Monthly
UDP Console in Arcserve allows information disclosure when an administrator configures the activation server hostname to an arbitrary or malicious URL, causing the product to unintentionally communicate with and leak data to the attacker-controlled domain. The vulnerability requires user interaction (configuring a malicious hostname) and affects all versions of Arcserve UDP Console, with CVSS 6.3 (network-accessible, low complexity) indicating moderate real-world risk. No active exploitation or public proof-of-concept has been identified at the time of analysis.
GPS spoofing vulnerability in JXL 9 Inch Car Android Double Din Player (Android 12.0) allows unauthenticated remote attackers to inject falsified GPS signals that the infotainment system accepts as legitimate, forcing incorrect or static location reporting. Exploitation requires no user interaction and achieves high integrity and availability impact through manipulation of navigation data. No public exploit identified at time of analysis. CVSS 9.1 reflects network-accessible attack vector with low complexity.
Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
UDP Console in Arcserve allows information disclosure when an administrator configures the activation server hostname to an arbitrary or malicious URL, causing the product to unintentionally communicate with and leak data to the attacker-controlled domain. The vulnerability requires user interaction (configuring a malicious hostname) and affects all versions of Arcserve UDP Console, with CVSS 6.3 (network-accessible, low complexity) indicating moderate real-world risk. No active exploitation or public proof-of-concept has been identified at the time of analysis.
GPS spoofing vulnerability in JXL 9 Inch Car Android Double Din Player (Android 12.0) allows unauthenticated remote attackers to inject falsified GPS signals that the infotainment system accepts as legitimate, forcing incorrect or static location reporting. Exploitation requires no user interaction and achieves high integrity and availability impact through manipulation of navigation data. No public exploit identified at time of analysis. CVSS 9.1 reflects network-accessible attack vector with low complexity.
Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.