A Misconfiguration That Haunts Corporate Streaming Platforms Could Expose Sensitive Data

A security researcher discovered that flawed API configurations are plaguing corporate livestreaming platforms, potentially exposing internal company meetings—and he's releasing a tool to find them...

PT-2025-32370 · Unknown · Registered Product

Name of the Vulnerable Software and Affected Versions: versions prior to April 6, 2025 Description: The product does not limit the number of attempts for entering the correct PIN for a registered product, potentially allowing an attacker to gain unauthorized access using brute-force methods if th...

Mobile Industrial Robots MiR Robots 安全漏洞

Mobile Industrial Robots MiR Robots is an autonomous mobile robot from Mobile Industrial Robots, Denmark. A security vulnerability exists in Mobile Industrial Robots MiR Robots versions prior to 3.0.0, which stems from a path traversal issue in the API endpoint that could lead to file extraction...

Linux Distros Unpatched Vulnerability : CVE-2019-12473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in...

CVE-2025-44779

An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull...

Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak

Summary Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

CVE-2025-21461

Memory corruption when programming registers through virtual CDM...

Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A buffer error vulnerability exists in Qualcomm Chipsets, which stems from the possibility of memory corruption through virtual CDM programming registers...

Moderate: python-requests security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ROS-20250806-13

Golang programming language vulnerability is related to improper input validation. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the crypto-elliptic component of the Golang programming language is related to the...

CVE-2025-51060

An issue was discovered in CPUID cpuz.sys 1.0.5.4. An attacker can use DeviceIoControl with the unvalidated parameters 0x9C402440 and 0x9C402444 as IoControlCodes to perform RDMSR and WRMSR, respectively. Through this process, the attacker can modify MSRLSTAR and hook KiSystemCall64. Afterward,...

CVE-2025-54956

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...

PT-2025-31967 · Cpuz.Sys · Cpuz.Sys

Name of the Vulnerable Software and Affected Versions: cpuz.sys version 1.0.5.4 Description: An attacker can use DeviceIoControl with unvalidated parameters 0x9C402440 and 0x9C402444 as IoControlCodes to perform RDMSR and WRMSR, respectively. This allows modification of MSR LSTAR and hooking of...

CVE-2025-51060

CVE-2025-51060 affects CPUID cpuz.sys 1.0.5.4. The advisory describes unvalidated DeviceIoControl IOCTLs (0x9C402440 for RDMSR and 0x9C402444 for WRMSR) that let an attacker read/write MSR_LSTAR and overwrite KiSystemCall64. This enables a kernel-mode ROP chain that disables SMEP by modifying CR4...

CLSA-2025-1754341122 java-1.8.0-openjdk: Fix of 4 CVEs

Update to shenandoah-jdk8u462-b08 GA - Security fixes from OpenJDK 8u462-b08: - CVE-2025-30749: fix 2D vulnerability allowing remote attackers to compromise JVM via network access - CVE-2025-30754: fix JSSE vulnerability allowing unauthorized data access via TLS connections - CVE-2025-30761: fix...

CVE-2025-54956

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...

CVE-2025-54132

Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...

CVE-2025-54136 Cursor's Modification of MCP Server Definitions Bypasses Manual Re-approvals

Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a...

PT-2025-31700

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 1.3 Description Cursor is a code editor built for programming with AI. Versions prior to 1.3 allow embedding images through Mermaid, a diagram rendering tool. This can be exploited to exfiltrate sensitive information t...

PT-2025-31699 · Cursor · Cursor

Name of the Vulnerable Software and Affected Versions: Cursor versions prior to 1.3 Description: Cursor, a code editor built for programming with AI, allows an attacker to bypass the allow list in auto-run mode using a backtick or $cmd. This bypass enables arbitrary command execution outside of t...