Aggregator

Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse

The Hackers News
11 months 1 week ago
Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull private Google Artifact
The Hacker News

U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog

Security Affairs
11 months 1 week ago
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Tomcat path equivalence vulnerability, tracked as CVE-2025-24813, to its Known Exploited Vulnerabilities (KEV) catalog. The Apache Tomcat vulnerability CVE-2025-24813 was recently disclosed and is being actively exploited just 30 […]
Pierluigi Paganini

CVE-2025-3122 | WebAssembly wabt 1.0.36 binary-reader-interp.cc BeginFunctionBody null pointer dereference (Issue 2565)

VulDB Recent Entries
11 months 1 week ago
A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-3122. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-3120 | SourceCodester Apartment Visitors Management System 1.0 /add-apartment.php apartmentno sql injection

VulDB Recent Entries
11 months 1 week ago
A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument apartmentno leads to sql injection. The identification of this vulnerability is CVE-2025-3120. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.
vuldb.com

CVE-2025-3119 | SourceCodester Online Tutor Portal 1.0 manage_course.php ID sql injection

VulDB Recent Entries
11 months 1 week ago
A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /tutor/courses/manage_course.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-3119. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-3118 | SourceCodester Online Tutor Portal 1.0 view_course.php ID sql injection

VulDB Recent Entries
11 months 1 week ago
A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been classified as critical. This affects an unknown part of the file /tutor/courses/view_course.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-3118. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

Travelers Cyber Risk Services reduces the risk of a cyberattack

Help Net Security
11 months 1 week ago

The Travelers Companies announced Travelers Cyber Risk Services, a suite of capabilities added to all cyber liability policies designed to help lower both the risk of a cyberattack and the cost to recover from one. In addition to always-on threat monitoring and tailored alerts, key benefits of Travelers Cyber Risk Services include: Cyber Risk Dashboard: This 24/7 tool gives consumers the ability to monitor risks and track progress over time, view customized recommendations ranked by … More →

The post Travelers Cyber Risk Services reduces the risk of a cyberattack appeared first on Help Net Security.

Industry News

Managed ad