CVE-2025-15653

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

CVE-2025-15653 Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

CVE-2025-15653

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

CVE-2025-15653

The affected products are Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations. The vulnerability is a local privilege escalation via unprotected USB interfaces that attackers with physical access can exploit to compromise software integrity. Reported impact includes ...

PT-2026-45864

Name of the Vulnerable Software and Affected Versions Dräger Zeus Infinity Empowered Zeus IE affected versions not specified Dräger Zeus RS C500 affected versions not specified Description A local security issue exists in anesthesia workstations that allows unauthorized individuals with physical...

📄 lollms-webui Server-Side Request Forgery

lollms-webui suffers from a server-side request forgery vulnerability. ================================================================================================================================== | Title : lollms-webui SSRF for Cloud Metadata Leakage and Internal Network Pivoting | | Author...

CVE-2026-33510

Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting XSS vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL parameter callbackUrl, which is passed to redirect and router.push. An attacker can craft a malicious...

PT-2026-25914

🚨 CVE-2026-32292: GL-iNet Comet... $30 KVM boxes with zero rate limiting = instant network pivot point for anyone with Hydra and patience. KVMpwn BruteForce NetworkPivot. https://t.co/VKisqb37V7 netsec vulnerability CVE sysadmin zeroday...

awsctf

🌩️ AWS Cloud Security CTF Collection Welcome to the AWS Clo...

New details on TinyTurla’s post-compromise activity reveal full kill chain

Cisco Talos is providing an update on its two recent reports on a new and ongoing campaign where Turla, a Russian espionage group, deployed their TinyTurla-NG TTNG implant. We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures TTPs...

Aiven Ltd: Apache Flink RCE via GET jar/plan API Endpoint

Summary: Aiven has not restricted access to the GET jars/jarid/plan API. This endpoint can be used to load java class files with the specified arguments that are in the java classpath on the server. This can be abused to gain RCE on the Apache Flink Server. Steps To Reproduce: The video below sho...

CVE-2021-30201

CVE-2021-30201 affects Kaseya VSA (on‑premises/server side) where the API /vsaWS/KaseyaWS.asmx processes XML with external entities. The vulnerability arises from insecure handling of XML external entities, allowing an attacker to cause the server to read local files (e.g., c:\kaseya\kserver\kser...

QIWI: Remote Code Execution on contactws.contact-sys.com via SQL injection in TAktifBankObject.GetOrder in parameter DOC_ID

Summary The API interface on https://contactws.contact-sys.com:3456/ accepts a body to interact with the server's AppServ object. Because of insufficient input validation, an attacker can abuse the DOCID parameter on the TAktifBankObject operation GetOrder to inject arbitrary SQL statements into...

SSH Authentication Backdoor Vulnerability in Fortigate Firewalls

FortiGate Fita Firewall is a network firewall product from Fortinet Fita for defense against attacks such as network and malicious code at the network and content layers. Fortigate Firewall has an SSH authentication backdoor vulnerability. FortiGate firewall FortimanagerAccess user's password is...