Avery had credit card skimmer stuck on its site for months

The consequences of a wave of credit card skimmers—which is normal around the holidays—are starting to show. Label maker Avery has filed a data breach notification, saying 61,193 people may have had their credit card details stolen. On December 9, Avery said it became aware of an attack on its...

BIT-PYTHON-MIN-2023-36632

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed ...

The vulnerability of the Swift Mailer module in the Drupal CMS system, related to the use of dangerous methods or functions, allows attackers to exploit it.

The vulnerability of the Swift Mailer module in the Drupal CMS system is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to execute a spear-phishing attack remotely...

CVE-2024-55894 TYPO3 Cross-Site Request Forgery in Backend User Module

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55924 Cross-Site Request Forgery in Scheduler Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

Description of the security update for Excel 2016: January 14, 2025 (KB5002673)

Description of the security update for Excel 2016: January 14, 2025 KB5002673 Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-21362. Note: To apply this...

Description of the security update for Office 2016: January 14, 2025 (KB5002595)

Description of the security update for Office 2016: January 14, 2025 KB5002595 Summary This security update resolves a Microsoft Office security feature bypass vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-21346. Note: To apply...

Description of the security update for SharePoint Server 2019 Language Pack: January 14, 2025 (KB5002667)

Description of the security update for SharePoint Server 2019 Language Pack: January 14, 2025 KB5002667 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server spoofing vulnerability. To learn more about the...

Description of the security update for Outlook 2016: January 14, 2025 (KB5002656)

Description of the security update for Outlook 2016: January 14, 2025 KB5002656 Summary This security update resolves a Microsoft Outlook remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-21357. Note: To apply...

CVE-2025-23018

IPv4-in-IPv6 and IPv6-in-IPv6 tunneling RFC 2473 do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136...

Siemens Industrial Edge Management

SUMMARY Industrial Edge Management is affected by a reflected cross-site scripting XSS vulnerability that could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. Siemens recommends countermeasures for products where fixes are not, or not yet...

PT-2025-4773 · Jte · Jte

Name of the Vulnerable Software and Affected Versions: jte Java Template Engine versions 3.1.15 and earlier Description: The issue affects Jte HTML templates with script tags or script attributes that include a Javascript template string backticks, making them subject to XSS. The javaScriptBlock...

CISA: STS Scenarios Workshop 1 Scenario 3 Deep Disinformation

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

Trend Micro Managed XDR Analysis of Infection From Fake Installers and Cracks

Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data...

The vulnerability of the String.toLowerCase() and String.toUpperCase() methods in the Spring LDAP project, which simplifies work with LDAP (Lightweight Directory Access Protocol), allows an intruder to gain unauthorized access to protected information.

The vulnerability of the String.toLowerCase and String.toUpperCase methods in the Spring LDAP project, which simplifies the handling of LDAP Lightweight Directory Access Protocol, is related to insufficient registration checks. Exploiting this vulnerability can allow an attacker operating remotel...

Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques

Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems. "The NonEuclid remote access trojan RAT, developed in C, is a highly sophisticated malware offering unauthorised remote access with...

CVE-2025-0306

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. Mitigation See the following possible...

PT-2025-1026

Name of the Vulnerable Software and Affected Versions SonicWall SSL-VPN Gen6 affected versions not specified SonicWall SSL-VPN Gen7 affected versions not specified SonicWall SSL-VPN Gen8 affected versions not specified Description An authentication bypass exists in SonicWall SSL-VPN when integrat...

CVE-2025-21611 tgstation-server's role authorization incorrectly OR'd with user's enabled status

tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...

CVE-2025-21611 tgstation-server's role authorization incorrectly OR'd with user's enabled status

tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...