Cisco is aware of a potential vulnerability. Cisco is currently investigating and will update these details as appropriate as more information becomes available. More information : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4
An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks. More information : https://github.com/smallstep/certificates/security/advisories/GHSA-h8cp-697h-8c8p
Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device. More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-02
A vulnerability exists in NGINX Ingress Controller’s nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. More information : https://my.f5.com/manage/s/article/K000158176
CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link...
Mattermost versions 10.11.x
Mattermost versions 11.0.x
Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires. More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-04
A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with...
A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient...
Mattermost versions 10.11.x
Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 – and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow...
A “Privilege boundary violation” vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the...
Authorization Bypass Through User-Controlled Key vulnerability in GG Soft Software Services Inc. PaperWork allows Exploitation of Trusted Identifiers.This issue affects PaperWork: from 5.2.0.9427 before 6.0. More information : https://www.usom.gov.tr/bildirim/tr-25-0464