CVE-2025-8415 Cryostat: authentication bypass if network policies are disabled

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment...

Cryostat 安全漏洞

Cryostat is a container-native JVM application open-sourced by Cryostat. A security vulnerability exists in Cryostat that stems from binding all network interfaces, which could lead to unauthorized access...

CVE-2024-57157

Summary (CVE-2024-57157): Jantent v1.1 has an incorrect access control flaw that allows unauthenticated access to sensitive APIs. Affected component is the application’s authentication/authorization logic; root cause is improper access checks, enabling a network-based bypass without a token. CVSS...

Bridging the Mobile Trust Gap: a Zero Trust Framework for Consumer-Facing Applications

Zero Trust Architecture ZTA has become a widely adopted model for securing enterprise environments, promoting continuous verification and minimal trust across systems. However, its application in mobile contexts remains limited, despite mobile applications now accounting for most global digital...

CVE-2024-57157

Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token...

CVE-2024-57155

Incorrect access control in radar v1.0.8 allows attackers to bypass authentication and access sensitive APIs without a token...

UBUNTU-CVE-2025-38606

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif-ar during beacon miss During beacon miss handling, ath12k driver iterates over active virtual interfaces vifs and attempts to access the radio object ar via arvif-deflink-ar...

CVE-2025-38606 wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif-ar during beacon miss During beacon miss handling, ath12k driver iterates over active virtual interfaces vifs and attempts to access the radio object ar via arvif-deflink-ar...

Linux Distros Unpatched Vulnerability : CVE-2024-21147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions...

Linux Distros Unpatched Vulnerability : CVE-2025-21587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions tha...

Exploit for CVE-2025-7771

CVE-2025-7771 – ThrottleStop.sys Privilege Escalation Vuln...

Linux Distros Unpatched Vulnerability : CVE-2020-28368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xen through 4.14.x allows guest OS administrators to obtain sensitive information such as AES keys from outside the guest via a side-channel attack on a...

Linux Distros Unpatched Vulnerability : CVE-2025-3260

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability...

Cyber Risks to Next-Gen Brain-Computer Interfaces: Analysis and Recommendations

Brain-computer interfaces BCIs show enormous potential for advancing personalized medicine. However, BCIs also introduce new avenues for cyber-attacks or security compromises. In this article, we analyze the problem and make recommendations for device manufacturers to better secure devices and to...

CVE-2025-20135

A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, adjacent attacker to exhaust available memory. This vulnerability is due to improper validation ...

Malicious code in radiant-interfaces (npm)

The package radiant-interfaces was found to contain malicious code...

Malicious code in @augloop/interfaces (npm)

The package @augloop/interfaces was found to contain malicious code...

MAL-2025-7094 Malicious code in @augloop/interfaces (npm)

The package @augloop/interfaces was found to contain malicious code...

MAL-2025-31482 Malicious code in radiant-interfaces (npm)

The package radiant-interfaces was found to contain malicious code...

CVE-2025-20219

A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to send traffic that should have been block...