Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2.4465

All vulnerabilities documented in this article were resolved in Veeam Backup & Replication 12.3.2.4465. Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program...

AWS VDP: Bedrock Guardrails Evasion with Prompt Formatting

Description Greetings, my name is ██████ and I am a Director here at NR Labs. We recently completed disclosure of this vulnerability by working with ████ and the AWS Security team. We are submitting this issue to the AWS VDP to create an official record of the issue with AWS in preparation for a...

CVE-2025-23120

Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program VDP for all Veeam products and perform extensive internal code audits. When a vulnerability is...

AWS VDP: Sensitive API Key Leakage

Vulnerability: AWS Sensitive Keys Leakage Details : the AWS Access Key & Secret Key is leaked in a Public GitHub Repository located at : Repository located at : █████████ Steps To Reproduce: Go to : ██████ In the middle of this file you can see the Keys Please see the attached screenshot also...

CVE-2025-23114

Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program VDP for all Veeam products and perform extensive internal code audits. When a vulnerability is...

Vulnerabilities Resolved in Veeam Backup & Replication 12.3

All vulnerabilities documented in this article were resolved in Veeam Backup & Replication 12.3. Veeam Product Latest Version Download Page Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operat...

Veeam Backup Enterprise Manager Vulnerability (CVE-2024-40715)

Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program VDP for all Veeam products and perform extensive internal code audits. When a vulnerability is...

UK PSTI? You’ll need a Vulnerability Disclosure Program!

If you are distributing or selling smart devices in to the UK market, your products will need to be compliant with the UK Product Security and Telecommunications Act. One of the three mandatory areas is that you have a vulnerability disclosure program VDP In the supporting materials for the Act,...

drillmasters.nl Cross Site Scripting vulnerability OBB-3572160

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

utsource.net Cross Site Scripting vulnerability OBB-3254325

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kitahashi.net Cross Site Scripting vulnerability OBB-2706868

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

U.S. Dept Of Defense: ███ ████████ running a vulnerable log4j

Report Description: https://vulners.com/cve/CVE-2021-44228 Impact Probably arbitrary code execution System Hosts ███████ Affected Products and Versions CVE Numbers CVE-2021-44228 Steps to Reproduce 1. Browse to https://██████████/█████████https%3A%2F%2F███%2F 2. Enter a...

acervus.unicamp.br Cross Site Scripting vulnerability OBB-2148284

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Deutsche Börse Prime Standard

Today, Rapid7 released the fourth in our Industry Cyber-Exposure Report ICER series. For those of you who have been following our research over the past few years, you may immediately suspect us of unloading another 100+ page tome of internet-based findings around the internet—but not so fast!...

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): ASX 200

Today, we are excited to release the third report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in Australia’s ASX 200. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and wi...

UN hacked for good as 100K+ employee records accessed

By Deeba Ahmed UN's Vulnerability Disclosure Program Leads to Startling Discovery as Researchers Accessed Private Data of 100,000 UNEP Employees. This is a post from HackRead.com Read the original post: UN hacked for good as 100K+ employee records accessed...

A Vulnerability Disclosure Program is not just a page on a web site

It’s great to see an increasing number of organisations starting down the path of a Vulnerability Disclosure Program or ‘VDP,’ but it increasingly strikes me that these are ‘check box’ exercises rather than a genuine desire to interact positively with researchers and improve security. A VDP is a...

ReVoLTE Attack Allows Hackers to Listen in on Mobile Calls

Researchers have discovered an attack on the Voice over LTE VoLTE mobile communications protocol that can break its encryption and allow attackers to listen in on phone calls. Dubbed ReVoLTE, the attack — detailed by a group of academic researchers from Ruhr University Bochum and New York...

IBM Data Risk Manager Authentication Bypass / Command Injection / File Download Exploit

IBM Data Risk Manager suffers from authentication bypass, command injection, insecure default password, and arbitrary file download vulnerabilities. Multiple Vulnerabilities in IBM Data Risk Manager By Pedro Ribeiro email protected from Agile Information Security Disclosure Date: 21/04/2020 | Las...

GHSA-8W3J-G983-8JH5 Sensitive Data Exposure in parse-server

Versions of parse-server prior to 3.6.0 could allow an account enumeration attack via account linking. ParseError.ACCOUNTALREADYLINKED208 was thrown BEFORE the AuthController checks the password and throws a ParseError.SESSIONMISSING206 for Insufficient auth. An attacker can guess ids and get...