CVE-2025-20628 Insufficient granularity of access control for Remote Connector Servers in client mode

An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...

CVE-2025-20628

CVE-2025-20628 affects PingIDM (formerly ForgeRock Identity Management). The issue is an insufficient granularity of access control for remote connector servers (RCS) running in client mode, allowing a spoofed client-mode RCS to intercept or modify an identity’s security-relevant properties (e.g....

Assertain: Automated Security Assertion Generation Using Large Language Models

The increasing complexity of modern system-on-chip designs amplifies hardware security risks and makes manual security property specification a major bottleneck in formal property verification. This paper presents Assertain, an automated framework that integrates RTL design analysis, Common...

CVE-2021-27493

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component...

BASICS: Binary Analysis and Stack Integrity Checker System for Buffer Overflow Mitigation

Cyber-Physical Systems have played an essential role in our daily lives, providing critical services such as power and water, whose operability, availability, and reliability must be ensured. The C programming language, prevalent in CPS development, is crucial for system control where reliability...

EUVD-2021-1922

Malware in sbrugna...

EUVD-2021-14247

Malware in sbrugna...

EUVD-2025-6451

Malicious code in bioql PyPI...

EUVD-2025-24240

Malicious code in bioql PyPI...

EUVD-2024-1053

Malicious code in bioql PyPI...

A Survey and Evaluation Framework for Secure DNS Resolution

Since security was not among the original design goals of the Domain Name System herein called Vanilla DNS, many secure DNS schemes have been proposed to enhance the security and privacy of the DNS resolution process. Some proposed schemes aim to replace the existing DNS infrastructure entirely,...

CVE-2025-40759

A vulnerability has been identified in SIMATIC S7-PLCSIM V17 All versions, SIMATIC STEP 7 V17 All versions V17 Update 9, SIMATIC STEP 7 V18 All versions, SIMATIC STEP 7 V19 All versions V19 Update 4, SIMATIC STEP 7 V20 All versions V20 Update 4, SIMATIC WinCC V17 All versions V17 Update 9, SIMATI...

CVE-2025-40759

A vulnerability has been identified in SIMATIC S7-PLCSIM V17 All versions, SIMATIC STEP 7 V17 All versions V17 Update 9, SIMATIC STEP 7 V18 All versions, SIMATIC STEP 7 V19 All versions V19 Update 4, SIMATIC STEP 7 V20 All versions V20 Update 4, SIMATIC WinCC V17 All versions V17 Update 9, SIMATI...

CVE-2025-40759

CVE-2025-40759 affects a broad set of Siemens products (e.g., SIMATIC STEP 7, SIMATIC S7-PLCSIM, WinCC, SIMOCODE ES, SINAMICS Startdrive, SIRIUS Safety ES, TIA Portal Cloud, SIMOTION SCOUT, etc.). The vulnerability arises from improper sanitization of stored security properties when parsing proje...

LASA: Enhancing SoC Security Verification with LLM-Aided Property Generation

Ensuring the security of modern System-on-Chip SoC designs poses significant challenges due to increasing complexity and distributed assets across the intellectual property IP blocks. Formal property verification FPV provides the capability to model and validate design behaviors through security...

Commitment Schemes for Multi-Party Computation

The paper presents an analysis of Commitment Schemes CSs used in Multi-Party Computation MPC protocols. While the individual properties of CSs and the guarantees offered by MPC have been widely studied in isolation, their interrelation in concrete protocols and applications remains mostly...

CVE-2021-34797

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...

CVE-2025-20177 Cisco IOS XR Software Image Verification Bypass Vulnerability

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the...

CVE-2025-20143 Cisco IOS XR Software Secure Boot Bypass Vulnerability

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges o...

Security Bulletin: IBM JRS (Jazz Reporting Service) uses a web link with untrusted references to an external site.

Summary IBM JRS Jazz Reporting Service uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims' web browser. The web application produces links to untrusted...