Armed with the information, adversaries can explore and attack the local WiFi network, or identify and physically track any Android device.

The Qualcomm Life Capsule Datacaptor Terminal Server and the Becton Dickinson Alaris TIVA Syringe Pump allow remote access without authentication.

Facebook failed to fully sanitize error data returned by a public facing web app.

A Windows task scheduler API function does not check permissions – so any potential local bad actor can alter them to gain elevated privileges.

Apache has patched a critical remote code-execution vulnerability in Struts 2, and users should update immediately.

A remote, unauthenticated attacker could execute arbitrary commands on systems with the privileges of the Ghostscript code.

An unpatched buffer overflow flaw allows remote attackers to completely take over the device and enter the home network.

An attacker could escalate privileges on the server, further penetrating the network, harvesting customer information or mounting credible social-engineering campaigns.

The unpatched flaw would allow a bad actor to execute information-exfiltrating malware, backdoors, ransomware or any other kind of bad code he or she chose.

The program focuses on potential abuse methods across Google’s product-specific channels like Google+, Youtube, Gmail and Blogger.