Lucene search
K

52 matches found

Cvelist
Cvelist
added 2025/03/18 12:0 a.m.18 views

CVE-2025-26137

Systemic Risk Value =2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. An unauthenticated attacker can exploit this issue to read arbitrary system files by supplying a crafted file path, potentially exposing sensitive information...

0.00356EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/18 12:0 a.m.3 views

Systemic RiskValue 安全漏洞

Systemic RiskValue is a tool or framework for assessing the value of financial systemic risk from Systemic, Inc. It is used to measure and analyze the potential losses that could result from financial systemic risk. A security vulnerability exists in Systemic RiskValue 2.8.0 and earlier versions,...

7.5CVSS6.5AI score0.00356EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/18 12:0 a.m.5 views

Systemic RiskValue 安全漏洞

Systemic RiskValue is a tool or framework for assessing the value of financial systemic risk from Systemic, Inc. It is used to measure and analyze the potential losses that could result from financial systemic risk. A security vulnerability exists in Systemic RiskValue version 2.8.0 and prior...

6.5CVSS6.5AI score0.00289EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/18 12:0 a.m.30 views

CVE-2025-26138

Systemic Risk Value =2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the ID to access and download files they do n...

0.00289EPSS
Exploits0References1
CVE
CVE
added 2025/03/18 12:0 a.m.44 views

CVE-2025-26138

CVE-2025-26138 affects Systemic Risk Value

6.5CVSS6.5AI score0.00289EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2023/01/05 9:12 a.m.27 views

CircleCI Urges Customers to Rotate Secrets Following Security Incident

DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident. The company said an investigation is currently ongoing, but emphasized that "there are no unauthorized actors active in our systems." Additional details are expected t...

1AI score
Exploits0
ThreatPost
ThreatPost
added 2022/08/25 6:47 p.m.332 views

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw. Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment. Their customers...

9.8CVSS10AI score0.99869EPSS
Exploits23References2
Wired Threat Level
Wired Threat Level
added 2022/08/23 11:37 p.m.20 views

The Twitter Whistleblower Report’s Most Damning Allegation

Peiter “Mudge” Zatko’s claims about the company’s lax security are all bad. But one clearly captures the extent of systemic issues...

1.9AI score
Exploits0
OSV
OSV
added 2022/08/18 7:2 p.m.33 views

GHSA-CVX8-PPMC-78HM Duplicate Advisory: KubeVirt arbitrary host file read from the VM

Duplicate Advisory This advisory is a duplicate of GHSA-qv98-3369-g364. This link is maintained to preserve external references. Original Description Summary As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path travers...

6.5CVSS7.7AI score0.00359EPSS
Exploits1References4
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.10 views

YearnCurveVaultOperator's withdrawETH doesn't check for minAmountOut

Lines of code Vulnerability details withdrawETH effectively do not control the output token result of withdrawal as Vault token is ETH in this case, while WETH balance is controlled and no ETH - WETH deposit is done. I.e. any calls to withdrawETH with non-zero minAmountOut will fail as WETH balan...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/18 12:0 a.m.9 views

[WP-H2] Always use a 1:1 ratio for all the underlyingTokens when calculating the collateral value is flawed and can cause systemic failure when one of the underlyingTokens is depegged

Lines of code Vulnerability details function normalizeUnderlyingTokensToDebtaddress underlyingToken, uint256 amount internal view returns uint256 return amount underlyingTokensunderlyingToken.conversionFactor; function totalValueaddress owner internal view returns uint256 uint256 totalValue = 0;...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/12 12:0 a.m.14 views

FungibleAssetVaultForDAO: Use latestRoundData + validate data freshness

Lines of code Vulnerability details Details & Impact The deprecated latestAnswer API is being used, which may at any time fail to work if Chainlink ends support for it. In addition, the data freshness should be checked. The oracle could, for example, not have been updated in a while, causing...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2021/06/22 7:27 p.m.58 views

Cryptominers Slither into Python Projects in Supply-Chain Campaign

A group of cryptominers was found to have infiltrated the Python Package Index PyPI, which is a repository of software code created in the Python programming language. Similar to other repositories like GitHub, npm and RubyGems, PyPI is part of the software supply chain. It offers a place where...

7.3AI score
Exploits0References12
ThreatPost
ThreatPost
added 2021/03/24 8:53 p.m.53 views

ProtonVPN CEO Blasts Apple for 'Aiding Tyrants’ in Myanmar

In a blog post filled with a passionate defense of human rights and internet privacy, Andy Yen, the CEO of secure internet provider ProtonVPN, blasted Apple for blocking its latest update and accused the tech juggernaut of helping the global spread of authoritarianism by “giving in to tyrants.” Y...

6.9AI score
Exploits0References13
Microsoft Malware Protection
Microsoft Malware Protection
added 2020/12/21 10:3 p.m.44 views

Advice for incident responders on recovery from systemic identity compromises

As Microsoft alongside our industry partners and the security community continues to investigate the extent of the Solorigate attack, our goal is to provide the latest threat intelligence including IOCs and guidance across our products and solutions to help the community fight back against, harde...

0.4AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2020/12/21 10:3 p.m.35 views

Advice for incident responders on recovery from systemic identity compromises

As Microsoft alongside our industry partners and the security community continues to investigate the extent of the Solorigate attack, our goal is to provide the latest threat intelligence including IOCs and guidance across our products and solutions to help the community fight back against, harde...

0.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/11/16 12:31 p.m.10 views

Systemic non-compliance: the root cause of pain for healthcare organizations

Recently, I was fortunate enough to experience the joys of becoming a father as my wife and I welcomed our first child into the world. It was one of the most beautiful experiences of my life and Im grateful for the advances we have made in modern medicine and technology. I mention this personal...

1.3AI score
Exploits0
OSV
OSV
added 2020/07/15 8:15 p.m.14 views

CVE-2020-11438

LibreHealth EMR v2.0.0 is affected by systemic CSRF...

8.8CVSS6.9AI score
Exploits0References3
Prion
Prion
added 2020/07/15 8:15 p.m.14 views

Cross site request forgery (csrf)

LibreHealth EMR v2.0.0 is affected by systemic CSRF...

6.8CVSS8.7AI score0.0064EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/07/15 7:34 p.m.19 views

CVE-2020-11438

LibreHealth EMR v2.0.0 is affected by systemic CSRF...

8.8AI score0.0064EPSS
Exploits1References3
Rows per page
Query Builder