52 matches found
API Security Operations: How to Move from Visibility to Measurable Risk Reduction
A five-level operating model for turning API security visibility into measurable risk reduction, faster remediation, and confident digital growth — without slowing development. What is API security operationalization? API security operationalization is the process of converting API discovery and...
CVE-2026-20058
Multiple Cisco products are affected by vulnerabilities in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. These vulnerabilities are due to improper error checking when decompressing VBA data. An attacker could exploit...
CVE-2026-21955
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...
EUVD-2025-33632
Malicious code in react-outcome-error-alert npm...
Malicious Package
Overview react-outcome-error-alert is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in react-outcome-error-alert (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf316b6e96271df51ad30f147aa205bb372c306b2a929a854bafb68c41a5cf88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48267 Malicious code in react-outcome-error-alert (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf316b6e96271df51ad30f147aa205bb372c306b2a929a854bafb68c41a5cf88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2018-14732
Malware in sbrugna...
EUVD-2012-5968
Malware in sbrugna...
EUVD-2021-23729
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-21621
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.40. Easily...
Cyber Security of Mega Events: a Case Study of Securing the Digital Infrastructure for MahaKumbh 2025 -- a 45 Days Mega Event of 600 Million Footfalls
Mega events such as the Olympics, World Cup tournaments, G-20 Summit, religious events such as MahaKumbh are increasingly digitalized. From event ticketing, vendor booth or lodging reservations, sanitation, event scheduling, customer service, crime reporting, media streaming and messaging on...
Lessons for Cybersecurity from the American Public Health System
The United States needs national institutions and frameworks to systematically collect cybersecurity data, measure outcomes, and coordinate responses across government and private sectors, similar to how public health systems track and address disease outbreaks...
CVE-2021-1079
NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the...
MSPs & MSSPs: How to Increase Engagement with Your Cybersecurity Clients Through vCISO Reporting
As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success", which...
CVE-2023-26862
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
The vulnerability of the sub-component “Outcome-Result” of the component “Oracle Customer Interaction History” in the Oracle E-Business Suite system, which allows a malicious user to access, modify, add, or delete data.
The vulnerability of the CRM User Management Framework component of the Oracle Customer Interaction History system within the Oracle E-Business Suite relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to read, modify, add, or...
The vulnerability of the Outcome-Result sub-component of the Oracle Customer Interaction History component in the Oracle E-Business Suite system allows a malicious actor to gain access to read, modify, add, or delete data.
The vulnerability of the CRM User Management Framework component of the Oracle Customer Interaction History component within the Oracle E-Business Suite system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to read, modify...
Liquidator has no incentives to execute a favorable trade to the borrower
Lines of code Vulnerability details Summary Swaps involved in liquidations may negatively impact the owner of the lien, since there is no incentive to execute a favorable trade as long as the received amount is enough to recover the liquidity. Impact When an existing position is closed, the...
It's possible to block some user from voting for (or against) some proposal
Lines of code Vulnerability details Note: Although some code involved is inside a contract which is out of scope, I argue that this finding is in scope, since the vulnerability exists in the in-scope contract. In the Arcade protocol, there are several voting vaults implemented so that users can u...