CVE-2026-48152

Budibase (open-source low-code) prior to 3.39.0 exposes a vulnerability where a Basic app user (mapped to WRITE permissions) can read an existing REST datasource, obtain redacted authConfigs, and update only the config.url. During update, mergeConfigs() restores the original secret when it detect...

EUVD-2026-24951

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

What is Predictive Threat Intelligence for Organizations?

You wouldn’t set sail across the ocean without checking the weather forecast. Meteorologists gather data on temperature, wind, and pressure systems to predict an incoming storm, giving you time to prepare. Predictive threat intelligence applies the same logic to cybersecurity. It collects and...

CVE-2025-11571 Command Execution vulnerability in Simplicity Installer

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the sam...

Under Armour ransomware breach: data of 72 million customers appears on the dark web

When reports first emerged in November 2025 that sportswear giant Under Armour had been hit by the Everest ransomware group, the story sounded depressingly familiar: a big brand, a huge trove of data, and a lot of unanswered questions. Since then, the narrative around what actually happened has...

CVE-2022-50793 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authenticated Command Injection via www-data-handler.php

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...

CVE-2022-50793 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authenticated Command Injection via www-data-handler.php

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...

Suricata 安全漏洞

Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A security vulnerability exists in Suricata versions 8.0.0 through prior to 8.0.2, which stems from a potential infinite memory growth when decompressing compressed HTTP data...

PT-2025-48199

Name of the Vulnerable Software and Affected Versions Suricata versions 8.0.0 through 8.0.1 Description Suricata is a network IDS, IPS and NSM engine. Versions from 8.0.0 through 8.0.1 are susceptible to unbounded memory growth during decompression of compressed HTTP data. Disabling LZMA...

EUVD-2002-2097

Malware in sbrugna...

MAL-2025-39768 Malicious code in xi-web-data-water-quick (npm)

The package xi-web-data-water-quick was found to contain malicious code...

Malicious code in xi-web-data-water-quick (npm)

The package xi-web-data-water-quick was found to contain malicious code...

Scam hunter scammed by tax office impersonators

The next time you shake your head at another online scam and vow that you'd never fall for it, remember that even the most tech-savvy people can sometimes slip up. A case in point: Julie-Anne Kearns. This self-made scam-hunter told her story to the Guardian last week, revealing how she had been...

CVE-2025-42975

CVE-2025-42975 concerns SAP NetWeaver Application Server ABAP (BIC Document). The vulnerability is an unauthenticated Cross-Site Scripting (XSS) flaw that allows an attacker to craft a URL which, when opened in the BIC Document app, embeds a malicious script and, upon user interaction, executes i...

PT-2025-32614 · Sap · Sap Netweaver Application Server Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP Documento BIC affected versions not specified Description: SAP NetWeaver Application Server ABAP BIC Document allows an unauthenticated attacker to manipulate a URL link. Accessing this crafted link throu...

Combining Threat Intelligence with IoT Scanning to Predict Cyber Attack

While the Web has become a global platform for communication, malicious actors, including hackers and hacktivist groups, often disseminate ideological content and coordinate activities through the "Dark Web", an obscure counterpart of the conventional web. Presently, challenges such as informatio...

Zabbix 安全漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix versions 7.0.0 to 7.0.3, which stems from the use of the webdriver for the Browser object to...

libvpx: crash related to VP9 encoding in libvpx

A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a w...

How web data is leading US cybersecurity to unreached possibilities

By Owais Sultan Businesses across the United States are using web scraping, or web data collection, infrastructure as a first line… This is a post from HackRead.com Read the original post: How web data is leading US cybersecurity to unreached possibilities...

GitHub 跨站脚本漏洞

GitHub is a hosting platform for open source and private software projects. A cross-site scripting vulnerability exists in the GitHub repository chatwoot/chatwoot and prior versions, which stems from a lack of proper validation of client-side data by the web application. An attacker can exploit...