Keycloak - SAML Core Package Signature Validation Flaw

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

EUVD-2015-4339

Malware in sbrugna...

EUVD-2018-16021

Malware in sbrugna...

EUVD-2017-0129

Malware in sbrugna...

EUVD-2014-6033

Malware in sbrugna...

EUVD-2015-7871

Malware in sbrugna...

EUVD-2011-1717

Malware in sbrugna...

EUVD-2024-34451

Malicious code in bioql PyPI...

EUVD-2025-7820

Malicious code in bioql PyPI...

CVE-2021-45900

Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOHAUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let ...

CVE-2025-32755

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH...

CVE-2025-32755

CVE-2025-32755 affects Jenkins’ ssh-slave Docker images built on Debian. In these images, SSH host keys are generated at image creation, causing all containers derived from the same image version to share identical host keys. This enables an attacker who can position themselves in the network pat...

CVE-2025-2081

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients...

Siemens SCALANCE X-200RNA Switch Devices Improper Input Validation (CVE-2015-6563)

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafte...

CVE-2025-27912

An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when 1 Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or 2 when username/password or Active Directory authentication is in use and a...

CVE-2025-27912

CVE-2025-27912 affects Datalust Seq prior to 2024.3.13545. The issue is caused by missing Content-Type validation, enabling CSRF when a user authenticated via Entra ID/OpenID Connect, or via username/password/AD, visits a malicious site on the same TLD as the Seq server. Exploitation could allow ...

CVE-2025-27912

An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when 1 Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or 2 when username/password or Active Directory authentication is in use and a...

Linux Distros Unpatched Vulnerability : CVE-2016-1567

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to...

Linux Distros Unpatched Vulnerability : CVE-2015-7974

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers...

AI-Powered Social Engineering: Reinvented Threats

The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It's the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution. This article explores how these chang...