CVE-2025-31964

Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface...

CVE-2025-31964

Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface...

CVE-2025-31964

CVE-2025-31964 affects HCL BigFix IVR 4.2. The issue is an improper service binding configuration in internal service components that causes administrative services to be bound to external network interfaces rather than the local authentication interface, potentially impacting service availabilit...

CVE-2025-31964 HCL BigFix IVR is impacted by an improper service binding configuration

Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface...

CVE-2025-31964 HCL BigFix IVR is impacted by an improper service binding configuration

Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface...

CVE-2025-31962

CVE-2025-31962 affects HCL BigFix IVR 4.2 Web UI authentication component. The root cause is insufficient session expiration, enabling an authenticated attacker to maintain prolonged access to protected API endpoints due to overly long session lifetimes. Documented impact is unauthorized access t...

PT-2026-1582

Name of the Vulnerable Software and Affected Versions HCL BigFix IVR version 4.2 Description A configuration issue with service binding in internal service components allows a privileged attacker to affect service availability. This occurs because administrative services are exposed through...

PT-2026-1664

Name of the Vulnerable Software and Affected Versions EFACEC EV chargers affected versions not specified Description A large number of ARP requests can cause a denial of service on a control board within the EV charger, impacting the EV interfaces. The affected board's proper operation is essenti...

CVE-2020-36922

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests t...

CVE-2020-36922 Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests t...

CVE-2025-3654

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through...

PT-2026-25820

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.2 Description Glances, an open-source system cross-platform monitoring tool, contains a critical issue in its Central Browser mode. The /api/4/serverslist endpoint returns raw server objects that can contain...

PT-2026-8214

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the dpaa2-switch driver where a zero-sized pointer dereference can occur when the number of interfaces num ifs reported by the device is zero. This happens because kcall...

2025 exposed the risks we ignored while rushing AI

This blog is part of a series where we highlight new or fast-evolving threats in the consumer security landscape. This one looks at how the rapid rise ofArtificial Intelligence AI is putting users at risk. In 2025 we saw an ever-accelerating race between AI providers to push out new features. We...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992499)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992499 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioc...

CVE-2023-54012

In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's feature is updated, it synchronizes the updated feature for its own lower interface. This propagation logic should be worked as the...

SUSE CVE-2023-54012

In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's feature is updated, it synchronizes the updated feature for its own lower interface. This propagation logic should be worked as the...

Linux Distros Unpatched Vulnerability : CVE-2023-54012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's feature is updated, it synchronizes the updated feature for its...

CVE-2018-25138

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

RUSTSEC-2025-0143 Unsound APIs of public `constant::Reader` and `StructSchema`

The safe API functions constant::Reader::get and StructSchema::new rely on PointerReader::getrootunchecked, which can cause undefined behavior UB by constructing arbitrary words or schemas. Reader::get rust pub fn get&self - Result::Reader // ... // UNSAFE: access words without validation...