Aggregator

CVE-2025-6509 | seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71 SimpleController.java echo Name cross site scripting (EUVD-2025-18896)

VulDB Recent Entries
7 months 3 weeks ago
A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross site scripting. This vulnerability is known as CVE-2025-6509. The attack can be launched remotely. Furthermore, there is an exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
vuldb.com

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

Security Affairs
7 months 3 weeks ago
UK’s Cyber Monitoring Centre (CMC) labels Marks & Spencer and Co-op cyberattacks a Category 2 event, estimating financial impact at £270M–£440M. The Cyber Monitoring Centre (CMC) has labeled the recent cyberattacks on Marks & Spencer and Co-op as a Category 2 systemic event, estimating losses between £270M and £440M. In early May, the attackers behind […]
Pierluigi Paganini

Bill Gates 和 Linus Torvalds 首次同框

Solidot
7 months 3 weeks ago
Windows 和 Linux 世界的两大巨头此前从未在现实世界里见过面。最近 Sysinternals 创始人 Mark Russinovich 举办的一个晚宴上,Linux 内核作者 Linus Torvalds 和微软联合创始人 Bill Gates 首次同框。照片中共有四个人,其他两人是 Sysinternals 联合创始人、现微软云计算平台 Azure CTO Russinovich,他在 1990 年代后期开发了一组工具 Process Explorer、Autoruns 和 Procmon,对管理员和安全专业人士理解 Windows 内部机制产生了革命性影响。另外一人是 OpenVMS 核心开发者、Windows NT 内核和硬件抽象层的首席架构师,被誉为 Windows NT 之父的 Dave Cutler。Russinovich 在发布照片时开玩笑的说,他们并没有做出重要的内核决策。

CVE-2002-0644 | Microsoft SQL Server 2000 DBCC memory corruption (MS02-038 / EDB-21650)

Vuldb Updates
7 months 3 weeks ago
A vulnerability classified as critical was found in Microsoft SQL Server 2000. Affected by this vulnerability is an unknown functionality of the component DBCC. The manipulation leads to memory corruption. This vulnerability is known as CVE-2002-0644. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2015-0318 | Adobe Flash Player up to 16.0.0.296 memory corruption (APSB15-04 / EDB-36420)

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in Adobe Flash Player up to 16.0.0.296. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2015-0318. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2019-11358 | Oracle Financial Services Asset Liability Management 8.0.4/8.0.5/8.0.6/8.0.7 jQuery cross site scripting (EDB-52141 / Nessus ID 208606)

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in Oracle Financial Services Asset Liability Management 8.0.4/8.0.5/8.0.6/8.0.7 and classified as critical. This issue affects some unknown processing of the component jQuery. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2019-11358. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

Microsoft Family Safety Now Blocking All Versions of Google Chrome

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
7 months 3 weeks ago

In a development that has left students, parents, and educators frustrated, Microsoft’s Family Safety feature is now blocking all versions of Google Chrome from launching on Windows devices. The issue, which first surfaced in early June, has persisted for over two weeks without an official fix or comment from Microsoft, raising concerns about both digital […]

The post Microsoft Family Safety Now Blocking All Versions of Google Chrome appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

CVE-2017-7089 | Apple iOS up to 10.3.2 WebKit Universal cross site scripting (HT208112 / EDB-45866)

Vuldb Updates
7 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in Apple iOS up to 10.3.2. Affected is an unknown function of the component WebKit. The manipulation leads to cross site scripting (Universal). This vulnerability is traded as CVE-2017-7089. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes’ Data from Saudi Games

Security Affairs
7 months 3 weeks ago
Cyber Fattah leaked thousands of records on athletes and visitors from past Saudi Games, per U.S.-based cybersecurity firm Resecurity. Resecurity (USA) identified the threat actors associated with the “Cyber Fattah” movement leaked thousands of records containing information about visitors and athletes from past Saudi Games, one of the major sports events in the Kingdom. The […]
Pierluigi Paganini

CVE-2002-0649 | Microsoft SQL Server 2000 Resolution Service memory corruption (VU#399260 / EDB-16393)

Vuldb Updates
7 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Microsoft SQL Server 2000. This affects an unknown part of the component Resolution Service. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2002-0649. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Former JBLM Soldier Admits Attempting to Leak U.S. Military Network Details to China

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
7 months 3 weeks ago

 A former U.S. Army sergeant who served at Joint Base Lewis-McChord (JBLM) in Washington has pleaded guilty to federal charges after admitting he tried to deliver sensitive military secrets to Chinese authorities.  Joseph Daniel Schmidt, 31, entered his plea in U.S. District Court in Seattle, acknowledging two felonies: attempting to deliver national defense information and […]

The post Former JBLM Soldier Admits Attempting to Leak U.S. Military Network Details to China appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

梆梆安全鸿蒙应用加固双路径发布:源码级与二进制级精准防护

嘶吼
7 months 3 weeks ago

随着鸿蒙生态的高速发展,其应用承载的核心业务价值持续攀升,吸引了全球不法分子的针对性研究与攻击。鸿蒙应用面临的逆向分析、代码窃取、二次打包、模拟运行及调试攻击等风险随之加剧。作为开发企业,必须部署有效防护,而非让应用“裸奔”发布,同时应结合自身实际需求,选择合适的加固服务路径。

梆梆安全依托十余年移动安全技术积淀,推出覆盖鸿蒙应用开发全周期的双路径加固方案。方案涵盖 “源码级加固” 与 “二进制级加固” 两种成熟且独立的加固技术路径,客户可根据项目阶段灵活适配。

路径一:源码级加固

(简称源到源加固,推荐开发阶段使用)

适用场景:需从源代码层面对应用进行深度保护的场景

·自主研发,具备应用全部源代码

·需要高强度加固,充分保护核心代码安全

·充分保护知识产权,含核心算法、专利代码等模块

技术实现

·在DevEco Studio中自动混淆ArkTS/TS/C++源码

·输出已加固源码供编译打包

效率与优势

·插件化自动完成,零代码改造

·与CI/CD流水线无缝集成

·最高保护强度,源代码级深度耦合安全防护因子,抗单点绕过、破解

路径二:二进制级加固

(简称ABC加固,推荐发布阶段使用)

适用场景:可以直接对已编译的应用文件进行加固的场景

·没有应用源代码(如委托第三方开发、研发与加固实施环境,其他没有源代码的场景)

·希望一键式快速处置,无使用门槛

·不依赖开发人员生产环境和工具

技术实现

·直接对.abc文件进行字节码加密、

·输出受保护的二进制文件

·支持提交.hap、.app直接进行加固处理

效率与优势

·一键式全自动加固处理,无学习和使用成本

·独立平台快速加固,不占用开发资源

·统一加固策略安全管控、审核

·与CI/CD流水线无缝集成

梆梆安全鸿蒙应用双路径加固方案核心价值在于其精准匹配鸿蒙应用全生命周期的差异化安全需求。企业可根据项目所处阶段、团队分工及具体安全等级要求,灵活选择最适合的路径,形成覆盖鸿蒙应用开发、测试到发布全过程的安全闭环。

展望未来,梆梆安全将持续深耕鸿蒙生态安全领域,不断升级产品核心能力,积极探索更智能、更轻量化的动态防御机制应对日益复杂的应用威胁,致力于为行业客户构建覆盖应用全生命周期的、前瞻性的安全防护体系,为鸿蒙应用的繁荣发展保驾护航。

梆梆安全

Managed ad