Aggregator

A vulnerability, which was classified as critical, has been found in Oracle Communications Cloud Native Core Binding Support Function up to 23.1.7/23.2.2. This issue affects some unknown processing of the component Install/Upgrade. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2023-29491. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in Oracle Communications Cloud Native Core Policy up to 23.1.8/23.2.4. It has been classified as critical. This affects an unknown part of the component Install/Upgrade. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2023-29491. Attacking locally is a requirement. There is no exploit available.

A vulnerability was found in ncurses up to 6.3. It has been rated as problematic. This issue affects the function convert_strings of the file tinfo/read_entry.c. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2022-29458. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in ncurses 6.0/6.1/6.1-20191012/6.1.20180414. It has been declared as critical. This vulnerability affects unknown code of the file $HOME/.terminfo of the component Environment Variable Handler. The manipulation of the argument TERMINFO/TERM leads to memory corruption. This vulnerability was named CVE-2023-29491. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

文章介绍了一个黑客社区，旨在帮助新手成长为专家，并提供网络安全和网络项目的讨论。

美国网络安全机构CISA新增四个高危漏洞至已知被利用漏洞目录，涉及缓冲区溢出、命令注入、路径遍历和SSRF等类型。其中 CVE-2019-9621 被关联至中国背景的威胁行为者。同时，Citrix NetScaler ADC 存在内存泄露漏洞（CVE-2025-5777），可致敏感信息泄露。

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is as follows - CVE-2014-3931 (CVSS score: 9.8) - A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an

In this Help Net Security video, Art Poghosyan, CEO at Britive, explores the rise of agentic AI and its impact on identity security. As autonomous AI agents begin to think, act, and interact more like humans, traditional identity and access management models fall short. From zero-trust principles to just-in-time access and behavior-based controls, Poghosyan explains why traditional security approaches aren’t enough anymore and why agentic identity platforms are becoming a must-have.

The post Can your security stack handle AI that thinks for itself? appeared first on Help Net Security.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-07-08, 1 days ago. The vendor is given until 2025-11-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.5 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'PHP Hooligans / Midnight Blue' was reported to the affected vendor on: 2025-07-08, 1 days ago. The vendor is given until 2025-11-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'T. Doğa Gelişli' was reported to the affected vendor on: 2025-07-08, 1 days ago. The vendor is given until 2025-11-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L severity vulnerability discovered by 'wac' was reported to the affected vendor on: 2025-07-08, 1 days ago. The vendor is given until 2025-11-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Swagat' was reported to the affected vendor on: 2025-07-08, 1 days ago. The vendor is given until 2025-11-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Gert Keldermans & Nabeel Ahmed of NTT Belgium' was reported to the affected vendor on: 2025-07-08, 1 days ago. The vendor is given until 2025-11-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Вы уверены, что читаете учёных, а не ChatGPT?

推特创始人杰克多西推出基于蓝牙网状网络的点对点通讯应用 Bitchat，无需互联网即可工作。该应用通过蓝牙设备组网通信，消息加密存储本地并经中继节点传递。优点是去中心化、无审查问题；缺点是覆盖范围有限且需密集用户安装。未来将支持 Wi-Fi Direct 扩展覆盖范围。

Most organizations are exposing sensitive data through APIs without security controls in place, and they may not even realize it, according to Raidiam. Their report draws on a detailed assessment of 68 organizations across industries. It deliberately excludes regulated environments like UK Open Banking, where advanced security is mandated. The goal was to understand how typical businesses, those without regulatory pressure, are protecting their APIs. The results aren’t encouraging. Over 80% of organizations fell into … More →

The post CISOs urged to fix API risk before regulation forces their hand appeared first on Help Net Security.

A vulnerability, which was classified as critical, was found in codebreak 1.1.2. Affected is an unknown function of the file codebreak.php. The manipulation of the argument process_method leads to code injection. This vulnerability is traded as CVE-2007-1996. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Oracle Banking Cash Management 14.7.0.2.0/14.7.1.0.0. It has been classified as critical. Affected is an unknown function of the component Accessibility. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-2048. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Oracle Banking Supply Chain Finance 14.7.0.2.0/14.7.1.0.0 and classified as critical. This vulnerability affects unknown code of the component Security. The manipulation leads to denial of service. This vulnerability was named CVE-2022-2048. The attack can be initiated remotely. There is no exploit available.