CVE-2026-34762

Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's polic...

CVE-2026-34762

Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's polic...

Missing Source Correlation of Multiple Independent Data

Overview Affected versions of this package are vulnerable to Missing Source Correlation of Multiple Independent Data in the PUT /api/v1/subscriber/imsi API endpoint. An attacker can alter another user's policy settings and falsify audit logs by providing mismatched IMSI values in the request path...

Missing Source Correlation of Multiple Independent Data

Overview Affected versions of this package are vulnerable to Missing Source Correlation of Multiple Independent Data in the PUT /api/v1/subscriber/imsi API endpoint. An attacker can alter another user's policy settings and falsify audit logs by providing mismatched IMSI values in the request path...

rustfs 信任管理问题漏洞

rustfs is a high performance object storage system from the RustFS open source. A trust management issue vulnerability exists in versions prior to rustfs 1.0.0-alpha.77, which stems from the use of hard-coded static tokens for gRPC authentication, and could lead to privileged operations such as...

EUVD-2018-1216

Malware in sbrugna...

EUVD-1999-0558

Malware in sbrugna...

CVE-2024-27093

Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with...

Poorly Purged Medical Devices Present Security Concerns After Sale on Secondary Market

In a post-pandemic landscape, the interconnectedness of cybersecurity is front and center. Few could say that they were not at least aware of, if not directly affected by, the downstream effects of major breaches that cause impacts felt across economies. One should look at disruptions in the glob...

Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns

Instagram Threads, the upcoming Twitter competitor from Meta, will not be launched in the European Union due to privacy concerns, according to Ireland's Data Protection Commission DPC. The development was reported by the Irish Independent, which said the watchdog has been in contact with the soci...

A Secure User Authentication Method – Planning is More Important than Ever

When considering authentication providers, many organizations consider the ease of configuration, ubiquity of usage, and technical stability. Organizations cannot always be judged on those metrics alone. There is an increasing need to evaluate company ownership, policies and the stability, or...

PT-2022-24948 · Unknown · Lightning Network Daemon

Name of the Vulnerable Software and Affected Versions: Lightning Network Daemon lnd versions prior to 0.15.4 Description: The issue is related to a block parsing bug that can cause a node to enter a degraded state. In this state, nodes can continue to make payments and forward HTLCs, and close ou...

FreeBSD : minio -- User privilege escalation (a4ff3673-d742-4b83-8c2b-3ddafe732034)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a4ff3673-d742-4b83-8c2b-3ddafe732034 advisory. - MinIO is a Kubernetes native application for cloud storage. Prior to version...

Policy and Disclosure: 2021 Edition

Posted by Tim Willis, Project Zero At Project Zero, we spend a lot of time discussing and evaluating vulnerability disclosure policies and their consequences for users, vendors, fellow security researchers, and software security norms of the broader industry. We aim to be a vulnerability research...

Securing our approach to domain fronting within Azure

Every single day our teams analyze the trillions of signals we see to understand attack vectors, and then take those learnings and apply them to our products and solutions. Having that understanding of the threat landscape is key to ensuring our customers are kept safe every day. However, being a...

CVE-2020-27016

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to a cross-site request forgery CSRF vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must...

Facebook to Pay $550M to Settle Class Action Case Over Facial Recognition

Facebook has agreed to pay $550 million to Illinois users to settle a class action lawsuit filed over the use of its face-tagging technology to collect facial-recognition data on its social media platform. The company unveiled the settlement on a quarterly financial call Wednesday, in which it...

Policy and Disclosure: 2020 Edition

Posted by Tim Willis, Project Zero At Project Zero, we spend a lot of time discussing and evaluating vulnerability disclosure policies and their consequences for users, vendors, fellow security researchers, and software security norms of the the larger industry. We're very happy with how well our...

Supply-Chain Security and Trust

The United States government's continuing disagreement with the Chinese company Huawei underscores a much larger problem with computer technologies in general: We have no choice but to trust them completely, and it's impossible to verify that they're trustworthy. Solving this problem ­ which is...

Security Monkey - Tool To Monitors Your AWS And GCP Accounts For Policy Changes And Alerts On Insecure Configurations

Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. Support is available for OpenStack public and private clouds. Security Monkey can also watch and monitor your GitHub organizations, teams, and repositories. It provides a single UI to brow...