Aggregator

CVE-2023-37254 | Cargo Extension up to 1.39.3 on MediaWiki Special:CargoQuery cross site scripting (EUVD-2023-41174)

Vuldb Updates
3 months 1 week ago
A vulnerability was found in Cargo Extension up to 1.39.3 on MediaWiki. It has been classified as problematic. Impacted is an unknown function of the file Special:CargoQuery. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2023-37254. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

Your Android App Needs Scanning – Best Android App Vulnerability Scanner in 2026

Security Boulevard
3 months 1 week ago

Given the threat-dominating space we cannot escape, we need a game-changer that becomes the ultimate tool for protecting our Android app. Now, imagine your organisation’s application is used by hundreds and thousands of Android users, given that your flagship Android app is always running on it. How sure are you that your app security is […]

The post Your Android App Needs Scanning – Best Android App Vulnerability Scanner in 2026 appeared first on Kratikal Blogs.

The post Your Android App Needs Scanning – Best Android App Vulnerability Scanner in 2026 appeared first on Security Boulevard.

Puja Saikia

CVE-2025-71143 | Linux Kernel up to 6.6.119/6.12.63/6.18.3 clk exynos_clkout_probe hws[] initialization (WID-SEC-2026-0119)

Vuldb Updates
3 months 1 week ago
A vulnerability classified as critical was found in Linux Kernel up to 6.6.119/6.12.63/6.18.3. This affects the function exynos_clkout_probe of the component clk. Such manipulation of the argument hws[] leads to improper initialization. This vulnerability is documented as CVE-2025-71143. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-71141 | Linux Kernel up to 6.6.119/6.18.3 drm_kms_helper_poll_fini initialization (WID-SEC-2026-0119)

Vuldb Updates
3 months 1 week ago
A vulnerability described as critical has been identified in Linux Kernel up to 6.6.119/6.18.3. The affected element is the function drm_kms_helper_poll_fini. The manipulation results in improper initialization. This vulnerability is cataloged as CVE-2025-71141. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

连续四年获表彰!安全玻璃盒荣获CCIA“2025年度先进会员单位”,核心产品入选《网络安全专用产品指南》

嘶吼
3 months 1 week ago

近日,中国网络安全产业联盟(CCIA)正式公布“关于2025年度表彰先进的决定”。安全玻璃盒凭借在软件供应链安全领域的突出贡献和持续创新能力,荣获“2025年度先进会员单位”,连续四年获联盟表彰

中国网络安全产业联盟(CCIA)由中央网信办网络安全协调局指导,作为中国网络安全行业首个全国性产业联盟,联盟旨在聚合产业势能,营造良好产业发展环境,促进联盟会员创新发展、合作共赢,提升在网络安全领域的研发、制造和服务水平,推动网络安全产业做大做强,提升中国网络安全产业竞争力和国际话语权,维护用户网络安全和利益。

安全玻璃盒自加入中国网络安全产业联盟(CCIA)以来,充分发挥软件供应链安全领域的技术实力和领先优势,深度参与联盟各项工作,备受认可,积极配合CCIA开展网络安全技术与服务发展态势调研工作,多次上榜CCIA“中国网安产业潜力之星”,蝉联四届CCIA“网络安全优秀创新成果大赛”优秀奖项。近期,安全玻璃盒自主研发的核心产品安全玻璃盒开源软件安全分析系统SCA成功入选CCIA《网络安全专用产品指南》(第三版),进一步彰显了安全玻璃盒产品技术硬实力。

《网络安全专用产品指南》按照国家互联网信息办公室、工业和信息化部、公安部等部门联合发布的《网络关键设备和网络安全专用产品目录》编制而成,收录产品需符合国家强制性标准并通过权威机构检测认证,是行业筛选优质安全产品的重要参考。

未来,安全玻璃盒将以此荣誉为激励,持续在软件供应链安全领域深耕细作,助推国家网络安全产业高质量发展,为数字经济新时代发展贡献力量。

孝道科技

CVE-2023-37251 | GoogleAnalyticsMetrics Extension up to 1.39.3 on MediaWiki javascript URL cross site scripting (EUVD-2023-41171)

Vuldb Updates
3 months 1 week ago
A vulnerability was found in GoogleAnalyticsMetrics Extension up to 1.39.3 on MediaWiki. It has been declared as problematic. This vulnerability affects unknown code of the component javascript URL Handler. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2023-37251. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2023-37250 | Parsec Remote Desktop App on Windows Updater toctou (EUVD-2023-41170)

Vuldb Updates
3 months 1 week ago
A vulnerability categorized as critical has been discovered in Parsec Remote Desktop App on Windows. This impacts an unknown function of the component Updater. The manipulation results in time-of-check time-of-use. This vulnerability was named CVE-2023-37250. The attack needs to be approached locally. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2023-37237 | Veritas NetBackup Appliance up to 4.1.0.1 MR2 SSH permission (EUVD-2023-41157)

Vuldb Updates
3 months 1 week ago
A vulnerability, which was classified as critical, was found in Veritas NetBackup Appliance up to 4.1.0.1 MR2. Affected by this issue is some unknown functionality of the component SSH Handler. Such manipulation leads to permission issues. This vulnerability is referenced as CVE-2023-37237. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2023-37224 | Archer Platform up to 6.12.0.5 Log File information disclosure (EUVD-2023-41144)

Vuldb Updates
3 months 1 week ago
A vulnerability labeled as problematic has been found in Archer Platform up to 6.12.0.5. Affected by this issue is some unknown functionality of the component Log File Handler. Executing a manipulation can lead to information disclosure. This vulnerability is tracked as CVE-2023-37224. The attack is restricted to local execution. No exploit exists. The affected component should be upgraded.
vuldb.com

Product showcase: Penetration test reporting with PentestPad

Help Net Security
3 months 1 week ago

If you’ve done a pentest before, you know things can get messy fast. You start organized, but a few hours in, notes are scattered, screenshots have odd filenames, and small details get lost. PentestPad was built to help with that, not to change how you test, but to stop the chaos from slowing you down. Setting up a project is simple. You add the scope, list the assets, and include your team. That’s it. No … More →

The post Product showcase: Penetration test reporting with PentestPad appeared first on Help Net Security.

Help Net Security

Go 1.25.6 and 1.24.12 Patch Critical Vulnerabilities Lead to DoS and Memory Exhaustion Risks

Cyber Security News
3 months 1 week ago

The Go programming language team has rolled out emergency point releases, Go 1.25.6 and 1.24.12, to address six high-impact security flaws. These updates fix denial-of-service (DoS) vectors, arbitrary code execution risks, and TLS mishandlings that could expose developers to remote attacks. While not branded as version 1.26, the patches urge immediate upgrades for projects relying […]

The post Go 1.25.6 and 1.24.12 Patch Critical Vulnerabilities Lead to DoS and Memory Exhaustion Risks appeared first on Cyber Security News.

Guru Baran

中国应用商店下架“死了么”App

Solidot
3 months 1 week ago
最近一段时间病毒式传播的“死了么”App 在中国区应用商店下架,原因可能与名字有关,开发商最近几天正在征集新中文名。以苹果应用商店为例,中国区已经搜索不到“死了么”,但其它地区仍然可以搜索到,能正常下载,而且在位居付费排行榜前列。

Managed ad