Aggregator

记一次SRC高危逻辑漏洞挖掘

先知技术社区
9 hours 1 minute ago
置空鉴权字段不仅仅在登录口,在查询处,鉴权处都是很经典的思路如jwt置空加密字段,个人信息置空回显站点全部信息,最简单的思路往往能造成最致命的问题

UltraViolet Cyber Acquires Application Security Testing Service from Black Duck

Security Boulevard
9 hours 5 minutes ago

UltraViolet Cyber has acquired the application security testing services arm of Black Duck Software as part of an effort to expand the scope of the managed security services it provides. Company CEO Ira Goldstein said this addition to its portfolio will provide penetration testing, red teaming, threat modeling, cloud and container risk assessments, architecture risk..

The post UltraViolet Cyber Acquires Application Security Testing Service from Black Duck appeared first on Security Boulevard.

Michael Vizard

CVE-2025-52161 | Scholl Communications AG Weblication CMS 019.004.000.000 cross site scripting (EUVD-2025-27142)

VulDB Recent Entries
9 hours 20 minutes ago
A vulnerability was found in Scholl Communications AG Weblication CMS 019.004.000.000. It has been rated as problematic. The impacted element is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-52161. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-40929 | RURBAN Cpanel::JSON::XS up to 4.39 on Perl heap-based overflow

VulDB Recent Entries
9 hours 22 minutes ago
A vulnerability has been found in RURBAN Cpanel::JSON::XS up to 4.39 on Perl and classified as critical. This vulnerability affects unknown code. This manipulation causes heap-based buffer overflow. This vulnerability is registered as CVE-2025-40929. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2025-59033 | Microsoft Windows up to Server 2025 WDAC Policy incomplete blacklist (EUVD-2025-27143)

VulDB Recent Entries
9 hours 22 minutes ago
A vulnerability, which was classified as critical, was found in Microsoft Windows up to Server 2025. This affects an unknown part of the component WDAC Policy. The manipulation results in incomplete blacklist. This vulnerability is cataloged as CVE-2025-59033. The attack may be launched remotely. There is no exploit available. The existence of this vulnerability is still disputed at present.
vuldb.com

CVE-2022-50238 | Microsoft Windows On-Endpoint Vulnerable Driver incomplete blacklist

VulDB Recent Entries
9 hours 24 minutes ago
A vulnerability, which was classified as critical, has been found in Microsoft Windows. Affected by this issue is some unknown functionality of the component On-Endpoint Vulnerable Driver Handler. The manipulation leads to incomplete blacklist. This vulnerability is listed as CVE-2022-50238. The attack must be carried out locally. There is no available exploit. The actual existence of this vulnerability is currently in question.
vuldb.com

GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies

The Hackers News
9 hours 24 minutes ago
Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed the Salesloft GitHub account from March through June 2025. So far, 22 companies have confirmed they were impacted by a supply chain breach. "With
The Hacker News

CVE-2025-10123 | D-Link DIR-823X up to 250416 set_static_leases sub_415028 Hostname command injection

VulDB Recent Entries
9 hours 26 minutes ago
A vulnerability classified as critical was found in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of the argument Hostname can lead to command injection. This vulnerability is tracked as CVE-2025-10123. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com

Managed ad