USN-8215-1 dotnet10 vulnerability

It was discovered that the Microsoft.AspNetCore.DataProtection library in .NET did not properly verify cryptographic signatures under certain conditions. A remote attacker could possibly use this issue to elevate privileges...

USN-8215-1: .NET vulnerability

It was discovered that the Microsoft.AspNetCore.DataProtection library in .NET did not properly verify cryptographic signatures under certain conditions. A remote attacker could possibly use this issue to elevate privileges...

Analysis of Personal Data Exposure in Thailand

In the digital era, personal data, particularly sensitive identifiers such as the Social Security Number and National Identification Number, have become a highly valuable asset, raising significant concerns regarding privacy and security. This study examines the risks associated with the online...

Security Bulletin: IBM Guardium Data Protection is affected by a single vulnerability (CVE-2025-5115)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-5115 DESCRIPTION: In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames, for exampl...

Security Bulletin: IBM Guardium Data Protection is affected by a single vulnerability (CVE-2025-8916)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of the Bouncy...

GHSA-9MV3-2CWR-P262 Microsoft Security Advisory CVE-2026-40372 – ASP.NET Core Elevation of Privilege

Executive Summary: A bug in Microsoft.AspNetCore.DataProtection 10.0.0-10.0.6 NuGet packages can give an attacker the opportunity to execute an Elevation of Privilege attack by forging authentication cookies, and also allows some protected payloads to be decrypted. If an attacker used forged...

EUVD-2026-25134

IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

EUVD-2026-25123

IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel...

EUVD-2026-25133

IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

EUVD-2026-25132

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

EUVD-2026-25121

IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel...

CVE-2026-4918

IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2026-4919

IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2026-4917

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

CVE-2026-1272

IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel...

CVE-2026-1274

IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel...

IBM Guardium Data Protection Web UI Cross-Site Scripting Vulnerability

IBM Guardium Data Protection is a data security and activity monitoring platform for database auditing, vulnerability assessment and compliance management. A cross-site scripting vulnerability exists in IBM Guardium Data Protection. The vulnerability stems from the failure of the Web UI to proper...

IBM Guardium Data Protection 代码问题漏洞

IBM Guardium Data Protection is a comprehensive data security platform developed by the American company International Business Machines IBM. There are code-related vulnerabilities in versions 12.0, 12.1, and 12.2 of IBM Guardium Data Protection. These vulnerabilities stem from security...

IBM Guardium Data Protection 路径遍历漏洞

IBM Guardium Data Protection is a data security and compliance monitoring platform for database activity monitoring, vulnerability assessment and sensitive data discovery. A directory traversal vulnerability exists in IBM Guardium Data Protection. The vulnerability stems from a failure to properl...

IBM Guardium Data Protection 安全漏洞

IBM Guardium Data Protection is a comprehensive data security platform developed by the American company International Business Machines IBM. There are security vulnerabilities in versions 12.0, 12.1, and 12.2 of IBM Guardium Data Protection. These vulnerabilities stem from a bypass of business...