CVE-2026-44748

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

Rapid7 Insight Agent 安全漏洞

Rapid7 Insight Agent is a lightweight software developed by Rapid7 Corporation in the United States. This software is capable of collecting data from IT assets. Rapid7 Insight Agent has a security vulnerability, which stems from improper permissions settings in the client key file. This...

EUVD-2013-7130

Malware in sbrugna...

CVE-2013-7358

Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors...

Unspecified Vulnerability in Broadcom Symantec Privileged Access Management

Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...

SAP NetWeaver和SAP NetWeaver ABAP Server 安全漏洞

SAP NetWeaver and SAP NetWeaver ABAP Server are products of SAP, Germany.SAP NetWeaver is an integrated, service-oriented application platform that provides a development environment for SAP applications. SAP NetWeaver is an integrated, service-oriented application platform that provides a...

The vulnerability of Websoft HCM’s automation software for HR processes lies in the lack of protection for operational data. This allows attackers to obtain information about identities, which can be used in attacks targeting authentication mechanisms.

The vulnerability of Websoft HCM’s automation software for HR processes is related to the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor to obtain information about identities, which can be used in attacks targeting authentication mechanisms...

steal user funds with front-running when he calls depositTokens() of MerkleVesting and MerkleResistor with wrong treeIndex (uninitiated)

Lines of code Vulnerability details Impact This nature of this bug is similar in MerkleVesting and MerkleResistor and MerkleDropFactory, so I only write MerkleDropFactory version: If a user calls depositTokens with wrong treeIndex value by mistake, attacker can perform front-running attack and...

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

Information leakage vulnerability in the frontend of Yiqin General Attendance Management System V6.0

Easy attendance general attendance management system is researched and developed by Beijing Jinmapu Technology Development Co., Ltd. The system is based on B/S architecture and developed by VS.NET+SQLSERVER, which can complete the information browsing and information processing in the attendance...

Canadian Police Charge Operator of Hacked Password Service Leakedsource.com

Canadian authorities have arrested and charged a 27-year-old Ontario man for allegedly selling billions of stolen passwords online through the now-defunct service Leakedsource.com. The now-defunct Leakedsource service. On Dec. 22, 2017, the Royal Canadian Mounted Police RCMP charged Jordan Evan...

The Uber platform coming out of authentication vulnerabilities, exploit the vulnerability can reset any account password-loophole warning-the black bar safety net

Italian security expert Vincenzo C. Aka found the Uber platform authentication vulnerabilities, any account can use this vulnerability to reset the password, this discovery yesterday officially announced. In fact, the initiator of the“authentication crisis”the vulnerability is in the seven months...

CVE-2013-7358

Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors...

CVE-2013-7358

Technical details for CVE-2013-7358 are not publicly provided in the supplied documents. No affected products, vectors, or remediation are disclosed. Monitor for updates.

CVE-2011-0546

Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors...

OpenID Warns of Serious Bugs in Some Implementations

OpenID Warns of Serious Bugs in Some Implementations Amidst the fallout of the latest bungled password service kerfuffle at LastPass, comes a warning from the OpenID foundation of a critically serious flaw in certain deployments of the product to suffer a certain level of inter-process data...

openSUSE Security Update : irssi (openSUSE-SU-2010:0183-1)

irssi did not check the identity information of a remote hosts's certificate. Attackers could exploit that for a man-in-the-middle attack CVE-2010-1155. irssi could crash if someone changed nick while the victim was leaving the channel CVE-2010-1156. %NASLMINLEVEL 70300 C Tenable Network Security...