Aggregator

A vulnerability has been found in Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Apache Commons FileUpload. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2019-11358. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Become a Cyber Advisor consultant and provide hands-on security advice tailored for SMEs.

A vulnerability was found in php-parser 3.2.1. It has been classified as problematic. This affects the function lib.combine. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is uniquely identified as CVE-2024-57071. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in xe-utils 3.5.31. It has been rated as problematic. Affected by this issue is the function lib.merge. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is handled as CVE-2024-57074. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in eazy-logger 4.0.1. This affects the function lib.Logger. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is uniquely identified as CVE-2024-57075. The attack can only be done within the local network. There is no exploit available.

A vulnerability classified as problematic was found in ajax-request 1.2.3. This vulnerability affects the function lib.post. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability was named CVE-2024-57076. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in expand-object 0.4.2. Affected by this issue is the function lib. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is handled as CVE-2024-57069. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in module-from-string 3.3.1 and classified as problematic. This issue affects the function lib.requireFromString. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The identification of this vulnerability is CVE-2024-57072. The attack can only be done within the local network. There is no exploit available.

Okta says over 46% of new customer registrations are bot-driven fraud attempts

Unknown threat actors have been distributing a trojanized version of SonicWall's SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. "NetExtender enables remote users to securely connect and run applications on the company network," SonicWall researcher Sravan Ganachari said. "Users can upload and download files, access network drives, and use

A vulnerability was found in Microsoft Internet Explorer 7/8 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. This vulnerability is handled as CVE-2013-3149. The attack can only be initiated within the local network. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Перепрошить иммунитет? Уже можно. Звучит как что-то из киберпанка — но это медицина 2025.

A vulnerability classified as problematic has been found in Microsoft Windows. This affects an unknown part of the component Scripting Engine. The manipulation leads to type confusion. This vulnerability is uniquely identified as CVE-2025-30397. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

保护个人信息权益，防范违规信息生成

外部攻击者可向企业提交工单暗藏攻击指令

A vulnerability was found in Microsoft Internet Explorer 9. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to code injection. This vulnerability was named CVE-2013-3150. The attack needs to be initiated within the local network. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A clean login flow does more than protect your data—it keeps every metric on your dashboard trustworthy. Discover how authentication choices go through attribution, segmentation and forecasting. Learn which secure-login practices deliver the biggest lift in reporting accuracy for lean marketing teams.

The post How Secure Login Enhances the Accuracy of Your Marketing Dashboards appeared first on Security Boulevard.

A vulnerability was found in Microsoft Internet Explorer 8/9/10. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to code injection. The identification of this vulnerability is CVE-2013-3151. Access to the local network is required for this attack. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in HPE iLO 4 up to 2.52. It has been declared as very critical. This vulnerability affects unknown code. The manipulation leads to improper privilege management. This vulnerability was named CVE-2017-12542. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket, the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm accounts. These packages have been collectively downloaded over 4,000 times. The complete list of the JavaScript