CVE-2025-11915 HTTP Desynchronisation in Vertex AI for certain third-party models

Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...

EUVD-2025-24253

Malicious code in bioql PyPI...

Ivanti Connect Secure < 22.7R2.9 / 22.8R2 Multiple Vulnerabilities

The Ivanti Connect Secure installed on the remote host is prior to 22.7R2.9 / 22.8R2. It is, therefore, affected by multiple vulnerabilities, including the following: - Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gatew...

CVE-2025-55144

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...

CVE-2025-55147

CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote unauthenticated attacker to execute sensitive actions on behalf of...

CVE-2025-55145

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker to hijack existing HTML5...

CVE-2025-8711

CVE-2025-8711 describes a cross-site request forgery (CSRF) vulnerability affecting Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723, and Ivanti Neurons for Secure Access before 22.8R1.4. An unauthenticated remote attacke...

PT-2025-36752

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.9 Ivanti Connect Secure versions prior to 22.8R2 Ivanti Policy Secure versions prior to 22.7R1.6 Ivanti ZTA Gateway versions prior to 2.8R2.3-723 Ivanti Neurons for Secure Access versions prior t...

PT-2025-36754

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.9 Ivanti Policy Secure versions prior to 22.7R1.6 Ivanti ZTA Gateway versions prior to 2.8R2.3-723 Ivanti Neurons for Secure Access versions prior to 22.8R1.4 Description: The software contains a...

PT-2025-36753

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.9 Ivanti Connect Secure versions prior to 22.8R2 Ivanti Policy Secure versions prior to 22.7R1.6 Ivanti ZTA Gateway versions prior to 2.8R2.3-723 Ivanti Neurons for Secure Access versions prior t...

CVE-2025-5462

A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote unauthenticated attacker to trigger a deni...

CVE-2025-5468

Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a local authenticated attacker to re...

CVE-2023-30955

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fi...

GHSA-6WXF-7784-62FP Horcrux Double Sign Possibility

Horcrux Incident Disclosure: Possible Double-Sign Summary On March 6, 2025, a Horcrux user 01node experienced a double-signing incident on the Osmosis network, resulting in a 5% slash penalty approximately 75,000 OSMO or $20,000 USD. After thorough investigation, we have identified a race conditi...

Sentry's improper authentication on SAML SSO process allows user impersonation

Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same...

CVE-2023-30955 Foundry workspace-server Developer Mode Authorization Bypass

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fi...

Zomato: Availing Zomato gold by using a random third-party `wallet_id`

We received a report from @pandaaaa wherein he demonstrated a way to avail Zomato Gold membership using random Zomato User's wallet. The report was triaged and rewarded with critical severity with a CVSS score of 9.3. It was considered critical since a random user's wallet could have been used fo...

WordPress Neuvoo-Jobroll 2.0 Cross Site Scripting Vulnerability

WordPress plugin Neuvoo-Jobroll version 2.0 suffers from a reflective cross site scripting vulnerability. Exploit Title: Wordpress plugin neuvoo-jobroll 2.0 Reflected Cross-Site Scripting RXSS Date: 05/11/2015 Author: Mickael Dorigny @ Synetis Vendor or Software Link: http://neuvoo.fr/fr Version:...

DUO-PSA-2020-002: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2020-002 Publication Date: 2020-04-28 Revision Date: 2020-04-28 Status: Confirmed, Fixed Document Revision: 1 Overview Duo Engineering has identified and fixed an issue with directory sync for on-premises Microsoft Active Directory, OpenLDAP, and...