CVE-2021-21863

A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-14764

Vulnerability in the Hyperion Planning product of Oracle Hyperion component: Application Development Framework. The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Planning...

CVE-2020-0561

Improper initialization in the IntelR SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-2542

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

CVE-2020-9628

Adobe DNG Software Development Kit SDK 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

CVE-2020-9626

Adobe DNG Software Development Kit SDK 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

CVE-2020-9589

Adobe DNG Software Development Kit SDK 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2020-14146

KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATHINFO...

CVE-2020-9623

Adobe DNG Software Development Kit SDK 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

Deloitte’s Secure by Design (SbD) Approach – Enhanced with Wiz

How Deloitte and Wiz Enable End-to-End Security Without Slowing Down Development...

CVE-2019-10770

All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to b...

CVE-2019-2764

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware subcomponent: Outside In Filters. The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

CVE-2010-3914

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in...

CVE-2007-6763

SAS Drug Development SDD before 32DRG02 mishandles logout actions, which allows a user who was previously logged in to access resources by pressing a back or forward button in a web browser...

[SECURITY] Fedora 41 Update: perl-Mojolicious-9.39-1.fc41

Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...

Mitigating Cyber Risk in the Age of Open-Weight LLMs: Policy Gaps and Technical Realities

Open-weight general-purpose AI GPAI models offer significant benefits but also introduce substantial cybersecurity risks, as demonstrated by the offensive capabilities of models like DeepSeek-R1 in evaluations such as MITRE's OCCULT. These publicly available models empower a wider range of actors...

Your First Spring AI 1.0 Application

Your First Spring AI 1.0 Application by Dr. Mark Pollack, Christian Tsolov, and Josh Long Hi, Spring fans! Spring AI is live on the Spring Initializr and everywhere fine bytes might be had. Ask your doctor if AI is right for you! It's an amazing time to be a Java and Spring developer. There's nev...

Effects of the Cyber Resilience Act (CRA) on Industrial Equipment Manufacturing Companies

The Cyber Resilience Act CRA is a new European Union EU regulation aimed at enhancing the security of digital products and services by ensuring they meet stringent cybersecurity requirements. This paper investigates the challenges that industrial equipment manufacturing companies anticipate while...

Malicious code in ai-labs-snippets-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2d5d4e1e66d1a84969c7af5822efb6e894abc0d263c87f583bf45591d216b85a During the importing, it loads a file pretending to an AI model. This file contains pickle-serialized code that exfiltrates data basic IP/username info, as wel...

Microsoft Security Update Validation Report May 2025

Microsoft’s May 2025 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...