Advisories


When products are susceptible to attack or manipulation, clarity is the best policy. Here we archive some of the holes we've helped to patch. All releases are governed by our Vulnerability Disclosure Policy.

WithSecure_abstract_blue1

Latest Advisory

Other Advisories

July 5, 2024
Prompt Injection in JetBrains Rider AI Assistant

Read more

July 5, 2024
Optimizely CMS Admin Panel DOM XSS

The Optimizely admin interface was vulnerable to DOM-based cross-site scripting (XSS), which could allow an attacker to execute malicious Javascript code in a legitimate user's browser. 

Read more

July 5, 2024
iOS Single App Mode Escape

WithSecure researchers have discovered a vulnerability in Single App Mode on iOS devices that could potentially allow an attacker to bypass the feature's restrictions and gain unauthorised access to the device. 

Read more

July 5, 2024
Fujitsu mPollux for macOS Multiple Vulnerabilities

Finnish Digital and Population Data Services Agency (DVV) provides a Card Reader Software which can be used for strong authentication and digital signing with the DVV issued identity cards. The Fujitsu mPollux DigiSign application communicates with the identity card and allows log in to official e-services and/or digitally sign documents. The Fujitsu mPollux DigiSign Client for macOS version 4.2.4c-8322 and previous contains two security vulnerabilities that in the worst-case scenario can lead to full system compromise. 

Read more

July 5, 2024
SQL Injection in ZTE 4G routers and modems

LTE (4G) Modems and Routers from ZTE contained an SQL Injection vulnerability in the SMS functionality. 

Read more

July 5, 2024
Mend.io cross-tenant access via vulnerable SAML implementation

Read more