Akira
You must login to view this content
Aggregator
Akira
5 months ago
You must login to view this content
cohenido
VDB-323640 | Amazon AWS CloudShell privileges management
5 months ago
A vulnerability, which was classified as critical, has been found in Amazon AWS CloudShell. This affects an unknown function. The manipulation leads to improper privilege management.
It is possible to initiate the attack remotely. There is no exploit available.
This product is available as a managed service. Users are not able to maintain vulnerability countermeasures themselves.
vuldb.com
Akira
5 months ago
You must login to view this content
cohenido
Submit #643050: erjinzhi soft 10 OA V1.0 Basic Cross Site Scripting [Accepted]
5 months ago
Submit #643050 / VDB-323644
Zre0x1c
Submit #643036: erjinzhi soft 10 OA V1.0 File Path Traversal [Accepted]
5 months ago
Submit #643036 / VDB-323643
Zre0x1c
Submit #643033: erjinzhi soft 10 OA V1.0 Basic Cross Site Scripting [Accepted]
5 months ago
Submit #643033 / VDB-323642
Zre0x1c
Submit #643032: erjinzhi soft 10 OA V1.0 Basic Cross Site Scripting [Accepted]
5 months ago
Submit #643032 / VDB-323641
Zre0x1c
Akira
5 months ago
You must login to view this content
cohenido
Akira
5 months ago
You must login to view this content
cohenido
VDB-323639 | Amazon AWS Bucket Monopoly code injection
5 months ago
A vulnerability classified as critical was found in Amazon AWS. The impacted element is an unknown function. Executing manipulation can lead to code injection.
The attack may be performed from remote. There is no available exploit.
This product is a managed service. This means that users are not able to maintain vulnerability countermeasures themselves.
vuldb.com
CVE-2025-9807 | Events Calendar Plugin up to 6.15.1 on WordPress sql injection
5 months ago
A vulnerability classified as critical has been found in Events Calendar Plugin up to 6.15.1 on WordPress. The affected element is an unknown function. Performing manipulation results in sql injection.
This vulnerability is reported as CVE-2025-9807. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2025-10269 | Spirit Framework Plugin up to 1.2.13 on WordPress file inclusion
5 months ago
A vulnerability described as critical has been identified in Spirit Framework Plugin up to 1.2.13 on WordPress. Impacted is an unknown function. Such manipulation leads to file inclusion.
This vulnerability is documented as CVE-2025-10269. The attack can be executed remotely. There is not any exploit available.
vuldb.com
OLLVM学习以及平坦化源码分析
5 months ago
LLVM 是一种模块化编译框架,通过 IR 和 Pass 实现跨平台优化与扩展;OLLVM 则在此基础上通过自定义 Pass 注入控制流平坦化、虚假控制流、指令替换等手段实现代码混淆。
优化追求性能与简洁,而混淆则有意制造复杂度,用于提高逆向分析的难度。
CVE-2025-10193 | neo4j neo4j-cypher MCP server up to 0.3.1 DNS origin validation (GHSA-vcqx-v2mg-7chx / EUVD-2025-28908)
5 months ago
A vulnerability marked as problematic has been reported in neo4j neo4j-cypher MCP server up to 0.3.1. This issue affects some unknown processing of the component DNS Handler. This manipulation causes origin validation error.
This vulnerability is registered as CVE-2025-10193. Remote exploitation of the attack is possible. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2025-8716 | OpenText Content Management up to 25.3 unusual condition (KB0847046)
5 months ago
A vulnerability labeled as problematic has been found in OpenText Content Management up to 25.3. This vulnerability affects unknown code. The manipulation results in improper check for unusual conditions.
This vulnerability is cataloged as CVE-2025-8716. The attack may be launched remotely. There is no exploit available.
vuldb.com
New VMScape attack breaks guest-host isolation on AMD, Intel CPUs
5 months ago
A new Spectre-like attack dubbed VMScape allows a malicious virtual machine (VM) to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. [...]
Bill Toulas
Google Pixel 10 Adds C2PA Support to Verify AI-Generated Media Authenticity
5 months ago
Google on Tuesday announced that its new Google Pixel 10 phones support the Coalition for Content Provenance and Authenticity (C2PA) standard out of the box to verify the origin and history of digital content.
To that end, support for C2PA's Content Credentials has been added to Pixel Camera and Google Photos apps for Android. The move, Google said, is designed to further digital media
The Hacker News
Lessons from Salesforce/Salesloft Drift Data Breaches – Detailed Case Study
5 months ago
The Salesloft Drift data breaches of August 2025 stand as one of the most significant supply chain attacks in SaaS history, demonstrating how a single compromised integration can cascade into widespread organizational exposure. This sophisticated campaign, staged by the threat actor UNC6395, exploited OAuth token vulnerabilities to access sensitive data from over 700 organizations, including […]
The post Lessons from Salesforce/Salesloft Drift Data Breaches – Detailed Case Study appeared first on Cyber Security News.
Guru Baran
BSidesSF 2025: Your Intrusion Detection Still Sucks (And What To Do About It)
5 months ago
Creator, Author and Presenter: Jason Craig
Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.
Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!
The post BSidesSF 2025: Your Intrusion Detection Still Sucks (And What To Do About It) appeared first on Security Boulevard.
Marc Handelman