321 matches found
CVE-2025-21542
...
CVE-2025-21531
CVE-2025-21531 affects Oracle MySQL Server InnoDB. Affected: 8.0.40 and prior, 8.4.3 and prior, 9.1.0 and prior. An attacker with network access via multiple protocols can cause a hang or complete DOS of MySQL Server. CVSS v3.1 base 4.9 (Availability). The provided docs do not specify a fixed pat...
CVE-2025-21521
...
CVE-2025-21503
...
CVE-2025-21490
CVE-2025-21490 affects Oracle MySQL Server (InnoDB) with vulnerable versions including MySQL 8.0.40 and earlier, 8.4.3 and earlier, and 9.1.0 and earlier. Attacker with network access via multiple protocols and high privileges can cause a hang or complete DoS on MySQL Server. Connected advisories...
AI Mistakes Are Very Different from Human Mistakes
Humans make mistakes all the time. All of us do, every day, in tasks both new and routine. Some of our mistakes are minor and some are catastrophic. Mistakes can break trust with our friends, lose the confidence of our bosses, and sometimes be the difference between life and death. Over the...
CVE-2025-21311
CVE-2025-21311 is a Windows NTLMv1 Elevation of Privilege vulnerability. Affected product: Windows NTLM V1. The issue is remotely exploitable over the network with no user interaction required and can lead to a complete compromise of the target (CVSS v3.1: 9.8, Confidentiality, Integrity and Avai...
CVE-2025-21217
CVE-2025-21217 is a Windows NTLM spoofing vulnerability with a CVSS v3.1 base score of 6.5 (Network, low attack complexity, no privileges required, user interaction required; Confidentiality impact: High). Exploitation details, affected products/versions, and a fixed patch are not provided in the...
CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability
...
Paradox Security Systems IPR512 Denial of Service
Paradox Security Systems IPR512 proof of concept denial of service script...
Ongoing Phishing and Malware Campaigns in December 2024
Cyber attackers never stop inventing new ways to compromise their targets. That's why organizations must stay updated on the latest threats. Here's a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you. Zero-day...
CVE-2024-10534
Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems PACS / Access Control Security Systems ACSS allows Traffic Injection.This issue affects Personnel Attendance Control Systems PACS / Access Control Security Systems ACSS: before 2024...
CVE-2024-10534
Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems PACS / Access Control Security Systems ACSS allows Traffic Injection. This issue affects Personnel Attendance Control Systems PACS / Access Control Security Systems ACSS: before 2024...
CVE-2024-10534 Improper Access Control in Dataprom Informatics' PACS-ACSS
Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems PACS / Access Control Security Systems ACSS allows Traffic Injection. This issue affects Personnel Attendance Control Systems PACS / Access Control Security Systems ACSS: before 2024...
CVE-2024-10534 Improper Access Control in Dataprom Informatics' PACS-ACSS
Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems PACS / Access Control Security Systems ACSS allows Traffic Injection. This issue affects Personnel Attendance Control Systems PACS / Access Control Security Systems ACSS: before 2024...
CVE-2024-10534
CVE-2024-10534 affects Dataprom Informatics’ PACS/ACSS products, caused by an origin validation error that enables traffic injection. The vulnerability, described as an improper origin check affecting PACS/ACSS prior to 2024, is documented with high-severity impact (traffic manipulation). Connect...
SIEM is not storage, with Jess Dodson (Lock and Code S05E16)
This week on the Lock and Code podcast… In the world of business cybersecurity, the powerful technology known as "Security Information and Event Management" is sometimes thwarted by the most unexpected actors—the very people setting it up. Security Information and Event Management—or SIEM—is a te...
Paradox IP150 Internet Module 1.40.00 Cross Site Request Forgery
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Paradox IP150 Internet Module Cross-Site Request Forgery Link: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01ParadoxCrossSiteRequestForgery Vulnerability Overview The Paradox IP150 Internet Module in version 1.40.00 i...
kartarkiv.no Improper Access Control vulnerability OBB-3922499
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Bosch Security Systems (CVE-2021-23845)
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from...