12 matches found
CVE-2025-59851
HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...
CVE-2023-39171 SENEC Storage Box V1,V2 and V3 accidentially expose a management interface
SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials...
Hyundai Uses Example Keys for Encryption System
This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicles manufacturer had secured its system using keys that were not only publicly known but had been lifted from...
Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability
Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enable...
Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability
Microsoft on Tuesday rolled out security updates to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild. The update, which is the smallest release since December 2019, squashes seven Critical and 37...
Top 30 Critical Security Vulnerabilities Most Exploited by Hackers
Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to swiftly weaponize publicly disclosed flaws to their advantage. "Cyber actors contin...
NSA Releases Advisory on Chinese State-Sponsored Actors Exploiting Publicly Known Vulnerabilities
The National Security Agency NSA has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures CVEs known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable...
Latest Microsoft Updates Patch 4 Critical Flaws In Windows RDP Client
Get your update caps on. Microsoft today released its monthly Patch Tuesday update for September 2019, patching a total of 79 security vulnerabilities in its software, of which 17 are rated critical, 61 as important, and one moderate in severity. Two of the security vulnerabilities patched by the...
Microsoft Patches Actively Exploited Bug as Part of Patch Tuesday
UPDATE Microsoft has patched an elevation-of-privilege vulnerability it said is actively being exploited by hackers. The fix was part of Microsoft’s scheduled September Patch Tuesday release, which also included fixes for two other bugs found being used in the wild, including the zero-day found i...
Dell eDellRoot / DSDTestProvider Root CA Certificates Installed
The remote Windows host is affected by a man-in-the-middle MitM vulnerability due to the installation of a non-authorized root CA certificate into the Windows trusted system certificate store. The private keys for many of these root CAs are publicly known. Furthermore, websites that use specially...
SSL Certificate Signed with the Publicly Known Cyberoam Key
The X.509 certificate of the remote host was signed by a certificate belonging to a Certificate Authority CA found in Cyberoam devices. The private key corresponding to the CA was discovered and publicly disclosed, meaning that the remote host's X.509 certificate cannot be trusted. TRUSTED...
Microsoft plugs gaping holes in IE, Excel, Windows
Microsoft today released its April batch of security patches: 8 bulletins with patches for at least 20 documented holes in popular software products. The most serious of the flaws could lead to remote code execution attacks that give a malicious hacker complete ownership of a vulnerable machine...