<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Vulnerability Disclosure &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/vulnerability-disclosure/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Tue, 09 Dec 2025 15:31:59 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)</title>
		<link>https://noise.getoto.net/2025/12/09/cve-2025-10573-ivanti-epm-unauthenticated-stored-cross-site-scripting-fixed/</link>
		
		<dc:creator><![CDATA[Ryan Emmons]]></dc:creator>
		<pubDate>Tue, 09 Dec 2025 15:31:59 +0000</pubDate>
				<category><![CDATA[research]]></category>
		<category><![CDATA[Vulnerability Disclosure]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=970a4434c0a7db70ae8ef2038bde99c3</guid>

					<description><![CDATA[Ivanti Endpoint Manager (“EPM”) versions 2024 SU4 and below are vulnerable to stored cross-site scripting (“XSS”). The vulnerability, tracked as CVE-2025-10573 and assigned a CVSS score of 9.6, was patched on December 9, 2025 with the release of Ivanti...]]></description>
		
		
		<enclosure url="https://images.contentstack.io/v3/assets/blte4f029e766e6b253/blt65a432ba319f4043/6846abddaf18306debe6cf4d/ETR.webp" length="0" type="" />

			</item>
		<item>
		<title>CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)</title>
		<link>https://noise.getoto.net/2025/11/19/cve-2025-13315-cve-2025-13316-critical-twonky-server-authentication-bypass-not-fixed/</link>
		
		<dc:creator><![CDATA[Ryan Emmons]]></dc:creator>
		<pubDate>Wed, 19 Nov 2025 17:30:41 +0000</pubDate>
				<category><![CDATA[research]]></category>
		<category><![CDATA[Vulnerability Disclosure]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=4d2e29fd9db2cdc97524d0f7a864f6fc</guid>

					<description><![CDATA[OverviewTwonky Server version 8.5.2 is susceptible to two vulnerabilities that facilitate administrator authentication bypass on Linux and Windows. An unauthenticated attacker can improperly access a privileged web API endpoint to leak application logs...]]></description>
		
		
		<enclosure url="https://images.contentstack.io/v3/assets/blte4f029e766e6b253/blt1de2821d1eac3ffb/683ddc6570aa95f50bfe2f13/vuln-disclosure-banner.jpeg" length="0" type="" />

			</item>
		<item>
		<title>CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)</title>
		<link>https://noise.getoto.net/2025/05/29/cve-2025-48045-cve-2025-48046-cve-2025-48047-mici-netfax-server-product-vulnerabilities-not-fixed/</link>
		
		<dc:creator><![CDATA[Anna Katarina Quinn]]></dc:creator>
		<pubDate>Thu, 29 May 2025 12:00:00 +0000</pubDate>
				<category><![CDATA[Labs]]></category>
		<category><![CDATA[research]]></category>
		<category><![CDATA[Vulnerability Disclosure]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=b91052f6c07b6c559e40e7b7fb0fe94c</guid>

					<description><![CDATA[Over a penetration testing engagement, Rapid7 discovered 3 vulnerabilities in MICI Network Co., Ltd’s NetFax server allowing for an authenticated attack chain resulting in Remote Code Execution (RCE) against the device as the root user.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2025/05/vuln-disclosure-banner--1-.jpeg" length="0" type="" />

			</item>
		<item>
		<title>Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)</title>
		<link>https://noise.getoto.net/2025/05/07/multiple-vulnerabilities-in-sonicwall-sma-100-series-fixed/</link>
		
		<dc:creator><![CDATA[Ryan Emmons]]></dc:creator>
		<pubDate>Wed, 07 May 2025 20:18:06 +0000</pubDate>
				<category><![CDATA[research]]></category>
		<category><![CDATA[Vulnerability Disclosure]]></category>
		<category><![CDATA[Vulnerability management]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=377230f024bbf3b223a0859d375c98a2</guid>

