Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/05/21 9:15 p.m.29 views

CVE-2026-8327 Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass.

Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo::update without field whitelisting resulting in password change without requiring the current...

5.3CVSS0.00182EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2024/04/10 8:15 p.m.14 views

Trump Loyalists Kill Vote on US Wiretap Program

An attempt to reauthorize Section 702, the so-called crown jewel of US spy powers, failed for a third time in the House of Representatives after former president Donald Trump criticized the law...

7.2AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2023/12/11 8:20 p.m.10 views

Congress Clashes Over the Future of America’s Section 702 Spy Program

Competing bills moving through the House of Representatives both reauthorize Section 702 surveillance—but they pave very different paths forward for Americans’ privacy and civil liberties...

7.4AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2023/11/27 8:27 p.m.15 views

Section 702 Surveillance Reauthorization May Get Slipped Into ‘Must-Pass’ NDAA

Congressional leaders are discussing ways to reauthorize Section 702 surveillance, including by attaching it to the National Defense Authorization Act, Capitol Hill sources tell WIRED...

7.3AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2023/11/13 9:12 p.m.18 views

US Privacy Groups Urge Senate Not to Ram Through NSA Spying Powers

An effort to reauthorize a controversial US surveillance program by attaching it to a must-pass spending bill has civil liberties advocates calling foul...

7.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/02/08 5:43 p.m.46 views

Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

2.3AI score
Exploits0References5Affected Software1
OSV
OSV
added 2021/02/08 5:43 p.m.18 views

GHSA-4PH2-8337-HM62 Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

7.1AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/02/08 5:43 p.m.76 views

Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

2.3AI score
Exploits0References4Affected Software1
OSV
OSV
added 2021/02/08 5:43 p.m.7 views

GHSA-W736-HF9P-QQH3 Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

7.1AI score
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2021/02/08 12:0 a.m.21 views

Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

2.3AI score
Exploits0References4Affected Software1
Schneier on Security
Schneier on Security
added 2020/02/26 12:8 p.m.33 views

Newly Declassified Study Demonstrates Uselessness of NSA's Phone Metadata Program

The New York Times is reporting on the NSA's phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigatio...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/31 12:6 p.m.46 views

After Section 702 Reauthorization

For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We've just lost an important battle. On January 18, President Trump signed the renewal of Section 702, domestic mass surveillance became effectively a permanent part of U...

6.6AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2018/01/19 4:4 p.m.16 views

January 19, 2018 – Morning Cyber Coffee Headlines – “Puppies” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! January 19, 2018 - Headlines The Five Laws Of Cybersecurity - Forbes 3 things y...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2015/04/08 2:28 p.m.12 views

New Coalition Launches Fight Against Patriot Act Section 215

A broad group of civil-rights, technology and political groups from across the spectrum has developed a new initiative to advocate for the repeal of Section 215 of the USA PATRIOT Act, the part that provides the authority for the bulk collection of phone metadata and other information. The new...

Exploits0References7
ThreatPost
ThreatPost
added 2012/12/28 4:3 p.m.8 views

Senate Reauthorizes FISA, Rejects Proposed Privacy Amendments

UPDATE – The Senate today rejected the inclusion of four privacy-friendly amendments before voting to reauthorize the controversial Foreign Intelligence Surveillance Act FISA that grants the federal government the authority to clandestinely monitor electronic communications involving foreign...

6.5AI score
Exploits0References4
Rows per page
Query Builder