OpenViking 安全漏洞

OpenViking is an open-source artificial intelligence proxy context database developed by Volcengine. Versions of OpenViking prior to 0.2.14 contained security vulnerabilities. These vulnerabilities stemmed from a lack of authentication in the bot proxy router, allowing unauthorized attackers to...

WeGIA 安全漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.5 contained security vulnerabilities. These vulnerabilities stemmed from the adicionartipodocsatendido.php script not being processed through a central...

’Tis the Season to Be Cyber-Wary: How Thales Protects Against Account Takeover During Peak Shopping Season

The holiday shopping season is the busiest time of year for online retailers, and increasingly the most dangerous. As traffic surges and customers rush to place orders, cybercriminals use the distraction and volume to blend in. Account Takeover ATO attacks spike sharply in November and December,...

API Attack Awareness: Business Logic Abuse — Exploiting the Rules of the Game

As Cybersecurity Awareness Month continues, we wanted to dive even deeper into the attack methods affecting APIs. We’ve already reviewed Broken Object Level Authentication BOLA, injection attacks, and authentication flaws; this week, we’re exploring business logic abuse BLA. Unlike technical flaw...

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in the lack of authentication mechanisms. This allows attackers to gain unauthorized access to protected information.

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B is related to the lack of authentication. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized acces...

WordPress plugin Icegram 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control...

The vulnerabilities of Mitsubishi Electric’s software products, including EZSocket, FR Configurator2, GT Designer3 Version1(GOT1000), GT Designer3 Version1(GOT2000), GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, and MX OPC Server DA/UA (software included with MC Works64), are related to the absence of authentication for critical functions. This allows attackers to gain unauthorized access to confidential information.

The vulnerabilities of Mitsubishi Electric’s software products, including EZSocket, FR Configurator2, GT Designer3 Version1GOT1000, GT Designer3 Version1GOT2000, GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, and MX OPC Server DA/UA software included with MC Works64, are relate...

Thousands of Mobile Apps Expose Their Unprotected Firebase Hosted Databases

Mobile security researchers have discovered unprotected Firebase databases of thousands of iOS and Android mobile applications that are exposing over 100 million data records, including plain text passwords, user IDs, location, and in some cases, financial records such as banking and cryptocurren...