CVE-2025-40841

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery CSRF vulnerability which, if exploited, can lead to unauthorized modification of certain information...

When APIs Become Attack Paths: What the Q3 2025 ThreatStats Report Tells Us

Wallarm’s latest Q3 2025 API ThreatStats report link placeholder reveals that API vulnerabilities, exploits, and breaches are not just increasing; they’re evolving. Malicious actors are shifting from code-level weaknesses to business logic flaws, from web apps to partner integrations, and from RE...

CVE-2025-61622

creationtimestamp| type| source ---|---|--- 2025-09-29 12:21:59+00:00| seen| https://seclists.org/oss-sec/2025/q3/229 2025-09-29 14:56:49+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lzybg6twzd2o 2025-10-01 11:24:40+00:00| seen|...

GHSA-H4M4-XP33-37MJ Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...

CVE-2025-55674

creationtimestamp| type| source ---|---|--- 2025-08-14 11:09:23+00:00| seen| https://seclists.org/oss-sec/2025/q3/107 2025-08-14 13:30:43+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lweh5v4hus2o 2025-08-14 15:02:16+00:00| seen|...

PT-2025-43668

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 146 Firefox ESR versions prior to 115.31 Firefox ESR versions prior to 140.6 Description A sandbox escape exists because of incorrect boundary conditions within the Graphics: CanvasWebGL component. Real-world attacks...

CVE-2024-7292

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, a credential stuffing attack is possible through improper restriction of excessive login attempts...

PT-2024-38241 · Progress · Progress Telerik Report Server

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q3 10.2.24.806 Description: A credential stuffing attack is possible through improper restriction of excessive login attempts. This issue allows attackers to attempt multiple logins...

PT-2024-38242 · Progress · Telerik Report Server

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q3 10.2.24.806 Description: A password brute forcing attack is possible through weak password requirements. Recommendations: For versions prior to 2024 Q3 10.2.24.806, update to version...

Progress Software Telerik Reporting 命令注入漏洞

Progress Software Telerik Reporting is a .NET/.NET Framework embedded reporting tool from Progress Software, Inc. A command injection vulnerability exists in versions prior to Progress Software Telerik Reporting 2024 Q3 2024.3.924 that stems from improper neutralization of hyperlinked elements...

Progress Software Telerik Reporting 安全漏洞

Progress Software Telerik Reporting is a .NET/.NET Framework embedded reporting tool from Progress Software, USA. A security vulnerability exists in versions prior to Progress Software Telerik Reporting 2024 Q3 18.2.24.924. An attacker can exploit the vulnerability to execute arbitrary code...

VulnCheck KEV: CVE-2024-8316

In Progress Telerik UI for WPF versions prior to 2024 Q3 2024.3.924, a code execution attack is possible through an insecure deserialization vulnerability...

Floorsight Insights Security Breaches

Floorsight Software Floorsight Insights is an application from Floorsight Software, Inc. A security vulnerability exists in Floorsight Insights Q3 2023. A remote attacker could view sensitive customer information by exploiting the vulnerability...

PT-2023-29750 · Unknown · Floorsight Insights

Name of the Vulnerable Software and Affected Versions: Floorsight Insights version Q3 2023 Description: An issue in the Order and Invoice pages allows an unauthenticated remote attacker to view sensitive customer information. Recommendations: For Floorsight Insights version Q3 2023, consider...

NI System Configuration Buffer Error Vulnerability

NI System Configuration is a hardware configuration utility program from NI System, Inc. It helps you view and configure the devices connected to your system. A security vulnerability exists in NI System Configuration 2023 Q3 23.5. and prior versions, which can be exploited by an attacker to caus...

SugarCRM Cross-Site Scripting Vulnerability (CNVD-2020-46296)

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. A cross-site...

Over 12,000 Google Users Hit by Government Hackers in 3rd Quarter of 2019

As part of its active efforts to protect billions of online users, Google identified and warned over 12,000 of its users who were targeted by a government-backed hacking attempt in the third quarter of this year. According to a report published by Google's Threat Analysis Group TAG, more than 90...

DDoS Attacks in Q3 2018

News Overview The third quarter 2018 turned out relatively quiet in terms of DDoS attacks. "Relatively" because there were not very many high-level multi-day DDoS onslaughts on major resources. However, the capacities employed by cybercriminals keep growing year after year, while the total number...

Sharp rise in Android Malwares in Third Quarter of 2012

Mobile industry watchers have long known that Android is under attack. The number of high risk and dangerous apps targeting Android users jumped from 30,000 in June to 175,000 in September, Trend Micro said in its third quarter security roundup. While some apps are clearly criminal - such as thos...