71 matches found
CVE-2026-34028 Unauthenticated direct access to web data in Wertheim SafeController Software exposes files
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyIdID/Audio/ and...
GHSA-6964-PP88-6WP9 Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step
Summary The executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to target internal infrastructure, this creates a server-side...
CVE-2026-46821
Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Common Components. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
CVE-2026-48152
Budibase (open-source low-code) prior to 3.39.0 exposes a vulnerability where a Basic app user (mapped to WRITE permissions) can read an existing REST datasource, obtain redacted authConfigs, and update only the config.url. During update, mergeConfigs() restores the original secret when it detect...
EUVD-2026-24951
An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...
What is Predictive Threat Intelligence for Organizations?
You wouldn’t set sail across the ocean without checking the weather forecast. Meteorologists gather data on temperature, wind, and pressure systems to predict an incoming storm, giving you time to prepare. Predictive threat intelligence applies the same logic to cybersecurity. It collects and...
CVE-2025-11571 Command Execution vulnerability in Simplicity Installer
Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the sam...
Under Armour ransomware breach: data of 72 million customers appears on the dark web
When reports first emerged in November 2025 that sportswear giant Under Armour had been hit by the Everest ransomware group, the story sounded depressingly familiar: a big brand, a huge trove of data, and a lot of unanswered questions. Since then, the narrative around what actually happened has...
CVE-2022-50793 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authenticated Command Injection via www-data-handler.php
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...
CVE-2022-50793 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authenticated Command Injection via www-data-handler.php
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...
Suricata 安全漏洞
Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A security vulnerability exists in Suricata versions 8.0.0 through prior to 8.0.2, which stems from a potential infinite memory growth when decompressing compressed HTTP data...
PT-2025-48199
Name of the Vulnerable Software and Affected Versions Suricata versions 8.0.0 through 8.0.1 Description Suricata is a network IDS, IPS and NSM engine. Versions from 8.0.0 through 8.0.1 are susceptible to unbounded memory growth during decompression of compressed HTTP data. Disabling LZMA...
EUVD-2002-2097
Malware in sbrugna...
Malicious code in xi-web-data-water-quick (npm)
The package xi-web-data-water-quick was found to contain malicious code...
MAL-2025-39768 Malicious code in xi-web-data-water-quick (npm)
The package xi-web-data-water-quick was found to contain malicious code...
Scam hunter scammed by tax office impersonators
The next time you shake your head at another online scam and vow that you'd never fall for it, remember that even the most tech-savvy people can sometimes slip up. A case in point: Julie-Anne Kearns. This self-made scam-hunter told her story to the Guardian last week, revealing how she had been...
CVE-2025-42975
CVE-2025-42975 concerns SAP NetWeaver Application Server ABAP (BIC Document). The vulnerability is an unauthenticated Cross-Site Scripting (XSS) flaw that allows an attacker to craft a URL which, when opened in the BIC Document app, embeds a malicious script and, upon user interaction, executes i...
PT-2025-32614 · Sap · Sap Netweaver Application Server Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP Documento BIC affected versions not specified Description: SAP NetWeaver Application Server ABAP BIC Document allows an unauthenticated attacker to manipulate a URL link. Accessing this crafted link throu...
Combining Threat Intelligence with IoT Scanning to Predict Cyber Attack
While the Web has become a global platform for communication, malicious actors, including hackers and hacktivist groups, often disseminate ideological content and coordinate activities through the "Dark Web", an obscure counterpart of the conventional web. Presently, challenges such as informatio...
Zabbix 安全漏洞
Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix versions 7.0.0 to 7.0.3, which stems from the use of the webdriver for the Browser object to...