9 matches found
EUVD-2022-26613
Malicious code in bioql PyPI...
EUVD-2024-54253
Malicious code in bioql PyPI...
CVE-2024-31842
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded ...
CVE-2022-21307
Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...
GHSA-VR5F-PHP7-RG24 Pimcore Admin Classic Bundle allows user enumeration
pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented. This issue has been addressed in version...
CVE-2024-8039
Improper permission configurationDomain configuration vulnerability of the mobile application com.afmobi.boomplayer can lead to account takeover risks...
RHEL 7 : mysql-connector-java (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mysql-connector-java: Improper automatic deserialization of binary data CPU Apr 2017 CVE-2017-3523 -...
Podcast: Vendors, Suppliers, Partners – Oh My! Who Will Increase Your Risk of Account Takeover?
Your users’ login credentials are available for sale on the criminal underground — and criminals know it. For the third year running, the 2019 Verizon Data Breach Report calls out the use of weak and stolen credentials as the most common hacking tactic. This podcast is sponsored by SpyCloud The...
MGASA-2018-0101 Updated virtualbox packages fix security vulnerabilities
Oracle VM VirtualBox incorporate the OpenSSL software libraries to provide cryptographic capabilities. OpenSSL versions through 1.0.2m and 1.1.0g are susceptible to a vulnerability that could allow an attacker to recover encryption keys and access protected communications CVE-2017-3736. Systems...