Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources HR and enterprise resource planning ERP platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts. "The extensions work in concert to...

CVE-2020-7485

VERSION NOT SUPPORTED WHEN ASSIGNED A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1...

EUVD-2024-34462

Malicious code in bioql PyPI...

EUVD-2023-24435

Malicious code in bioql PyPI...

EUVD-2023-43157

Malicious code in bioql PyPI...

EUVD-2023-43149

Malicious code in bioql PyPI...

EUVD-2021-2813

Malicious code in bioql PyPI...

EUVD-2023-36462

Malicious code in bioql PyPI...

CVE-2025-25735

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers PRRs, allowing attackers with software running on the system to modify SPI flash in real-time...

CVE-2025-53111 GLPI exposes data to non-allowed users

GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.0.19...

PT-2025-26827 · Sourcecodester · Sourcecodester Best Pos Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Salon Management System version 1.0 Description: A critical issue was found in the system, affecting the /panel/edit-staff.php file. The manipulation of the editid argument leads to SQL injection. This issue can be exploit...

Access Control Bypass

@keystone-6/core is vulnerable to Access Control Bypass. The vulnerability is due to improper enforcement of isFilterable access controls during update and delete mutations, allowing unauthorized filtering by unique fields to infer protected data...

CVE-2025-30693

...

BIT-JOOMLA-2020-11889

An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of comusers allow the unauthorized deletion of usergroups...

GO-2025-3470 OpenFGA Authorization Bypass in github.com/openfga/openfga

OpenFGA Authorization Bypass in github.com/openfga/openfga...

CVE-2024-37355

Improper access control in some IntelR Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access...

The vulnerability of Schneider Electric EcoStruxure IT Gateway’s software for communicating with controlled devices lies in the absence of authentication procedures, allowing attackers to gain full access to the vulnerable software.

The vulnerability of Schneider Electric EcoStruxure IT Gateway’s software for communicating with controlled devices is related to the absence of an authentication procedure. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full access to the vulnerable...

CSP Tenant Cloud Account Creation Change

...

CGA-RW9W-VQ5X-6FRQ

Bulletin has no description...

CGA-JF7Q-RJM5-7WHG

Bulletin has no description...