 64a205c0d39719b1f698d7f10e7a82d52414defe3390015bda26bd1a60c5522c The OpenSSF Package Analysis project identified 'monolith-twirp-features-core' @ 1.1.1 rubygems as malicious. It is considered malicious because...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a denial of service in glassfish jsonp (CVE-2025-36097)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service. This affects WebSphere Liberty with the jsonp-1.0, jsonp-1.1, or jsonp-2.0 features enabled. Following IBM® Engineering Lifecycle Management products are vulnerable to this attac...

Virtual Reality, Real Problems: a Longitudinal Security Analysis of VR Firmware

Virtual Reality VR technology is rapidly growing in recent years. VR devices such as Meta Quest 3 utilize numerous sensors to collect users' data to provide an immersive experience. Due to the extensive data collection and the immersive nature, the security of VR devices is paramount. Leading VR...

📄 Generic Payload Handler

This Metasploit module is a stub that provides all of the features of the Metasploit payload system to exploits that have been launched outside of the framework. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Trend Vision One™ Email Security Raises the Standard

Learn all the new aspects of Trend Vision One™ Email Security and how it's raising the standard of effectiveness for the industry...

CVE-2025-34520

An authentication bypass vulnerability in Arcserve Unified Data Protection UDP allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can bypass login mechanisms...

CVE-2025-34520

An authentication bypass vulnerability in Arcserve Unified Data Protection UDP allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can bypass login mechanisms...

CVE-2025-34520 Arcserve UDP < 10.2 Authentication Bypass

An authentication bypass vulnerability in Arcserve Unified Data Protection UDP allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can bypass login mechanisms...

CVE-2025-34520

CVE-2025-34520 describes an authentication bypass in Arcserve Unified Data Protection (UDP). The issue allows unauthenticated attackers to access administrator-level features by manipulating request parameters or exploiting a logic flaw. Affected: UDP versions prior to 10.2. Patches exist in 10.2...

CVE-2025-53105

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change th...

Linux Distros Unpatched Vulnerability : CVE-2024-45397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets ...

PT-2025-34946

Name of the Vulnerable Software and Affected Versions: Arcserve Unified Data Protection UDP versions prior to 10.2 Arcserve Unified Data Protection UDP versions 8.0 through 10.1 Arcserve Unified Data Protection UDP versions 7.x and earlier Description: An authentication bypass in Arcserve Unified...

A Technical Review on Comparison and Estimation of Steganographic Tools

Steganography is technique of hiding a data under cover media using different steganography tools. Image steganography is hiding of data Text/Image/Audio/Video under a cover as Image. This review paper presents classification of image steganography and the comparison of various Image steganograph...

Linux Distros Unpatched Vulnerability : CVE-2007-1923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access...

MAL-2025-41359 Malicious code in @wp-feature-api/client-features (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Copier's safe template has arbitrary filesystem read/write access

Impact Copier's current security model shall restrict filesystem access through Jinja: - Files can only be read using % include ... %, which is limited by Jinja to reading files from the subtree of the local template clone in our case. - Files are written in the destination directory according to...

CVE-2025-55214

CVE-2025-55214 (Copier) : A directory traversal vulnerability affects Copier libraries and CLI from version 7.1.0 up to, but not including, 9.9.1. When using a safe template, an attacker could cause files to be written outside the destination path by exploiting the template rendering of a generat...

Spring Framework MVC Applications Path Traversal Vulnerability

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: the application is deployed as a WAR or with an embedded Servlet container the Servlet...

CVE-2025-7664

The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the checkactivatepermission permission callback for the /wp-json/presslearn/v1/activate REST API endpoint in all versions up to, and including, 1.1.1. The callback reads the client-supplied...

CVE-2025-7664 Al Pack <= 1.1.1 - Missing Authorization to Unauthenticated Premium Feature Activation via check_activate_permission Function

The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the checkactivatepermission permission callback for the /wp-json/presslearn/v1/activate REST API endpoint in all versions up to, and including, 1.1.1. The callback reads the client-supplied...