Guardians of the Web: the Evolution and Future of Website Information Security

Website information security has become a critical concern in the digital age. This article explores the evolution of website information security, examining its historical development, current practices, and future directions. The early beginnings from the 1960s to the 1980s laid the groundwork...

14 secure coding tips: Learn from the experts at Microsoft Build

Hey friends! If you are a developer, you know that writing clean and efficient code is just the starting point. Now, with AI playing a bigger role, secure coding isn't just a 'nice-to-have'—it's a must. Whether you're building web apps, working on cloud services, or adding AI to your projects,...

14 secure coding tips: Learn from the experts at Microsoft Build

Hey friends! If you are a developer, you know that writing clean and efficient code is just the starting point. Now, with AI playing a bigger role, secure coding isn't just a 'nice-to-have'—it's a must. Whether you're building web apps, working on cloud services, or adding AI to your projects,...

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2025-957)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-957 advisory. Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the...

net: af_can: do not leave a dangling sk pointer in can_create()

...

i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock

...

netrom: check buffer length before accessing it

...

CVE-2025-1042

An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way...

Exploit for SQL Injection in Janobe Vehicle_Management_System

CVE-2024-48245 SQL Injection Vulnerability in Vehicle Manageme...

Imperva and the Secure by Design Pledge: A Commitment to Cybersecurity Excellence

The Cybersecurity and Infrastructure Security Agency CISA has introduced a voluntary "Secure by Design Pledge" for enterprise software manufacturers, focusing on improving the security of their products and services. This pledge outlines seven key principles, forming the core of a robust...

PT-2024-39633 · Unknown · Slim Select

Name of the Vulnerable Software and Affected Versions: Slim Select versions 2.0 through 2.9.0 Description: The issue is a potential cross-site scripting vulnerability. In the createOption function, the text variable from the user-provided Options object is assigned to an innerHTML without...

U.S. Dept Of Defense: Blind Sql Injection in https://████

A SQL injection vulnerability was discovered in the User-Agent parameter of the website "https://██████████/". The vulnerability allowed an attacker to inject SQL commands through the User-Agent HTTP header...

GHSA-87PF-7X99-5XC4 Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers

In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SSTRUSTEDPROXYIPS constant. Eve...

Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers

In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SSTRUSTEDPROXYIPS constant. Eve...

Five Core Tenets Of Highly Effective DevSecOps Practices

One of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience. Today's cyber threat landscape is rife with sophisticated attacks aimed at all different parts of the software supply...

AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now...

GHSA-MJ35-2RGF-CV8P OpenID Connect client Atom Exhaustion in provider configuration worker ets table location

Impact DOS by Atom exhaustion is possible by calling oidccproviderconfigurationworker:getproviderconfiguration/1 or oidccproviderconfigurationworker:getjwks/1. Since the name is usually provided as a static value in the application using oidcc, this is unlikely to be exploited. Details Example to...

CVE-2023-34042

The CVE-2023-34042 issue concerns the Spring Security spring-security-config jar where the spring-security.xsd file is world-writable. This enables a local authenticated attacker to write the file, reflecting CWE-732: Incorrect Permission Assignment for Critical Resource. The connected IBM and OS...

Beware of BOLA (IDOR) Vulnerabilities in Web Apps and APIs

Introduction In a recent advisory, the Cybersecurity and Infrastructure Security Agency CISA warned vendors, designers, developers, and end-user organizations of web applications about the dangers posed by Insecure Direct Object Reference IDOR vulnerabilities, now commonly referred to as BOLA...

MID-Risk Vulnerabilities in the Axelar Smart Contracts

Lines of code Vulnerability details Impact The vulnerabilities that I have identified could have a significant impact on the Axelar network. These vulnerabilities could be exploited by an attacker to: Gain control of the Axelar network by proposing and voting on malicious proposals. Mint or burn...