					<description><![CDATA[Rapid7 is disclosing three new vulnerabilities in SonicWall SMA 100 series appliances (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821). An attacker with access to an SMA SSLVPN user account can chain these vulnerabilities for root-level code execution.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2025/05/vuln-disclosure-banner.jpeg" length="0" type="" />

			</item>
		<item>
		<title>Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)</title>
		<link>https://noise.getoto.net/2025/02/14/xerox-versalink-c7025-multifunction-printer-pass-back-attack-vulnerabilities-fixed/</link>
		
		<dc:creator><![CDATA[Deral Heiland]]></dc:creator>
		<pubDate>Fri, 14 Feb 2025 14:00:00 +0000</pubDate>
				<category><![CDATA[Vulnerability Disclosure]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=3e3c929c3d309153178e5294e4e601bd</guid>

					<description><![CDATA[During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers (MFPs) were vulnerable to pass-back attacks.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2025/02/vuln-disclosure-banner-1.jpeg" length="0" type="" />

			</item>
		<item>
		<title>CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)</title>
		<link>https://noise.getoto.net/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/</link>
		
		<dc:creator><![CDATA[Stephen Fewer]]></dc:creator>
		<pubDate>Thu, 13 Feb 2025 15:07:10 +0000</pubDate>
				<category><![CDATA[research]]></category>
		<category><![CDATA[Vulnerability Disclosure]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=af696ea0bf3ccd1f6e260d613c779304</guid>

					<description><![CDATA[Rapid7 discovered and is disclosing CVE-2025-1094, a high-severity SQL injection vulnerability affecting the PostgreSQL interactive tool psql.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2025/02/vuln-disclosure-banner.jpeg" length="0" type="" />

			</item>
		<item>
		<title>Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)</title>
		<link>https://noise.getoto.net/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/</link>
		
		<dc:creator><![CDATA[Stephen Fewer]]></dc:creator>
		<pubDate>Tue, 03 Dec 2024 20:00:00 +0000</pubDate>
				<category><![CDATA[IOT]]></category>
		<category><![CDATA[Vulnerability Disclosure]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=e8728ec128b0776821852a8e806403cd</guid>

					<description><![CDATA[The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. As of December 3, 2024, we are disclosing these issues publicly in coordination with the vendor.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/12/GettyImages-2185437206.jpg" length="0" type="" />

			</item>
		<item>
		<title>Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)</title>
		<link>https://noise.getoto.net/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/</link>
		
		<dc:creator><![CDATA[Ryan Emmons]]></dc:creator>
		<pubDate>Wed, 20 Nov 2024 16:42:05 +0000</pubDate>
				<category><![CDATA[research]]></category>
		<category><![CDATA[Vulnerability Disclosure]]></category>
		<category><![CDATA[Vulnerability management]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=d31867e3f9d146e14ef4620fe7876b67</guid>

					<description><![CDATA[Rapid7 is disclosing multiple vulnerabilities in Wowza Streaming Engine below v4.9.1. These vulnerabilities are tracked as CVE-2024-52052, CVE-2024-52053, CVE-2024-52054, CVE-2024-52055, and CVE-2024-52056. They are patched as of Wowza Streaming Engine v4.9.1.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/11/vuln-disclosure-banner.jpeg" length="0" type="" />

			</item>
		<item>
		<title>CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)</title>
		<link>https://noise.getoto.net/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/</link>
		
		<dc:creator><![CDATA[Ryan Emmons]]></dc:creator>
		<pubDate>Thu, 05 Sep 2024 14:54:31 +0000</pubDate>
				<category><![CDATA[Vulnerability Disclosure]]></category>
		<category><![CDATA[Vulnerability management]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=c945e2cf50d0c5a2186995d52f2424c8</guid>

					<description><![CDATA[Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution (CVE-2024-45195) on Linux and Windows. Exploitation is facilitated by bypassing previous patches.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/09/vuln-disclosure-banner.jpeg" length="0" type="" />

			</item>
		<item>
		<title>CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery</title>
		<link>https://noise.getoto.net/2024/07/26/cve-2024-6922-automation-anywhere-automation-360-server-side-request-forgery/</link>
		
