What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: "So, are we actually safer now?" Crickets. The room goes quiet because an honest answer requires contex...

[SECURITY] Fedora 44 Update: qt6-qtscxml-6.10.3-1.fc44

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

CVE-2026-20137

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...

[SECURITY] Fedora 42 Update: qt5-qtscxml-5.15.18-1.fc42

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

[SECURITY] Fedora 42 Update: qt6-qtscxml-6.9.3-1.fc42

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

EUVD-2021-1975

Malware in sbrugna...

[SECURITY] Fedora 42 Update: qt6-qtscxml-6.9.1-1.fc42

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

Fedora: Security Advisory for qt5-qtscxml (FEDORA-2024-2e27372d4c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for qt6-qtscxml (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: qt5-qtscxml-5.15.14-1.fc40

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

[SECURITY] Fedora 40 Update: qt6-qtscxml-6.7.1-1.fc40

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

Code injection

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue...

CVE-2023-23619

The CVE-2023-23619 vulnerability affects @asyncapi/modelina (Modelina) prior to version 1.0.0. It enables code injection through default presets or when users do not handle rendering themselves. The issue is partially mitigated in 1.0.0, per GHSA guidance: if you only access constrained models, t...

Improper Control of Generation of Code ('Code Injection')

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 is vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue h...

New Facebook Tool Let Users Transfer Their Photos and Videos to Google

Facebook has finally started implementing the open source data portability framework as the first phase of 'Data Transfer Project,' an initiative the company launched last year in collaboration with Google, Apple, Microsoft, and Twitter. Facebook today announced a new feature that will allow its...

Cameradar v2.0 - Hack into RTSP CCTV cameras

An RTSP stream access tool that comes with its library. Cameradar allows you to Detect open RTSP hosts on any accessible target host Detect which device model is streaming Launch automated dictionary attacks to get their stream route e.g.: /live.sdp Launch automated dictionary attacks to get the...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:0828-1)

This version upgrade of java-160-openjdk fixes multiple security flaws : - S7079902, CVE-2012-1711: Refine CORBA data models - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability...

OpenJDK: improper protection of CORBA data models (CORBA, 7079902)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA...

OpenJDK: improper protection of CORBA data models (CORBA, 7079902)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA...

Fedora 17 : java-1.7.0-openjdk-1.7.0.3-2.2.1.fc17.8 (2012-9590)

S7079902, CVE-2012-1711: Refine CORBA data models S7110720: Issue with vm config file loadingIssue with vm config file loading S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. S7143614, CVE-2012-1716: SynthLookAndFeel stability improveme...