3039 matches found
CVE-2025-32886
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data...
CVE-2025-4154
creationtimestamp| type| source ---|---|--- 2025-05-01 07:14:12+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14244 2025-05-01 09:55:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo426c7bc72j 2025-05-01 10:39:02+00:00| seen|...
goTenna V1 安全漏洞
goTenna V1 is a portable offline communication device from goTenna, Inc. that enables long-distance peer-to-peer communication between smartphones via mesh network technology. A security vulnerability exists in goTenna V1, which originates from hard-coded authentication tokens, which could lead t...
Medium: python3.12-pip
Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...
Windscribe Acquitted on Charges of Not Collecting Users’ Data
The company doesn't keep logs, so couldn't turn over data: Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection...
The Dark Side of the Web: Towards Understanding Various Data Sources in Cyber Threat Intelligence
Cyber threats have become increasingly prevalent and sophisticated. Prior work has extracted actionable cyber threat intelligence CTI, such as indicators of compromise, tactics, techniques, and procedures TTPs, or threat feeds from various sources: open source data e.g., social networks, internal...
Security Science (SecSci), Basic Concepts and Mathematical Foundations
This textbook compiles the lecture notes from security courses taught at Oxford in the 2000s, at Royal Holloway in the 2010s, and currently in Hawaii. The early chapters are suitable for a first course in security. The middle chapters have been used in advanced courses. Towards the end there are...
Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative
The Microsoft Secure Future Initiative SFI stands as the largest cybersecurity engineering project in history and most extensive effort of its kind at Microsoft. Since inception, we've dedicated the equivalent of 34,000 engineers working full-time for 11 months to mitigate risks and address the...
CVE-2025-43971
creationtimestamp| type| source ---|---|--- 2025-04-21 01:02:23+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12629 2025-04-21 01:23:04+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114373334403320705 2025-04-21 01:51:05+00:00| seen|...
DEBIAN-CVE-2025-22080
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdrfirstde The "deoff" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINTMAX - 16 then the check does...
CVE-2025-22080 fs/ntfs3: Prevent integer overflow in hdr_first_de()
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdrfirstde The "deoff" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINTMAX - 16 then the check does...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an integer overflow risk in hdrfirstde in ntfs3 that could lead to out-of-bounds access...
PT-2025-38560
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue in the i40e driver where an invalid memory access could occur when the MAC list is empty. The list first entry function does not return NULL, potential...
Medium: grub2
Issue Overview: A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not...
CVE-2025-23389
A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...
Rancher 访问控制错误漏洞
Rancher is an open source container management platform from the US-based Rancher Open Source, built for organizations that deploy containers in production environments. An access control error vulnerability exists in Rancher versions prior to 2.8.0 to 2.8.13, 2.9.0 to 2.9.7, and 2.10.0 to 2.10.3...
CVE-2025-26654
SAP Commerce Cloud Public Cloud does not allow to disable unencrypted HTTP port 80 entirely, but instead allows a redirect from port 80 to 443 HTTPS. As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request befor...
CVE-2025-26654
SAP Commerce Cloud Public Cloud does not allow to disable unencrypted HTTP port 80 entirely, but instead allows a redirect from port 80 to 443 HTTPS. As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request befor...
PT-2025-15365 · Sap · Sap Commerce Cloud
Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud affected versions not specified Description: The issue affects the confidentiality and integrity of data sent in the first request before a redirect from HTTP to HTTPS. Normally, Commerce communicates securely over HTTPS, b...
CVE-2025-3184
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /patient/profile.php?patientId=1. The manipulation of the argument patientFirstName leads to sql injection. The attack may be...