Weaponizing cross site scripting: When one bug isn’t enough

Cross-Site Scripting XSS is often underestimated as a minor vulnerability. In reality, XSS can open the door to more severe attacks when combined with other vulnerabilities...

What It Takes to Design Trust into Event-Driven Architectures with Amazon EventBridge

How disciplined design turns Amazon EventBridge from an open event bus into a system of verified trust. Event-driven architecture has become essential for achieving agility in the cloud. Yet as integrations multiply, so do the hidden pathways that adversaries can exploit. Amazon EventBridge helps...

EUVD-2025-197760

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use thes...

Mozilla Thunderbird ESR Security Update (mfsa_2025-91) - Windows

Mozilla Thunderbird ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Resilient Distribution Network Planning against Dynamic Malicious Power Injection Attacks

Active distribution networks facilitating bidirectional power exchange with renewable energy resources are susceptible to cyberattacks due to integration of a diverse array of cyber components. This study introduces a grid-level defense strategy aimed at enhancing attack resiliency based on...

Telerik UI for ASP.NET AJAX Unsafe Reflection

According to its self-reported version number, the version of Telerik UI for ASP.NET AJAX is affected by an unsafe reflection vulnerability resulting in denial of service and advanced attacks scenarios. Note that the scanner has not tested for these issues but has instead relied only on the...

PT-2025-47208

Name of the Vulnerable Software and Affected Versions itsourcecode Web-Based Internet Laboratory Management System version 1.0 Description A SQL injection issue exists in itsourcecode Web-Based Internet Laboratory Management System version 1.0. The issue is located in an unknown functionality of...

SUSE SLES15 Security Update : bind (SUSE-SU-2025:4108-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4108-1 advisory. - CVE-2025-40778: Address various spoofing attacks bsc1252379. - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number...

PT-2025-47080

Name of the Vulnerable Software and Affected Versions code-projects Student Information System version 2.0 Description A security issue exists in code-projects Student Information System 2.0. The issue involves cross site scripting and impacts an unknown function within the /editprofile.php file...

PT-2025-47079

Name of the Vulnerable Software and Affected Versions code-projects Student Information System version 2.0 Description A cross site scripting issue exists in code-projects Student Information System 2.0. The issue is located in the /register.php file within an unknown function. This manipulation...

T2I-Based Physical-World Appearance Attack against Traffic Sign Recognition Systems in Autonomous Driving

Traffic Sign Recognition TSR systems play a critical role in Autonomous Driving AD systems, enabling real-time detection of road signs, such as STOP and speed limit signs. While these systems are increasingly integrated into commercial vehicles, recent research has exposed their vulnerability to...

SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2025:4109-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4109-1 advisory. - CVE-2025-40778: Address various spoofing attacks bsc1252379. - CVE-2025-40780: Cache-poisoning due to weak...

M&T Bank Vulnerability Disclosure: HTML Injection in Emails on login.mtb.com via givenName parameter leads to phishing attacks

A vulnerability was found that allowed HTML injection in emails on login.mtb.com via the givenName parameter. This vulnerability could have enabled phishing attacks...

Security update for bind

This update for bind fixes the following issues: CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found bsc1252378. CVE-2025-40778: Address various spoofing attacks bsc1252379. CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380. Patch...

SUSE-SU-2025:4110-1 Security update for bind

This update for bind fixes the following issues: - CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found bsc1252378. - CVE-2025-40778: Address various spoofing attacks bsc1252379. - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380...

Security update for bind

This update for bind fixes the following issues: CVE-2025-40778: Address various spoofing attacks bsc1252379. CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

SUSE-SU-2025:4108-1 Security update for bind

This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks bsc1252379. - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380...

SUSE-SU-2025:4107-1 Security update for bind

This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks bsc1252379. - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380...

HSEC-2023-0001 Hash flooding vulnerability in aeson

Hash flooding vulnerability in aeson aeson was vulnerable to hash flooding a.k.a. hash DoS. The issue is a consequence of the HashMap implementation from unordered-containers. It results in a denial of service through CPU consumption. This technique has been used in real-world attacks against a...

sctp: Fix MAC comparison to be constant-time

...