		<dc:creator><![CDATA[Ryan Emmons]]></dc:creator>
		<pubDate>Fri, 26 Jul 2024 13:05:00 +0000</pubDate>
				<category><![CDATA[Vulnerability Disclosure]]></category>
		<category><![CDATA[Vulnerability management]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=bc21cacd8e41b8e83b7e47bc26750b55</guid>

					<description><![CDATA[Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery (SSRF).]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/07/emergent-threat-banner-1.jpeg" length="0" type="" />

			</item>
		<item>
		<title>CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)</title>
		<link>https://noise.getoto.net/2024/03/04/cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/</link>
		
		<dc:creator><![CDATA[Rapid7]]></dc:creator>
		<pubDate>Mon, 04 Mar 2024 19:17:01 +0000</pubDate>
				<category><![CDATA[Emergent Threat Response]]></category>
		<category><![CDATA[research]]></category>
		<category><![CDATA[Vulnerability Disclosure]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=01c1a906c4dae1b8235641b1d338cb65</guid>

					<description><![CDATA[Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 and CVE-2024-27199, both of which are authentication bypasses.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/03/emergent-threat-banner-1-1-1.jpeg" length="0" type="" />

			</item>
		<item>
		<title>CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)</title>
		<link>https://noise.getoto.net/2024/02/13/cve-2023-47218-qnap-qts-and-quts-hero-unauthenticated-command-injection-fixed/</link>
		
		<dc:creator><![CDATA[Stephen Fewer]]></dc:creator>
		<pubDate>Tue, 13 Feb 2024 16:00:00 +0000</pubDate>
				<category><![CDATA[Vulnerability Disclosure]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=aeeb93164ec083eacf5d397df0159cb6</guid>

					<description><![CDATA[Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS, a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage (NAS) devices.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2024/02/emergent-threat-banner-1-1.jpeg" length="0" type="" />

			</item>
		<item>
		<title>CVE-2023-5950 Rapid7 Velociraptor Reflected XSS</title>
		<link>https://noise.getoto.net/2023/11/10/cve-2023-5950-rapid7-velociraptor-reflected-xss/</link>
		
		<dc:creator><![CDATA[Dr. Mike Cohen]]></dc:creator>
		<pubDate>Fri, 10 Nov 2023 18:56:15 +0000</pubDate>
				<category><![CDATA[Velociraptor]]></category>
		<category><![CDATA[Vulnerability Disclosure]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=2c23d3c28b46dd6010745cf0b9bdbdac</guid>

					<description><![CDATA[This advisory covers a specific issue identified in Velociraptor and disclosed by a security code review. Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/11/velociraptor-hero-copy.jpg" length="0" type="" />

			</item>
		<item>
		<title>Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]</title>
		<link>https://noise.getoto.net/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/</link>
		
		<dc:creator><![CDATA[Ron Bowes]]></dc:creator>
		<pubDate>Mon, 16 Oct 2023 15:00:00 +0000</pubDate>
				<category><![CDATA[Vulnerability Disclosure]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=4f77c17949c3035ff869db150cb8ad9e</guid>

					<description><![CDATA[As part of our continuing research project into managed file transfer risk, including JSCAPE MFT and Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT and Titan SFTP servers.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/10/vuln-disclosure-banner.jpeg" length="0" type="" />

			</item>
		<item>
		<title>CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)</title>
		<link>https://noise.getoto.net/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/</link>
		
		<dc:creator><![CDATA[Ron Bowes]]></dc:creator>
		<pubDate>Thu, 07 Sep 2023 15:05:00 +0000</pubDate>
				<category><![CDATA[Vulnerability Disclosure]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=3a9ab68d91ebd00bb3578197f859ddc2</guid>

					<description><![CDATA[In August 2023, Rapid7 discovered CVE-2023-4528, a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. Successful exploitation can run arbitrary Java code as the `root` on Linux or the `SYSTEM` user on Windows.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/09/vuln-disclosure-banner.jpeg" length="0" type="" />

