Why Outdated Maintenance Software Is a Growing Ransomware Risk

Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers...

CVE-2026-1267

IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls...

Common Cloud Migration Security Mistakes (and How to Avoid Them)

Common cloud migration security mistakes explained, from weak access controls to misconfigurations, plus practical steps organisations can take to avoid risk...

WordPress plugin Bit Assist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-64064

Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...

EUVD-2025-199638

Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...

Inside an Automotive Giant’s Data Leak — A Cloud Misconfiguration Lesson for AWS Users

70 TB+ of data, hard-coded keys, and weak IAM controls. For even the most experienced enterprises, one configuration decision can be enough to surface how interdependent and vulnerable modern cloud systems truly are. The recent data exposure incident at a large automotive firm highlights this...

EUVD-2025-36150

The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections...

PT-2025-43924

Name of the Vulnerable Software and Affected Versions versions prior to 2025 Description The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access, increasing the risk of unauthorised connections...

EUVD-2015-7861

Malware in sbrugna...

PT-2025-35755

Name of the Vulnerable Software and Affected Versions: yydevelopment Mobile Contact Line versions through 2.4.0 Description: A missing authorization issue exists in yydevelopment Mobile Contact Line due to incorrectly configured access control security levels. Recommendations: Update yydevelopmen...

CVE-2023-42481

In SAP Commerce Cloud - versions HYCOM 1905, HYCOM 2005, HYCOM2105, HYCOM 2011, HYCOM 2205, COMCLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, d...

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to insufficient enforcement of access restrictions on all backend routes. An attacker can bypass the multifactor authentication MFA dialog presented during backend login by...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access controls, despite not having the required permissions for Compliance Monitoring. Remediation...

CVE-2025-0066

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform Internet Communication Framework allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application...

CVE-2025-0066 Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform Internet Communication Framework allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application...

CVE-2025-0066 Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform Internet Communication Framework allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application...

The vulnerability of the mptcp component in Linux kernel, which allows a hacker to cause a service failure

The vulnerability of the mptcp component in Linux operating systems is related to inadequate access restrictions. Exploiting this vulnerability can allow attackers to cause service failures...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through the GraphCypherQAChain class. An attacker can manipulate, delete, or create data, disrupt services, and compromise database integrity by injecting malicious SQL commands into prompts. Note: This vulnerability impac...

PT-2024-13009 · Kiloview · P1/P2 +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to execute commands without authentication, potentially...