#auth

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Sage series Vulnerabilities: Out-of-bounds Write, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Incorrect Default Permissions, Unchecked Return Value, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise the impacted device, leading to loss of data, loss of operation, or impacts to the performance of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Sage 1410: Versions C3414-500-S02K5_P8 and prior Sage 1430: Versions C3414-500-S02K5_P8 and prior Sage 1450: Versions C3414-500-S02K5_P8 and prior Sage 2400: Versions C3414-500-S02K5_P8 and prior Sage 4400: Versions C3414-500-S02K5_P8 and prior Sage 3030 Magnum: V...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.4 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Trio Q Licensed Data Radio Vulnerabilities: Insecure Storage of Sensitive Information, Initialization of a Resource with an Insecure Default 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access confidential information, compromise the integrity, or affect the availability of the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric Trio Q Licensed Data Radio: Versions prior to 2.7.2 3.2 VULNERABILITY OVERVIEW 3.2.1 INSECURE STORAGE OF SENSITIVE INFORMATION CWE-922 An insecure storage of sensitive information vulnerability exists that could potentially lead to unauthorized access to confidential data when a malicious user with physical access and advanced knowledge of the filesystem sets the radio to factory default mode. CVE-2025-24...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: GX10, GX20, GP10, GP20, GM Data Acquisition System, DX1000, DX2000, DX1000N, FX1000, μR10000, μR20000, MW100, DX1000T, DX2000T, CX1000, CX2000 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate information on the affected products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Yokogawa recorder products are affected: GX10 / GX20 / GP10 / GP20 Paperless Recorders: Versions R5.04.01 and earlier GM Data Acquisition System: Versions R5.05.01 and earlier DX1000 / DX2000 / DX1000N Paperless Recorders: Versions R4.21 and earlier FX1000 Paperless Recorders: Versions R1.31 and earlier μR10000 / μR20000 Chart Recorders: Versions R1.51 and earlier MW100 Data Acquisition Units: All versions DX1000T / DX2000T Paperless Recorders: All versions ...

Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works  Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions.

Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks.

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0. "The vulnerability allows an attacker with network access to an Erlang/OTP SSH

In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/getparameters.php and tests/_network/postparameters.php, reflect any GET or POST parameters, leading to XSS.

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue.

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts).

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.