CVE-2025-49194

CVE-2025-49194 affects SICK Field Analytics and SICK Media Server. A root cause is support for authentication methods that transmit credentials in cleartext over unencrypted channels, enabling potential credential disclosure if traffic is intercepted. Public documentation from multiple sources co...

Man-In-The-Middle (MITM)

org.postgresql:postgresql is vulnerable to Man-In-The-Middle MITM. The vulnerability is due to improper enforcement of channel-binding requirements in the driver allowing authentication methods that do not support channel binding e.g., password, MD5, GSS, SSPI even when channel binding is set to...

AVEVA PI Web API

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disable content security policy protections. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

PT-2025-25320 · Unknown · Sick Media Server

Name of the Vulnerable Software and Affected Versions: SICK Media Server all versions Description: The server supports authentication methods where credentials are sent in plaintext over unencrypted channels. If an attacker intercepts traffic between a client and this server, the credentials woul...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2025-1677)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method.CVE-2025-272...

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

UBUNTU-CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

Beyond Implementation: Building a Zero Trust Strategy That Works

...

Prompt Attacks Reveal Superficial Knowledge Removal in Unlearning Methods

In this work, we show that some machine unlearning methods may fail when subjected to straightforward prompt attacks. We systematically evaluate eight unlearning techniques across three model families, and employ output-based, logit-based, and probe analysis to determine to what extent supposedly...

GeoServer Infinite Loop Vulnerability in Jiffle process

Summary Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. Details The Jiffle language supports multiple loop constructs that will cause its code block...

Description of the security update for Office 2016: June 10, 2025 (KB5002616)

Description of the security update for Office 2016: June 10, 2025 KB5002616 Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-47167. Note: To apply this...

Description of the security update for Word 2016: June 10, 2025 (KB5002710)

Description of the security update for Word 2016: June 10, 2025 KB5002710 Summary This security update resolves a Microsoft Word remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and Exposures...

Description of the security update for PowerPoint 2016: June 10, 2025 (KB5002689)

Description of the security update for PowerPoint 2016: June 10, 2025 KB5002689 Summary This security update resolves a Microsoft PowerPoint remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-47175. Note: To appl...

Description of the security update for Excel 2016: June 10, 2025 (KB5002735)

Description of the security update for Excel 2016: June 10, 2025 KB5002735 Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-47165. Note: To apply this...

Description of the security update for Office 2016: June 10, 2025 (KB5002730)

Description of the security update for Office 2016: June 10, 2025 KB5002730 Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and Exposures...

Description of the security update for SharePoint Server 2019 Language Pack: June 10, 2025 (KB5002727)

Description of the security update for SharePoint Server 2019 Language Pack: June 10, 2025 KB5002727 Summary This security update resolves a Microsoft Word remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...

MicroDicom DICOM Viewer

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

Schneider Electric Modicon Controllers (Update A)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...