CVE-2018-25311

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

SENTINELSHIELD-ADVANCED-INTRUSION-DETECTION-WEB-PROTECTION-SYSTEM

No d...

CVE-2025-36192 Missing Authorization with the DS8900F and DS8A00 Hardware Management Console

IBM DS8A00 R10.1 10.10.106.0 and IBM DS8A00 R10.0 10.1.3.010.2.45.0 and IBM DS8900F R9.4 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS...

EUVD-2017-12857

Malware in sbrugna...

EUVD-2017-12873

Malware in sbrugna...

EUVD-2007-4287

Malware in sbrugna...

Hewlett Packard Enterprise StoreOnce 命令注入漏洞

Hewlett Packard Enterprise StoreOnce is a cloud backup data protection system from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise StoreOnce that stems from a command injection that could lead to remote code execution...

CVE-2025-31234

The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory...

XSS Vulnerability in Mingguo Security Gateway of Hangzhou ACE Information Technology Co.

MingGuard Security Gateway is a next-generation security protection system with full-process defense, which is an intelligent gateway integrating traditional firewall, intrusion prevention system, anti-virus gateway, Internet behavior control, VPN gateway, threat intelligence and other security...

AZL-50781 CVE-2024-46870 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable DMCUB timeout for DCN35 Why DMCUB can intermittently take longer than expected to process commands. Old ASIC policy was to continue while logging a diagnostic error - which works fine for ASIC without IPS...

Information Leakage Vulnerability in Data Leakage Protection (DLP) System of Beijing Yisaitong Technology Development Co.

Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. There is an information leakage vulnerability in the Data Leakage Protection DLP system of Beijing Yisetong Technology Development Co., Ltd. that...

Ski & bike helmets protect your head, not location or voice

TL;DR Livall smart ski and bike helmet app leaks the wearers real time position Group audio chat allows snooping on conversations Both issues are due to missing authorisation Bike app affects 1 million users, ski app affects a few thousand users Fixed by the vendor, but after we had to call on a...

ROS-2-136

2.136 Notification on update of the Anti-Malware Protection System "RED OS" No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your...

The vulnerability of the FortiDDoS software-defined security device, which stems from the use of a strictly encrypted cryptographic key, allows attackers to sign JWT tokens for various devices.

The vulnerability of the FortiDDoS software protection system against DDoS attacks is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability allows a malicious actor to sign JWT tokens for various devices remotely...

Siemens SIPROTEC 5 输入验证错误漏洞

SIPROTEC 5 devices offer a range of functions for integrating protection, control, measurement and automation in substations and other applications. An information disclosure vulnerability exists in Siemens SIPROTEC 5, which can be exploited by an attacker to read device information...

The vulnerability of the Security Server server in the antivirus protection system Worry-Free Business Security allows attackers to escalate their privileges and execute arbitrary code.

The vulnerability of the Security Server component of the antivirus protection system, Worry-Free Business Security, is related to deficiencies in access control. Exploiting this vulnerability could allow attackers to enhance their privileges and execute arbitrary code...

The vulnerability of the FortiMail IBE (Identity-Based Encryption) service of the FortiMail email protection system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of FortiMail IBE’s Identity-Based Encryption service in the email protection system is related to errors in the code of the pseudorandom number generator. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected informatio...

Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

Summary The Cybersecurity and Infrastructure Security Agency CISA has consistently observed Chinese Ministry of State Security MSS-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures TTPs to target U.S. Government...

Chinese Government-affiliated Malicious Cyber Actors Targeting U.S. Government Agencies

The Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have issued an advisory about Chinese Ministry of State Security MSS-affiliated cyber threat actors targeting U.S. government agencies. Through the National Cybersecurity Protection System, CISA has...

The vulnerability of the Sn5CrPack and Sn5Crypto cryptographic containers in the Secret Net Studio information protection system, which allows a hacker to trigger a service failure.

The vulnerability of the Sn5CrPack and Sn5Crypto crypto containers in the Secret Net Studio information protection system lies in the ability to directly access the driver without going through the Sn5CryptoApi.dll library, by sending an IOCTL request. Exploiting this vulnerability can allow a...