free5GC 安全特征问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security feature vulnerabilities. These vulnerabilities stemmed from AMF not implementing the concurrent security procedures defined in 3GPP TS 33.501, which could lead to...

Cyber-Secure Philanthropy: Tech Infrastructure for Global Donations

Secure philanthropy needs hardened payments, API security, and compliance controls to protect global donations from fraud and attacks...

Why API Security Is No Longer an AppSec Problem – And What Security Leaders Must Do Instead

APIs are one of the most important technologies in digital business ecosystems. And yet, the responsibility for their security often falls to AppSec teams – and that’s a problem. This organizational mismatch creates systemic risk: business teams assume APIs are “secured,” while attackers exploit...

IDOR Vulnerability in Template Creation via `projectId` Manipulation

Description An Insecure Direct Object Reference IDOR vulnerability exists in the POST /v1/templates endpoint of the Lunary API. This allows an authenticated user to create templates in another user’s project by modifying the projectId query parameter. This occurs due to a lack of server-side...

CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid

It was found that the SecurityTokenService STS, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens...