10 matches found
EUVD-2025-6691
Malicious code in bioql PyPI...
CVE-2025-26138
Systemic Risk Value =2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the ID to access and download files they do n...
CVE-2025-26138
Systemic Risk Value =2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the ID to access and download files they do n...
CVE-2025-26137
Systemic Risk Value =2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. An unauthenticated attacker can exploit this issue to read arbitrary system files by supplying a crafted file path, potentially exposing sensitive information...
CVE-2025-26138
Systemic Risk Value =2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the ID to access and download files they do n...
CVE-2025-26138
Systemic Risk Value =2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the ID to access and download files they do n...
CVE-2025-26137
Systemic Risk Value =2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. An unauthenticated attacker can exploit this issue to read arbitrary system files by supplying a crafted file path, potentially exposing sensitive information...
CVE-2025-26138
CVE-2025-26138 affects Systemic Risk Value
FungibleAssetVaultForDAO: Use latestRoundData + validate data freshness
Lines of code Vulnerability details Details & Impact The deprecated latestAnswer API is being used, which may at any time fail to work if Chainlink ends support for it. In addition, the data freshness should be checked. The oracle could, for example, not have been updated in a while, causing...
The Next Security Scandal Will Be An Attack on High Frequency Trading Systems
The U.S. Securities and Exchange Commission voted on Tuesday to impose new rules to help oversee what experts warn is a burgeoning and little understood shadow market of ultra high-speed, computer based trading. But one security expert warns that new reporting rules are only part of the problem...