			</item>
		<item>
		<title>CVE-2023-35082 &#8211; MobileIron Core Unauthenticated API Access Vulnerability</title>
		<link>https://noise.getoto.net/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/</link>
		
		<dc:creator><![CDATA[Stephen Fewer]]></dc:creator>
		<pubDate>Wed, 02 Aug 2023 16:05:47 +0000</pubDate>
				<category><![CDATA[Vulnerability Disclosure]]></category>
		<category><![CDATA[Vulnerability management]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=6627626deb31105fbf3bab7f61aa0610</guid>

					<description><![CDATA[Rapid7 discovered a new vulnerability that allows unauthenticated attackers to access the API in unsupported versions of MobileIron Core (11.2 and below).]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/08/GettyImages-1185282377-2-2-1.jpg" length="0" type="" />

			</item>
		<item>
		<title>CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED]</title>
		<link>https://noise.getoto.net/2023/07/19/cve-2023-38205-adobe-coldfusion-access-control-bypass-fixed/</link>
		
		<dc:creator><![CDATA[Stephen Fewer]]></dc:creator>
		<pubDate>Wed, 19 Jul 2023 17:25:06 +0000</pubDate>
				<category><![CDATA[Vulnerability Disclosure]]></category>
		<category><![CDATA[Vulnerability management]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=299c5c38fa4b37fea494e775f2106602</guid>

					<description><![CDATA[Rapid7 discovered that the initial patch for CVE-2023-29298 (Adobe ColdFusion access control bypass vulnerability) did not successfully remediate the issue.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/07/GettyImages-1185282377-3.jpg" length="0" type="" />

			</item>
		<item>
		<title>CVE-2023-29298: Adobe ColdFusion Access Control Bypass</title>
		<link>https://noise.getoto.net/2023/07/11/cve-2023-29298-adobe-coldfusion-access-control-bypass/</link>
		
		<dc:creator><![CDATA[Stephen Fewer]]></dc:creator>
		<pubDate>Tue, 11 Jul 2023 15:30:00 +0000</pubDate>
				<category><![CDATA[Vulnerability Disclosure]]></category>
		<category><![CDATA[Vulnerability management]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=af89e3740fb97329034e56ba6e181abb</guid>

					<description><![CDATA[Rapid7 discovered an access control bypass vulnerability affecting Adobe ColdFusion that allows an attacker to access the administration endpoints.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/07/GettyImages-1345443906.jpg" length="0" type="" />

			</item>
		<item>
		<title>Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]</title>
		<link>https://noise.getoto.net/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/</link>
		
		<dc:creator><![CDATA[Ron Bowes]]></dc:creator>
		<pubDate>Thu, 22 Jun 2023 16:16:57 +0000</pubDate>
				<category><![CDATA[Vulnerability Disclosure]]></category>
		<category><![CDATA[Vulnerability management]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=fe38dd3544c0d0e389bb384b52535ef6</guid>

					<description><![CDATA[Rapid7 has uncovered four issues in Fortra Globalscape EFT, the worst of which can lead to remote code execution.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/06/GettyImages-1345443906.jpg" length="0" type="" />

			</item>
		<item>
		<title>Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)</title>
		<link>https://noise.getoto.net/2023/04/11/raptor-technologies-volunteer-management-client-side-security-controls-fixed/</link>
		
		<dc:creator><![CDATA[Rapid7]]></dc:creator>
		<pubDate>Tue, 11 Apr 2023 13:00:00 +0000</pubDate>
				<category><![CDATA[Vulnerability Disclosure]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=7acfd2008505ae5dcd2ef5d6c0f21181</guid>

					<description><![CDATA[A vulnerability in Raptor Technology Volunteer Management for Schools is being disclosed in accordance with Rapid7’s vulnerability disclosure policy.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2023/04/GettyImages-1345443906.jpg" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 47/263 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached (Request-wide modification query)

Served from: noise.getoto.net @ 2025-12-11 01:06:14 by W3 Total Cache
-->