Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution

Impact Using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code, without being authenticated. With the ability to execute arbitrary code, this vulnerability can be exploited in an infinite number of ways. It could be used t...

How to Upgrade the NATS Server Used by Veeam Backup for Microsoft 365

Purpose This article provides information about upgrading the NATS Server used by Veeam Backup for Microsoft 365. NATS Server Version Impact It is recommended that customers use the latest supported version of NATS Server with Veeam Backup for Microsoft 365 to avoid any potential performance...

CVE-2025-49194

The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed...

FreeBSD : PostgreSQL JDBC library -- Improper Authentication (2a220a73-4759-11f0-a44a-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2a220a73-4759-11f0-a44a-6cc21735f730 advisory. PostgreSQL JDBC Driver project reports: Client Allows Fallback to Insecure Authentication Despite...

CVE-2025-49194 Unencrypted communication

The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed...

CVE-2025-49194

CVE-2025-49194 affects SICK Field Analytics and SICK Media Server. A root cause is support for authentication methods that transmit credentials in cleartext over unencrypted channels, enabling potential credential disclosure if traffic is intercepted. Public documentation from multiple sources co...

Man-In-The-Middle (MITM)

org.postgresql:postgresql is vulnerable to Man-In-The-Middle MITM. The vulnerability is due to improper enforcement of channel-binding requirements in the driver allowing authentication methods that do not support channel binding e.g., password, MD5, GSS, SSPI even when channel binding is set to...

AVEVA PI Web API

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disable content security policy protections. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

PT-2025-25320 · Unknown · Sick Media Server

Name of the Vulnerable Software and Affected Versions: SICK Media Server all versions Description: The server supports authentication methods where credentials are sent in plaintext over unencrypted channels. If an attacker intercepts traffic between a client and this server, the credentials woul...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2025-1677)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method.CVE-2025-272...

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

UBUNTU-CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

Beyond Implementation: Building a Zero Trust Strategy That Works

...

Prompt Attacks Reveal Superficial Knowledge Removal in Unlearning Methods

In this work, we show that some machine unlearning methods may fail when subjected to straightforward prompt attacks. We systematically evaluate eight unlearning techniques across three model families, and employ output-based, logit-based, and probe analysis to determine to what extent supposedly...

GeoServer Infinite Loop Vulnerability in Jiffle process

Summary Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. Details The Jiffle language supports multiple loop constructs that will cause its code block...

Description of the security update for Office 2016: June 10, 2025 (KB5002616)

Description of the security update for Office 2016: June 10, 2025 KB5002616 Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-47167. Note: To apply this...

Description of the security update for Word 2016: June 10, 2025 (KB5002710)

Description of the security update for Word 2016: June 10, 2025 KB5002710 Summary This security update resolves a Microsoft Word remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and Exposures...

Description of the security update for PowerPoint 2016: June 10, 2025 (KB5002689)

Description of the security update for PowerPoint 2016: June 10, 2025 KB5002689 Summary This security update resolves a Microsoft PowerPoint remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-47175. Note: To appl...