52 matches found
CVE-2025-26137
Systemic Risk Value =2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. An unauthenticated attacker can exploit this issue to read arbitrary system files by supplying a crafted file path, potentially exposing sensitive information...
Systemic RiskValue 安全漏洞
Systemic RiskValue is a tool or framework for assessing the value of financial systemic risk from Systemic, Inc. It is used to measure and analyze the potential losses that could result from financial systemic risk. A security vulnerability exists in Systemic RiskValue 2.8.0 and earlier versions,...
Systemic RiskValue 安全漏洞
Systemic RiskValue is a tool or framework for assessing the value of financial systemic risk from Systemic, Inc. It is used to measure and analyze the potential losses that could result from financial systemic risk. A security vulnerability exists in Systemic RiskValue version 2.8.0 and prior...
CVE-2025-26138
Systemic Risk Value =2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the ID to access and download files they do n...
CVE-2025-26138
CVE-2025-26138 affects Systemic Risk Value
CircleCI Urges Customers to Rotate Secrets Following Security Incident
DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident. The company said an investigation is currently ongoing, but emphasized that "there are no unauthorized actors active in our systems." Additional details are expected t...
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw. Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment. Their customers...
The Twitter Whistleblower Report’s Most Damning Allegation
Peiter “Mudge” Zatko’s claims about the company’s lax security are all bad. But one clearly captures the extent of systemic issues...
GHSA-CVX8-PPMC-78HM Duplicate Advisory: KubeVirt arbitrary host file read from the VM
Duplicate Advisory This advisory is a duplicate of GHSA-qv98-3369-g364. This link is maintained to preserve external references. Original Description Summary As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path travers...
YearnCurveVaultOperator's withdrawETH doesn't check for minAmountOut
Lines of code Vulnerability details withdrawETH effectively do not control the output token result of withdrawal as Vault token is ETH in this case, while WETH balance is controlled and no ETH - WETH deposit is done. I.e. any calls to withdrawETH with non-zero minAmountOut will fail as WETH balan...
[WP-H2] Always use a 1:1 ratio for all the underlyingTokens when calculating the collateral value is flawed and can cause systemic failure when one of the underlyingTokens is depegged
Lines of code Vulnerability details function normalizeUnderlyingTokensToDebtaddress underlyingToken, uint256 amount internal view returns uint256 return amount underlyingTokensunderlyingToken.conversionFactor; function totalValueaddress owner internal view returns uint256 uint256 totalValue = 0;...
FungibleAssetVaultForDAO: Use latestRoundData + validate data freshness
Lines of code Vulnerability details Details & Impact The deprecated latestAnswer API is being used, which may at any time fail to work if Chainlink ends support for it. In addition, the data freshness should be checked. The oracle could, for example, not have been updated in a while, causing...
Cryptominers Slither into Python Projects in Supply-Chain Campaign
A group of cryptominers was found to have infiltrated the Python Package Index PyPI, which is a repository of software code created in the Python programming language. Similar to other repositories like GitHub, npm and RubyGems, PyPI is part of the software supply chain. It offers a place where...
ProtonVPN CEO Blasts Apple for 'Aiding Tyrants’ in Myanmar
In a blog post filled with a passionate defense of human rights and internet privacy, Andy Yen, the CEO of secure internet provider ProtonVPN, blasted Apple for blocking its latest update and accused the tech juggernaut of helping the global spread of authoritarianism by “giving in to tyrants.” Y...
Advice for incident responders on recovery from systemic identity compromises
As Microsoft alongside our industry partners and the security community continues to investigate the extent of the Solorigate attack, our goal is to provide the latest threat intelligence including IOCs and guidance across our products and solutions to help the community fight back against, harde...
Advice for incident responders on recovery from systemic identity compromises
As Microsoft alongside our industry partners and the security community continues to investigate the extent of the Solorigate attack, our goal is to provide the latest threat intelligence including IOCs and guidance across our products and solutions to help the community fight back against, harde...
Systemic non-compliance: the root cause of pain for healthcare organizations
Recently, I was fortunate enough to experience the joys of becoming a father as my wife and I welcomed our first child into the world. It was one of the most beautiful experiences of my life and Im grateful for the advances we have made in modern medicine and technology. I mention this personal...
CVE-2020-11438
LibreHealth EMR v2.0.0 is affected by systemic CSRF...
Cross site request forgery (csrf)
LibreHealth EMR v2.0.0 is affected by systemic CSRF...
CVE-2020-11438
LibreHealth EMR v2.0.0 is affected by systemic CSRF...