935 matches found
Western Digital MyCloud NAS - Authentication Bypass
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the...
The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
The Gentlemen ransomware-as-a-service RaaS operation is actively developing and maintaining a suite of endpoint detection and response EDR killers that it hands out to affiliates for impairing system defenses before deploying the encryptor. This mature portfolio of EDR-terminating tools is center...
Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia
Evidence of them has been found by analyzing DNA in the seawater. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
Grinex crypto exchange shuts down, blames Western agencies for $13.7M breach
Grinex exchange collapses after $13.7M breach, blames Western spies as Chainalysis flags possible exit scam and sanctions evasion network links claims...
CVE-2025-67979
Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...
CVE-2025-30248
DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path...
CVE-2025-30248
DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path...
CVE-2025-30248
DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path...
CVE-2025-30248
CVE-2025-30248 involves DLL hijacking in the WD Discovery Installer for Western Digital WD Discovery on Windows (version 5.2.730). A local attacker can execute arbitrary code by placing a crafted DLL in the installer’s search path. The relevant connected sources confirm the vulnerable component i...
EUVD-2025-206380
DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path...
CVE-2025-30248
DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path...
Western Digital WD Discovery security vulnerabilities
Western Digital WD Discovery is a comprehensive management desktop software developed by Western Digital Corporation. Version 5.2.730 of Western Digital WD Discovery contains a security vulnerability, which stems from DLL hijacking within the WD Discovery Installer. This vulnerability may allow f...
PT-2026-4833
Name of the Vulnerable Software and Affected Versions Western Digital WD Discovery version 5.2.730 Description A flaw exists in the WD Discovery Installer that allows a local attacker to execute arbitrary code. This is possible through DLL hijacking by placing a crafted DLL in the installer’s...
CVE-2021-33205
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as...
CVE-2021-28653
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware...
CVE-2022-23006
A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another...
CVE-2019-18929
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users including guest accounts to remotely execute arbitrary code via a downloadmgr.cgi stack-based buffer overflow...
CVE-2019-18930
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users including guest account to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and downloadmgr.cgi makes it possible to enter large-sized...
CVE-2019-18931
Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer EIP control via crafted GET/POST parameters...
CVE-2019-11686
Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters such as data encryption keys to remain on the drive media after their intended erasure...