Keycloak - SAML Core Package Signature Validation Flaw

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

NVIDIA DGX OS 安全漏洞

NVIDIA DGX OS is a Linux operating system and cluster management environment for the DGX AI server platform developed by NVIDIA Corporation in the United States. NVIDIA DGX OS contains security vulnerabilities. These vulnerabilities arise from cloning base images during factory configuration...

Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed

Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The vulnerabilities "allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications,"...

EUVD-2016-2662

Malware in sbrugna...

EUVD-2017-8234

Malware in sbrugna...

EUVD-2018-16021

Malware in sbrugna...

EUVD-2015-4339

Malware in sbrugna...

EUVD-2015-7871

Malware in sbrugna...

EUVD-2014-6033

Malware in sbrugna...

EUVD-2017-0129

Malware in sbrugna...

EUVD-2011-1717

Malware in sbrugna...

EUVD-2024-34451

Malicious code in bioql PyPI...

EUVD-2025-7820

Malicious code in bioql PyPI...

CVE-2021-45900

Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOHAUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let ...

CVE-2025-32755

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH...

CVE-2025-32755

CVE-2025-32755 affects Jenkins’ ssh-slave Docker images built on Debian. In these images, SSH host keys are generated at image creation, causing all containers derived from the same image version to share identical host keys. This enables an attacker who can position themselves in the network pat...

CVE-2025-2081

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients...

Siemens SCALANCE X-200RNA Switch Devices Improper Input Validation (CVE-2015-6563)

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafte...

CVE-2025-27912

An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when 1 Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or 2 when username/password or Active Directory authentication is in use and a...

CVE-2025-27912

CVE-2025-27912 affects Datalust Seq prior to 2024.3.13545. The issue is caused by missing Content-Type validation, enabling CSRF when a user authenticated via Entra ID/OpenID Connect, or via username/password/AD, visits a malicious site on the same TLD as the Seq server. Exploitation could allow ...