37 matches found
CVE-2026-54419
PIAF-HMS (PBX-In-A-Flash Hotel Management System) contains multiple unauthenticated SQL injection vulnerabilities. The app has no authentication and passes user-supplied HTTP parameters directly into deprecated mysql_query() calls via string concatenation, without sanitization, escaping, or param...
War in Iran Spiked Oil Prices. Trump Will Decide How High They Go
The conflict in the Middle East is driving oil prices up in a midterm year when Americans are already focused on high energy bills...
CVE-2021-2288
Vulnerability in the Oracle Bills of Material product of Oracle E-Business Suite component: Bill Issues. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Bills of Material...
California just put people back in control of their data
California's 2025 legislative session closed with 14 new privacy and AI-related bills. We’d like to highlight a few of the most relevant signed bills and encourage other states and countries to follow California’s example. Let’s go over some of the bills that were signed by the governor and how...
EUVD-2021-16747
Malware in sbrugna...
MAL-2025-8500 Malicious code in @malware-test-bills-pagod-adult-astir/test-mlw3-bills-pagod-adult-astir (npm)
The package @malware-test-bills-pagod-adult-astir/test-mlw3-bills-pagod-adult-astir was found to contain malicious code...
CVE-2020-15120
In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's...
CISA, NSA, and Partners Release New Guidance on Securing the Software Supply Chain
Today, CISA, the National Security Agency NSA, and partners released Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption. Developed through the Enduring Security Framework ESF, this guidance provides software developers and suppliers with industry...
Wisconsin Governor Hacks the Veto Process
In my latest book, A Hackers Mind, I wrote about hacks as loophole exploiting. This is a great example: The Wisconsin governor used his line-item veto powers--supposedly unique in their specificity--to change a one-year funding increase into a 400-year funding increase. He took this wording:...
[term-fix] Mitigation Error
Lines of code Vulnerability details Note - The term refactoring has been made for the following reason: Our main KIBT is intended to be backed by 1-year treasury bill tokens, however, a bond issued on 1 Jan 2023 does not have the same amount of seconds compared to a 1-year treasury bill issued on...
GTAB Software Tabit 信息泄露漏洞
GTAB Software Tabit is a full-featured program from GTAB Software for creating, playing and printing fingerstyle scores for guitar, bass or banjo. GTAB Software Tabit suffers from an information disclosure vulnerability that stems from several APIs on its web system displaying unauthorized...
CVE-2022-34776
Tabit - giftcard stealth. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described APIs, has in its URL one or more MongoDB ID which is not...
Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills
Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act; and S. 2710, the Open App Markets Act. Reducing the power to tech monopolies would do more to "fix" the Internet than any other single...
The vulnerability of the Bill Issues component of the Oracle Bills of Material application in the Oracle E-Business Suite allows a malicious individual to gain access to modify, add, or delete data, as well as to unauthorizedly access protected information.
The vulnerability of the Bill Issues component of the Oracle Bills of Material application within the Oracle E-Business Suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, as well as gain...
Fake Chrome App Anchors Rapidly Worming ‘Smish’ Cyberattack
A new Android malware that impersonates the Google Chrome app has spread to hundreds of thousands of people in the last few weeks, according to researchers. The fake app is being used as part of a sophisticated hybrid cyberattack campaign that also uses mobile phishing to steal credentials. Join...
CVE-2021-2288
Vulnerability in the Oracle Bills of Material product of Oracle E-Business Suite component: Bill Issues. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Bills of Material...
CVE-2021-2288
Vulnerability in the Oracle Bills of Material product of Oracle E-Business Suite component: Bill Issues. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Bills of Material...
Design/Logic Flaw
Vulnerability in the Oracle Bills of Material product of Oracle E-Business Suite component: Bill Issues. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Bills of Material...
CVE-2021-2288
Vulnerability in the Oracle Bills of Material product of Oracle E-Business Suite component: Bill Issues. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Bills of Material...
CVE-2021-2288
CVE-2021-2288 affects the Oracle Bills of Material component (Bill Issues) in Oracle E-Business Suite, for versions 12.1.1–12.1.3. The flaw allows a low-privileged, network-accessible attacker over HTTP to compromise Oracle Bills of Material, enabling unauthorized creation, deletion or modificati...