S3C2 SICP Summit 2025-06: Vulnerability Response Summit

Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing significant damage to businesses and organizations. The US and EU governments and industry are equally interested in enhancing software security, including supply chain and...

EUVD-2021-1987

Malware in sbrugna...

EUVD-2024-41537

Malicious code in bioql PyPI...

CVE-2025-46390

CWE-204: Observable Response Discrepancy...

CVE-2025-5126

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be...

CVE-2022-21659

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...

CVE-2021-21281

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data...

CVE-2020-27891

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Read Reporting Configuration Response message. It crashes in zclHandleExternal...

CVE-2025-4526 Dígitro NGC Explorer Configuration missing password field masking

A vulnerability was identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing password field masking. It is possible to launch the attack remotely. Upgrading to version 3.48.22 is...

PT-2025-14811 · Unknown · Jupyterlab-Git

Name of the Vulnerable Software and Affected Versions: jupyterlab-git versions prior to 0.51.1 Description: The issue arises when a user opens a maliciously named Git repository in jupyterlab-git and clicks "Git Open Git Repository in Terminal" from the menu bar. This action can lead to the...

CVE-2025-26819

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections...

CVE-2024-38397

Transient DOS while parsing probe response and assoc response frame...

PT-2024-8958 · Hewlett Packard · Hp Enterprise Insight Remote Support

Name of the Vulnerable Software and Affected Versions: Hewlett Packard Enterprise Insight Remote Support versions prior to 7.14.0.629 Description: A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution. The issue is related to the...

Enhance existing security workflows with high-fidelity cloud security data from Wiz in ServiceNow

Add Wiz’s cloud and container security context to your organization's ServiceNow CMDB, vulnerability response, and IT service management solutions...

Announcing Microsoft Secure Future Initiative to advance security engineering

Today Microsoft’s Vice Chair and President Brad Smith shared insight on the global cybersecurity landscape and introduced our Secure Future Initiative. These engineering advances anticipate future cyberthreats, such as increasing digital attacks on identity systems. They also address how we will...

Announcing Microsoft Secure Future Initiative to advance security engineering

Today Microsoft’s Vice Chair and President Brad Smith shared insight on the global cybersecurity landscape and introduced our Secure Future Initiative. These engineering advances anticipate future cyberthreats, such as increasing digital attacks on identity systems. They also address how we will...

K16937: OpenSSL vulnerability CVE-2015-1793

Security Advisory Description Description The X509verifycert function in crypto/x509/x509vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints CA values during identification of alternative certificate chains, which allows remote attackers to spoof ...

K9107: OpenSSH vulnerability CVE-2008-1483

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K8602: XSS vulnerability viewing logs from the web management interface

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K16882: OpenLDAP vulnerability CVE-2013-4449

Security Advisory Description Description The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service slapd crash by unbinding immediately after a search request, which triggers rwmconndestroy to free the...