Monthly
Denial of service in GnuTLS affects the Datagram Transport Layer Security (DTLS) packet reordering logic, where the comparator function fails to correctly handle packets with duplicate sequence numbers. Remote unauthenticated attackers can send specially crafted DTLS packet sequences to trigger unstable ordering or undefined behavior, causing service disruption. No public exploit identified at time of analysis, and the issue is rated CVSS 7.5 (High) for availability impact only.
An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.
Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets that enables remote code execution (RCE) on affected systems. This vulnerability affects Trend Micro Apex Central installations below version 8.0.6955 and requires an authenticated attacker with low privileges to exploit. The vulnerability combines LFI with RCE capabilities, representing a significant threat to organizations using vulnerable Apex Central deployments.
A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Denial of service in GnuTLS affects the Datagram Transport Layer Security (DTLS) packet reordering logic, where the comparator function fails to correctly handle packets with duplicate sequence numbers. Remote unauthenticated attackers can send specially crafted DTLS packet sequences to trigger unstable ordering or undefined behavior, causing service disruption. No public exploit identified at time of analysis, and the issue is rated CVSS 7.5 (High) for availability impact only.
An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.
Local File Inclusion (LFI) vulnerability in Trend Micro Apex Central widgets that enables remote code execution (RCE) on affected systems. This vulnerability affects Trend Micro Apex Central installations below version 8.0.6955 and requires an authenticated attacker with low privileges to exploit. The vulnerability combines LFI with RCE capabilities, representing a significant threat to organizations using vulnerable Apex Central deployments.
A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.