Aggregator

研究人员发现CyberArk和HashiCorp的企业安全产品存在14个高危漏洞（统称为Vault Fault），包括身份验证绕过、权限提升和远程代码执行等。这些漏洞可能导致攻击者无需有效凭证即可控制企业系统并窃取敏感数据。相关厂商已发布补丁修复这些问题。

Submit #625918 / VDB-319318

Submit #625917 / VDB-319317

Submit #625799 / VDB-319316

Submit #625795 / VDB-319315

Submit #625794 / VDB-319314

Submit #625788 / VDB-319313

Submit #625777 / VDB-319312

沉浸式翻译因快照功能缺陷导致大量敏感数据泄露至互联网。用户生成的翻译快照未受保护,搜索引擎可直接抓取,暴露隐私信息如加密货币钱包私钥及商业合同等。建议用户检查数据泄露风险并采取补救措施,防止进一步损失。

Explore cutting-edge identity strategies for secure access, including passwordless authentication, adaptive access control, and decentralized identity. Learn how to enhance your organization's security posture.

The post Mastering Identity Modern Strategies for Secure Access appeared first on Security Boulevard.

文章探讨了身份访问管理（IAM）的演变与未来趋势，从传统密码到现代无密码认证、自适应访问控制、区块链身份、微服务安全及AI驱动的安全措施等技术发展，并强调了合规性与应对新兴威胁的重要性。

Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all. This affects a legitimate feature. The cause of the issue is an insecure database configuration established by the user.

A vulnerability classified as problematic has been found in Imagination Graphics DDK up to 1.15 RTM/1.17 RTM/1.18 RTM/24.3 RTM/25.1 RTM0. This affects an unknown part of the component Trusted Execution Environment. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is uniquely identified as CVE-2025-6573. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Imagination Graphics DDK up to 1.15 RTM/1.17 RTM/1.18 RTM/25.1 RTM1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-46709. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Craft CMS up to 4.16.2/5.8.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /storage/backups. The manipulation leads to code injection. This vulnerability is known as CVE-2025-54417. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in CybercentreCanada assemblyline up to 4.6.1.dev137. It has been classified as critical. Affected is an unknown function of the file task_handler.py. The manipulation leads to relative path traversal. This vulnerability is traded as CVE-2025-55013. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in oakserver oak up to 17.1.5 and classified as problematic. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument x-forwarded-proto/x-forwarded-for leads to resource consumption. The identification of this vulnerability is CVE-2025-55152. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in fedify up to 1.8.4 and classified as critical. This vulnerability affects unknown code. The manipulation leads to improper authentication. This vulnerability was named CVE-2025-54888. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in ulab-uiuc tiny-scientist up to 0.1.1. This affects the function review_paper of the file backend/app.py of the component PDF File Handler. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2025-55149. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in workos authkit-remix up to 0.14.x. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-55009. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.