CVE-2025-30167

Jupyter Core on Windows (CVE-2025-30167) before 5.8.0 searches the shared %PROGRAMDATA% for configuration files (SYSTEM_CONFIG_PATH and SYSTEM_JUPYTER_PATH), which may let an attacker place files affecting other users. Affected: Jupyter Core components on Windows in multi-user, unprotected %PROGR...

PT-2025-22898 · Tcman · Tcman'S Gim

Name of the Vulnerable Software and Affected Versions: TCMAN's GIM version 11 Description: The issue concerns time-based blind SQL injection vulnerabilities. These vulnerabilities allow an attacker to retrieve, create, update, and delete databases through the ArbolID parameter in the...

PT-2025-20206 · Unknown · Ilmosys Open Close Woocommerce Store

Name of the Vulnerable Software and Affected Versions: ilmosys Open Close WooCommerce Store versions 4.9.5 and earlier Description: The issue is a Path Traversal vulnerability that allows PHP Local File Inclusion. This can be exploited to steal database credentials. There have been no reported...

PT-2025-15697 · Apache · Apache Activemq Artemis

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ Artemis versions 1.5.1 through 2.39.x Description: The issue concerns the insertion of sensitive information into log files. When the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level...

PT-2025-16816 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: A SQL injection vulnerability has been identified in the affected application through the internally used UpdateTcmSettings method. This could allow an authenticated remote...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

MAL-2023-8140 Malicious code in hardhat-gas-tracer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca926144035df7a8d332e6904ed879e15a43427f301b5b1849c40e2b82dfda07 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Data Distribution Service: An Overview Part 1

In this three-part blog series, we’ll look into Data Distribution Service, why it is critical, and how you can mitigate risks associated with it...

Guardicore Threat Intelligence Helps Cybersecurity Community Research Attacks and Mitigate Risks

This post discusses how Guardicore Labs helps Guardicore customers and the security community enhance their security posture...

Apple Releases OS X Mavericks v10.9

Apple has released OS X Mavericks v10.9 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to bypass security restrictions, cause a denial-of-service condition, or execute arbitrary code. US-CERT encourages users and administrators to review Apple Support...

Cisco Releases Security Advisories

Cisco has released three security advisories to address vulnerabilities affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco Unified Computing System. These vulnerabilities may allow an attacker to bypass authentication controls, execute arbitrary code, obtain sensitive...

Cisco Releases Security Advisory for WebEx Player

Cisco has released a security advisory to address multiple vulnerabilities in the Cisco WebEx Player. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Cisco Security Advisory...

Cisco Releases Two Security Advisories

Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions. US-CERT encourages users and administrators to review Cisco...

Apache HTTP Server Reverse Proxy Bypass

The Apache Foundation has issued a Security Advisory to address a vulnerability in Apache HTTP Server's reverse proxy mode. Exploitation of this vulnerability may allow a remote attacker to gain access to internal systems. US-CERT encourages users and administrators to review the Apache HTTP Serv...

Cisco Releases Security Advisory for Identity Services Engine

Cisco has released a security advisory to address a vulnerability in Cisco Identity Services Engine. Exploitation of this vulnerability may allow a remote attacker to gain complete administrative control of the device. US-CERT encourages users and administrators to review Cisco Security Advisory...

Google Releases Chrome 12.0.742.112

Google released Chrome 12.0.742.112 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. This update also contains an updated version of Adobe Flash. US-CERT encourages users and...

Adobe Releases Security Bulletin for Critical Vulnerabilities in Shockwave Player

Adobe has released security bulletin APSB11-17 to alert users of critical vulnerabilities in Adobe Shockwave Player 11.5.9.620 and earlier versions on the Windows and Macintosh operating systems. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT...

Fraudulent SSL Certificates

US-CERT is aware of public reports of the existence of fraudulent SSL certificates. These fraudulent SSL certificates could be used by an attacker to masquerade as a trusted website. Multiple web browser vendors have provided updates to recognize and block these fraudulent SSL certificates. Mozil...

BlackBerry WebKit Browser Engine Vulnerability

Research In Motion has released a security notice to alert users of a vulnerability affecting the WebKit browser engine provided in BlackBerry Device Software versions 6.0 and later. By convincing a user to browse to specially crafted website, a remote attacker may be able to execute arbitrary...

Oracle Releases Critical Patch Update for Java SE and Java for Business

Oracle has released a Critical Patch Update for Java SE and Java for Business. This update addresses multiple vulnerabilities and contains 21 security fixes. US-CERT encourages users and administrators to review the Oracle Java SE and Java for Business Critical Patch Update Advisory for February...