Aggregator

CVE-2012-6047 | X7 Group X7 Chat up to 1.2.0b index.php cross-site request forgery (EDB-18850 / OSVDB-81827)

Vuldb Updates
7 months 2 weeks ago
A vulnerability was found in X7 Group X7 Chat up to 1.2.0b and classified as problematic. Affected by this issue is some unknown functionality of the file index.php. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2012-6047. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Beyond SMS OTP: Why Major Organizations Are Abandoning Text-Based Authentication

Security Boulevard
7 months 2 weeks ago

The elimination of SMS OTP from major organizations and government systems represents an inevitable evolution toward more secure, cost-effective, and user-friendly authentication approaches. Organizations that recognize this trend and act proactively will find themselves better positioned competitively while avoiding the disruption and costs associated with forced transitions under regulatory deadlines.

The post Beyond SMS OTP: Why Major Organizations Are Abandoning Text-Based Authentication appeared first on Security Boulevard.

Dev Kumar

CVE-2019-11358 | Oracle Financial Services Hedge Management 8.0.4/8.0.5/8.0.6/8.0.7 RSA BSAFE cross site scripting (EDB-52141 / Nessus ID 208606)

Vuldb Updates
7 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in Oracle Financial Services Hedge Management and IFRS Valuations 8.0.4/8.0.5/8.0.6/8.0.7. This issue affects some unknown processing of the component RSA BSAFE. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2019-11358. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

SDL 76/100问:运营阶段,如何做好常态漏扫和情报产生的漏洞管理?

我的安全视界观
7 months 2 weeks ago
在SDL的运营阶段,安全活动包括漏洞预警、常态化扫描、SRC收洞、应急响应等,这里提问是关于前两类产生的漏洞管理。在每个阶段,对漏洞的管理目标和方法实则是有差异的,在运营阶段则是要以减少安全事件发生、及减少因事件导致的代价为目标。所以当从目标出发时,可以结合漏洞危害大小、利用难易程度、资产的重要性等方面进行综合考虑,设置不同的漏洞修复和响应要求。比如: 1、漏洞预警:互联网上热传的、被称为核弹级利用的漏洞,肯定是要求先修复,仅有CVE编号又未传播开的,甚至都不用管; 2、常态化扫描:互联网侧的资产优先被修复,可以被利用的漏洞优先修复,其他类型的漏洞则可以将优先级降低、不过不能遗漏。 关于漏洞生命周期管理,每家公司的水平不一样,比如有用jira、禅道、excel表格、漏洞管理系统等。从实践经验来看,最好还是要能关联上资产、联动工单系统等,才会更加便利。 1、SDL 100问 SDL100问:我与SDL的故事 SAST误报太高,如何解决? SDL需要哪些人参与? SDL如何做成平台化以及价值? 安全SDK提供安全API是怎么做的? 安全测试,测不出逻辑漏洞怎么办? 大家都有哪些SDL运营指标? 业务系统是否可以带漏洞上线? 有没有SDL相关的监管要求? SDL 75/100问:前期的安全设计与测试是否解决不同层面问题? 2、SDL创新实践 首发!“ 研发安全运营 ” 架构研究与实践 DevSecOps实施关键:研发安全团队 DevSecOps实施关键:研发安全流程 DevSecOps实施关键:研发安全规范 DevSecOps实施关键:研发安全工具 从安全视角,看研发安全 数字化转型下研发安全痛点 一个思考:安全测试驱动产品安全? 3、SDL最初实践 【SDL最初实践】开篇 【SDL最初实践】安全培训 【SDL最初实践】安全需求 【SDL最初实践】安全设计 【SDL最初实践】安全开发 【SDL最初实践】安全测试 【SDL最初实践】安全审核 【SDL最初实践】安全响应 4、安全运营实践 基于实践的安全事件简述 安全事件运营SOP:钓鱼邮件 安全事件运营SOP:网络攻击 安全事件运营SOP:蜜罐告警 安全事件运营SOP:webshell事件 安全事件运营SOP:接收漏洞事件 应急能力提升:实战应急困境与突破 应急能力提升:挖矿权限维持攻击模拟

CVE-2019-11358 | Oracle Financial Services Funds Transfer Pricing 8.0.4/8.0.5/8.0.6/8.0.7 jQuery cross site scripting (EDB-52141 / Nessus ID 208606)

Vuldb Updates
7 months 2 weeks ago
A vulnerability classified as critical was found in Oracle Financial Services Funds Transfer Pricing 8.0.4/8.0.5/8.0.6/8.0.7. This vulnerability affects unknown code of the component jQuery. The manipulation leads to cross site scripting. This vulnerability was named CVE-2019-11358. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-5249 | PHPGurukul News Portal Project 4.1 /admin/add-category.php Category sql injection

Vuldb Updates
7 months 2 weeks ago
A vulnerability has been found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-category.php. The manipulation of the argument Category leads to sql injection. This vulnerability is known as CVE-2025-5249. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-52588 | Strapi up to 4.25.1 Webhooks URL server-side request forgery (GHSA-v8wj-f5c7-pvxf)

Vuldb Updates
7 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in Strapi up to 4.25.1. Affected by this issue is some unknown functionality of the component Webhooks URL Handler. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2024-52588. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-46570 | vLLM up to 0.8.x TTFT timing discrepancy (GHSA-4qjh-9fv9-r85r)

Vuldb Updates
7 months 2 weeks ago
A vulnerability was found in vLLM up to 0.8.x and classified as problematic. Affected by this issue is some unknown functionality of the component TTFT Handler. The manipulation leads to observable timing discrepancy. This vulnerability is handled as CVE-2025-46570. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-46722 | vLLM up to 0.8.x hasher.py MultiModalHasher improper validation of consistency within input (GHSA-c65p-x677-fgj6)

Vuldb Updates
7 months 2 weeks ago
A vulnerability classified as problematic has been found in vLLM up to 0.8.x. Affected is the function MultiModalHasher of the file vllm/multimodal/hasher.py. The manipulation leads to improper validation of consistency within input. This vulnerability is traded as CVE-2025-46722. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-32752 | Dell ThinOS up to 2502 cleartext storage (dsa-2025-225)

Vuldb Updates
7 months 2 weeks ago
A vulnerability has been found in Dell ThinOS up to 2502 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cleartext storage of sensitive information. This vulnerability was named CVE-2025-32752. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad