EUVD-2021-18095

Malware in sbrugna...

CVE-2025-7770

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID...

Packet Power EMX and EG

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full access to the device without authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimizing...

Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks

Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller BMC software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware. "These new vulnerabilities range in severity from High to Critical,...

Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software

Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller BMC software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings were held back until n...

The vulnerability of the Windows operating system’s Bind Filter Driver allows a hacker to gain unauthorized access to the device.

The vulnerability of the Windows operating system’s Bind Filter Driver arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the device...

Critical Flaws in Popular ICS Platform Can Trigger RCE

Critical flaws in a popular platform used by industrial control systems ICS that allow for unauthorized device access, remote code execution RCE or denial of service DoS could threaten the security of critical infrastructure. OAS—offered by a company of the same name–makes it easy to transfer dat...

The vulnerability of Microsoft Office packages, Microsoft 365 Apps, Microsoft Excel, and Microsoft SharePoint lies in the lack of data protection measures, which allows attackers to gain unauthorized access to devices.

The vulnerabilities of Microsoft Office packages, Microsoft 365 Apps, Microsoft Excel, and Microsoft SharePoint are related to the lack of protection for sensitive data. Exploiting these vulnerabilities can allow attackers to gain unauthorized access to devices...

The vulnerability of the Norton App Lock tool, related to insecure management of privileges, allows a violator to gain unauthorized access to the device.

The vulnerability of the Norton App Lock utility is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious individual to gain unauthorized access to the device...

DUO-PSA-2017-001: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2017-001 Publication Date: 2017-03-14 Revision Date: 2017-03-14 Status: Confirmed, Fixed Document Revision: 1 Overview Duo has identified and fixed an issue in our cloud service which, under certain configurations, could have enabled attackers wh...