11 matches found
Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update
Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild. Assigned the CVE identifier CVE-2025-24200 CVSS score: 4.6, the vulnerability has been described as an authorization issue that could make it possible fo...
Improper access control
A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup...
Nation-State Actors Infiltrate U.S. by Exploiting Zoho and Fortinet Flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple nation-state entities infiltrated a prominent U.S. aeronautics organization by capitalizing on vulnerabilities within Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus,...
Osprey Pump Controller 1.0.1 - Authentication Bypass Credentials Modification
!/usr/bin/env python Exploit Title: Osprey Pump Controller v1.0.1 - Authentication Bypass Credentials Modification Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID...
CVE-2020-25700
In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10...
CVE-2020-25700
CVE-2020-25700 affects Moodle: database module web services allowed students to add entries in groups they did not belong to. Affected versions include Moodle 3.9.0–3.9.2, 3.8.0–3.8.5, 3.7.0–3.7.8, 3.5.0–3.5.14 and earlier unsupported releases. The issue is fixed in Moodle 3.8.6, 3.7.9, 3.5.15, a...
Shopify: access permission is not revoked even if the email has been deleted or changed on the partner account -partners.shopify-
I can get increased privileges from accounts that have been deleted from shopify partners. a partner uses another business email account and when the business email has been replaced or deleted from a partner, it turns out that the account still has full access as a collaborator account or still...
CVE-2017-16867
Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for 1 delivery drivers to freeze a camera and re-enter a house for unfilmed activities or 2 attackers to freeze a camera and enter a house if a delivery driver fail...
Epsilon Ups Ante on Security Following Breach
Nearly three months after marketing services firm Epsilon had its system breached, the company has begun to rebuild the security of its e-mail marketing platform. The firm has unveiled an array of enhancements they claim will mitigate “electronic crimes in motion” according to a press release...
Stolen data may be sold on cyber black market !
Hackers behind what computer security experts believe could be the biggest data theft in US history may be planning to sell the information to cyber criminals for targeted scams. And while the tens of millions of names and email addresses swiped from online marketing firm Epsilon do not appear to...
Epsilon Data Breach Expands to Include Capital One, Disney, Others
The compromise of a system at online marketing company Epsilon Data Management that came to light last week and involves the email addresses and names of customers at companies such as Citibank, Kroger and Disney expanded over the weekend to include a slew of other companies. The attack does not...