Aggregator

CVE-2025-8573 | Concrete CMS up to 9.4.2 on Members Members Dashboard Page information disclosure

VulDB Recent Entries
4 months 3 weeks ago
A vulnerability was found in Concrete CMS CMS up to 9.4.2 on Members. It has been rated as problematic. This issue affects some unknown processing of the component Members Dashboard Page. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2025-8573. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-32430 | xwiki-platform up to 16.4.7/16.10.5/17.2.x cross site scripting (GHSA-m9x4-w7p9-mxhx)

VulDB Recent Entries
4 months 3 weeks ago
A vulnerability was found in xwiki-platform up to 16.4.7/16.10.5/17.2.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-32430. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-6994 | Reveal Listing Plugin up to 3.3 on WordPress listing_user_role privileges management

Vuldb Updates
4 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in Reveal Listing Plugin up to 3.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument listing_user_role leads to improper privilege management. This vulnerability is handled as CVE-2025-6994. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-7498 | Exclusive Addons for Elementor Plugin 2.7.9.4 on WordPress Countdown Widget cross site scripting

Vuldb Updates
4 months 3 weeks ago
A vulnerability has been found in Exclusive Addons for Elementor Plugin 2.7.9.4 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Countdown Widget. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-7498. The attack can be initiated remotely. There is no exploit available.
vuldb.com

CVE-2025-54876 | JanssenProject jans up to 1.9.0 cli_cmd.log insufficiently protected credentials (GHSA-2f4x-m695-jvp3)

VulDB Recent Entries
4 months 3 weeks ago
A vulnerability has been found in JanssenProject jans up to 1.9.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cli_cmd.log. The manipulation leads to insufficiently protected credentials. This vulnerability is known as CVE-2025-54876. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-54125 | xwiki-platform up to 16.4.6/16.10.4/17.1.x templates/xml.vm exposure of private personal information to an unauthorized actor (GHSA-57q2-6cp4-9mq3)

VulDB Recent Entries
4 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in xwiki-platform up to 16.4.6/16.10.4/17.1.x. Affected is an unknown function of the file templates/xml.vm. The manipulation leads to exposure of private personal information to an unauthorized actor. This vulnerability is traded as CVE-2025-54125. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

AI in the SOC: Game-changer or more noise?

Help Net Security
4 months 3 weeks ago

In this Help Net Security video, Kev Marriott, Senior Manager of Cyber at Immersive Labs, explores the challenges and opportunities of integrating AI into Security Operations Centers (SOCs). While AI can boost productivity by automating manual tasks and reducing alert fatigue, Kev emphasizes that human expertise remains critical for contextual analysis, incident response, and threat hunting. He cautions against over-reliance on AI, highlights potential risks, including standardization, misconfigurations, and evolving threat actor tactics, and urges … More →

The post AI in the SOC: Game-changer or more noise? appeared first on Help Net Security.

Help Net Security

CVE-2025-54124 | xwiki-platform up to 16.4.6/16.10.4/17.1.x Password Hash exposure of private personal information to an unauthorized actor (GHSA-r38m-cgpg-qj69)

VulDB Recent Entries
4 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in xwiki-platform up to 16.4.6/16.10.4/17.1.x. This issue affects some unknown processing of the component Password Hash Handler. The manipulation leads to exposure of private personal information to an unauthorized actor. The identification of this vulnerability is CVE-2025-54124. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

全球视野下的合规之道:携程海外数据安全管理实践

信息安全知识库
4 months 3 weeks ago
本文链接


出海成为众多国内企业实现业绩新增长曲线的选择,然而随着数据的重要性提升,法律及监管关注度也在增强,携程作为在线旅行行业较早布局海外业务的企业,在海外数据安全合规风险上也有所积累。本次演讲将分享携程海外数据安全合规风险管理的思路和经验,希望能给相关出海企业企业带来一些合规实践上的启示。

演讲提纲

  1. 出海面临的数据安全合规挑战

法律法规近些年主要变化及监管挑战 从数据视角深度剖析出海合规风险 2. 携程应对策略及实践

携程的海外合规整体策略设计 如何通过GRC平台形成风险管理闭环 如何保障旗下Trip.com产品的隐私合规 3. 海外数据安全合规未来展望和应对思考

实践痛点

合规风险管理线上化需要建立在标准化的风险管理、优秀的产品设计、合理的内部运营流程等基础上,才能实现控制域的完备性、控制方法的准确性、关键控制的有效性、审计覆盖的充分性等关键指标。

演讲亮点

结合合规实战介绍部分法域的合规挑战 介绍携程自研GRC(Governance, Risk and Compliance )平台如何融合监管情报、外规内化、审计整改等多个治理环节,解决出海过程中面临多法域、多品牌的风险管理挑战 听众收益

帮助了解现有海外数据安全相关合规的整体风险态势 帮助了解标准化及线上化在多法域数据安全合规风险管理中的价值

CVE-2025-48075 | gofiber 2.52.6 fiber.Ctx.BodyParser array index (Duplicate CVE-2025-54801 / GHSA-hg3g-gphw-5hhm)

Vuldb Updates
4 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in gofiber fiber 2.52.6. Affected is the function fiber.Ctx.BodyParser. The manipulation leads to improper validation of array index. This vulnerability is traded as CVE-2025-48075. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component. It looks like this entry got a duplicate CVE-2025-54801 assigned.
vuldb.com

Managed ad