"A vulnerability in the TLS protocol implementation of the Domino server could al

"HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacke

A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthentica

CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run ap

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not prop

A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an un

Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code ex

BIOTRONIK CardioMessenger II, The affected products use individual per-device crede

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive inf

BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multi

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-t

BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual

The Beaker library through 1.11.0 for Python is affected by deserialization of untr

The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote comma

WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.1

Python's elementtree C accelerator failed to initialise Expat's hash salt during in

Remote SQL Injection against the HP Service Manager Software Web Tier, version 9

www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api

The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating

Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation met

xrdp 0.9.1 calls the PAM function auth_start_session()- in an incorrect location, le

The SVG Salamander (aka svgSalamander) library, when used in a web application, allows

An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to

Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR 5.0.0 and 5.0

Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safe

Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing o

Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Impo

Directory traversal vulnerability in web/ajax_pluginconf.-php in the MAGMI (aka Magento

One of the most-read advice columns on this site is a 2018 piece called "Plant Your

We've seen an ugly trend recently of tech news stories and cybersecurity firms tru

The COVID-19 pandemic has made it harder for banks to trace the source of payment

A well-connected Russian hacker once described as “an asset of supreme importance”

The U.S. Justice Department today criminally charged a Canadian and a Northern Irel

Hundreds of thousands of potentially sensitive files from police departments across t

Hundreds of popular websites now offer some form of multi-factor authentication (MFA),

An information technology specialist at the Federal Emergency Management Agency (FEM

"We must care as much about securing our systems as we care about running them if we ar

For the past year, a site called Privnotes.com has been impersonating Privnote.com,

Stories from the SOC is a blog series that describes recent real-world security inc

Introduction Limited budgets, limited staff, limited time. Any security professional wil

This blog was written by an independent guest blogger. Image Source In Part 1 of