Aggregator

CVE-2022-32221 | Oracle MySQL Server up to 5.7.40/8.0.31 Packaging exposure of resource (Nessus ID 211079)

Vuldb Updates
15 hours 36 minutes ago
A vulnerability, which was classified as very critical, was found in Oracle MySQL Server up to 5.7.40/8.0.31. This impacts an unknown function of the component Packaging. The manipulation results in exposure of resource. This vulnerability is identified as CVE-2022-32221. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2022-43551 | cURL HSTS cleartext transmission (FEDORA-2022-d7ee33d4ad / Nessus ID 211153)

Vuldb Updates
15 hours 36 minutes ago
A vulnerability labeled as problematic has been found in cURL. Affected is an unknown function of the component HSTS Handler. The manipulation results in cleartext transmission of sensitive information. This vulnerability is cataloged as CVE-2022-43551. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2022-43551 | Apple macOS up to 13.2.1 curl cleartext transmission (HT213670 / Nessus ID 211153)

Vuldb Updates
15 hours 36 minutes ago
A vulnerability labeled as problematic has been found in Apple macOS up to 13.2.1. This affects an unknown part of the component curl. Such manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2022-43551. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2022-43551 | Oracle MySQL Server up to 5.7.41/8.0.32 Packaging information disclosure (Nessus ID 211153)

Vuldb Updates
15 hours 36 minutes ago
A vulnerability identified as critical has been detected in Oracle MySQL Server up to 5.7.41/8.0.32. Affected by this vulnerability is an unknown functionality of the component Packaging. The manipulation leads to information disclosure. This vulnerability is referenced as CVE-2022-43551. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

Survey: Most Security Incidents Involve Identity Attacks

Security Boulevard
15 hours 40 minutes ago

A survey of 512 cybersecurity professionals finds 76% report that over half (54%) of the security incidents that occurred in the past 12 months involved some issue relating to identity management. Conducted by Permiso Security, a provider of an identity security platform, the survey also finds 95% are either very confident (52%) or somewhat confident..

The post Survey: Most Security Incidents Involve Identity Attacks appeared first on Security Boulevard.

Michael Vizard

CVE-2025-48957:AstrBot AI路径遍历与认证绕过后端调用链深度解析

先知技术社区
15 hours 58 minutes ago
漏洞简介AstrBot 是一款大型语言模型聊天机器人和开发框架。在 3.4.4 至 3.5.12 版本中存在一个路径遍历漏洞,可能导致信息泄露,例如泄露大语言模型提供商的 API 密钥、账户密码及其他敏感数据漏洞影响评分:7.5(高危)版本:3.4.4 <=,<3.5.12漏洞分析前端请求攻击者构造恶意请求包后端调用链外网可访问,且端口固定为6185在这里:如果请求路径恰好匹配 /ap

CVE-2019-12749 | dbus up to 1.10.27/1.12.15/1.13.11 /.dbus-keyrings improper authentication (RHSA-2019:1726 / Nessus ID 266270)

Vuldb Updates
16 hours 1 minute ago
A vulnerability has been found in dbus up to 1.10.27/1.12.15/1.13.11 and classified as critical. This affects an unknown part of the file /.dbus-keyrings. The manipulation leads to improper authentication. This vulnerability is documented as CVE-2019-12749. The attack needs to be performed locally. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2022-35737 | SQLite 3.39.0/3.39.1 C API array index (Nessus ID 236624)

Vuldb Updates
16 hours 1 minute ago
A vulnerability marked as critical has been reported in SQLite 3.39.0/3.39.1. This affects an unknown part of the component C API. The manipulation leads to improper validation of array index. This vulnerability is traded as CVE-2022-35737. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2022-35737 | Oracle Communications Convergent Charging Controller 6.0.1.0.0/12.0.1.0.0/12.0.5.0.0 Common denial of service (Nessus ID 236624)

Vuldb Updates
16 hours 1 minute ago
A vulnerability was found in Oracle Communications Convergent Charging Controller 6.0.1.0.0/12.0.1.0.0/12.0.5.0.0 and classified as critical. This vulnerability affects unknown code of the component Common. Executing a manipulation can lead to denial of service. This vulnerability is registered as CVE-2022-35737. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2022-35737 | Oracle Communications Network Charging and Control 6.0.1.0.0/12.0.1.0.0/12.0.5.0.0 Common denial of service (Nessus ID 236624)

Vuldb Updates
16 hours 1 minute ago
A vulnerability was found in Oracle Communications Network Charging and Control 6.0.1.0.0/12.0.1.0.0/12.0.5.0.0. It has been rated as critical. The affected element is an unknown function of the component Common. This manipulation causes denial of service. This vulnerability appears as CVE-2022-35737. The attack may be initiated remotely. There is no available exploit.
vuldb.com

Managed ad