#web

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: FX80 and FX90 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise the device's configuration files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Johnson Controls products are affected: FX80: FX 14.10.10 FX80: FX 14.14.1 FX90: FX 14.10.10 FX90: FX 14.14.1 3.2 VULNERABILITY OVERVIEW 3.2.1 DEPENDENCY ON VULNERABLE THIRD-PARTY COMPONENT CWE-1395 The affected product is vulnerable to a vulnerable third-party component, which could allow an attacker to compromise device configuration files. CVE-2025-43867 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2025-43867. A base score o...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAView Vulnerability: Improper Limitation of a Pathname to a Restricted Directory 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to read or write files on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Delta Electronics reports the following versions of DIAView industrial automation management system for providing real-time system control are affected: DIAView: Versions 4.2.0.0 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Limitation of a Pathname to a Restricted Directory CWE-22 Delta Electronics DIAView is vulnerable to a path traversal vulnerability, which may allow an attacker to read or write files remotely on the system. CVE-2025-53417 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/...

TeaOnHer turns out to be at least as leaky as its female counterpart, Tea Dating Advice app.

A jury has ruled that Meta accessed sensitive information from women's reproductive health tracking app Flo without consent.

Python is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn’t write. But in 2025, that trust comes with a serious risk. Every few weeks, we’re seeing fresh headlines about malicious packages uploaded to the Python Package Index (PyPI)—many going undetected until after they’ve caused

Security researchers found a weakness in OpenAI’s Connectors, which let you hook up ChatGPT to other services, that allowed them to extract data from a Google Drive without any user interaction.

A SecAlliance report reveals Chinese smishing syndicates compromised 115M US payment cards by bypassing MFA to exploit Apple Pay and Google Wallet.

Recent developments and an escalating trade war have made travel to cities like Beijing challenging but by no means impossible.

For likely the first time ever, security researchers have shown how AI can be hacked to create real world havoc, allowing them to turn off lights, open smart shutters, and more.

Perplexity ignores robots.txt files on websites that say they do no want to be crawled.