14 matches found
PowSyBl Core 安全漏洞
PowSyBl Core is an open source software building framework for power systems from PowSyBl. A security vulnerability exists in PowSyBl Core versions prior to 6.3.0 through 6.7.2 and com.powsybl:powsybl-contingency-api versions prior to 5.0.0 through 6.3.0, which stems from a regular expression...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the RegexCriterion class. An attacker can cause significant CPU exhaustion by supplying a malicious regular expression and influencing the identifier input, leading to excessive backtrackin...
com.farao-community.farao:csa-runner-app (>=0.0.1 <=1.2.1), com.farao-community.farao:farao-angle-monitoring (>=4.2.2 <=5.0.0) +96 more potentially affected by CVE-2025-48059 via com.powsybl:powsybl-contingency-api (>=5.0.0 <=6.3.0-alpha-1)
com.powsybl:powsybl-contingency-api MAVEN version =5.0.0, =0.0.1, =4.2.2, =4.2.2, =4.2.2, =4.2.1, =4.5.0, =4.2.1, =4.2.1, =4.8.0, =4.2.2, =4.2.2, =4.2.2, =4.2.2, =4.2.2, =4.2.2, =5.0.0 and more Source cves: CVE-2025-48059 Source advisory: OSV:GHSA-8QJW-9XGM-C9FF...
Destabilizing Power Grid and Energy Market by Cyberattacks on Smart Inverters
Cyberattacks on smart inverters and distributed PV are becoming an imminent threat, because of the recent well-documented vulnerabilities and attack incidents. Particularly, the long lifespan of inverter devices, users' oblivion of cybersecurity compliance, and the lack of cyber regulatory...
CVE-2021-41120
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...
DoD Cloud Computing Impact Levels 4-5
Moving past DoD Impact Level 2 IL2, the logical next step should be IL3; however, IL3 is no longer used by the Department of Defense DoD and has been consolidated into IL4. DoD IL4 is designed to store, process, and transmit up to controlled unclassified information CUI related to military or...
Software Review: Stellar Repair for Exchange
By Owais Sultan When disaster strikes in the Exchange server, you must have a contingency plan in place to recover from it quickly. This is a post from HackRead.com Read the original post: Software Review: Stellar Repair for Exchange...
supplychainconnector.ca XSS vulnerability
Open Bug Bounty ID: OBB-709597 Description| Value ---|--- Affected Website:| supplychainconnector.ca Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...
CVE-2018-14929
Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp aka home page url parameter...
CVE-2018-14928
/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter...
CVE-2018-14927
Matera Banco 1.0.0 is vulnerable to path traversal allowing access to system files outside the default application folder via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp...
CVE-2018-14928
/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter...
CVE-2018-14928
CVE-2018-14928 describes a vulnerability where /contingency/servlet/ServletFileDownload executes with root privileges and exposes unauthenticated access to files via the file parameter. This enables file disclosure without authentication. The NVD entry assigns a CVSSv3 base score of 7.5 (HIGH) wi...
FAA Civil Aviation Registry Vulnerable to Data Breach
The Federal Aviation Administration’s FAA Civil Aviation Registry lacks proper security controls to prevent unauthorized access to its systems, according to a report based on a recent audit undertaken by the Office of the Inspector General OIG for the United States Department of Transportation Do...