Submit #631082: https://www.tduckcloud.com/ tduck-platform commit 5ed0acf Improper Authentication [Duplicate]
Submit #631082 / VDB-319261
Aggregator
CVE-2024-57154 | dts-shop 0.0.1-SNAPSHOT /admin/auth/index access control
1 day 11 hours ago
A vulnerability identified as critical has been detected in dts-shop 0.0.1-SNAPSHOT. Impacted is an unknown function of the file /admin/auth/index. This manipulation causes improper access controls.
This vulnerability is registered as CVE-2024-57154. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2025-43757 | Liferay Portal/DXP cross site scripting
1 day 11 hours ago
A vulnerability categorized as problematic has been discovered in Liferay Portal and DXP. This issue affects some unknown processing. The manipulation of the argument _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_definition results in cross site scripting.
This vulnerability is cataloged as CVE-2025-43757. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-43746 | Liferay Portal/DXP cross site scripting
1 day 11 hours ago
A vulnerability was found in Liferay Portal and DXP. It has been rated as problematic. This vulnerability affects unknown code. The manipulation of the argument _com_Liferay_dynamic_data_mapping_web_portlet_DDMPortlet_portletNamespace/_com_Liferay_dynamic_data_mapping_web_portlet_DDMPortlet_namespace leads to cross site scripting.
This vulnerability is listed as CVE-2025-43746. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2025-5115 | Eclipse Jetty resource consumption (EUVD-2025-25397 / WID-SEC-2025-1830)
1 day 11 hours ago
A vulnerability was found in Eclipse Jetty up to 9.4.57/10.0.25/11.0.25/12.0.21/12.1.0.alpha2. It has been declared as problematic. This affects an unknown part. Executing manipulation can lead to resource consumption.
This vulnerability is tracked as CVE-2025-5115. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2024-57152 | WinterChenS my-site 1.0.2 preHandle access control (Issue 92)
1 day 11 hours ago
A vulnerability was found in WinterChenS my-site 1.0.2. It has been classified as critical. Affected by this issue is the function preHandle. Performing manipulation results in improper access controls.
This vulnerability is identified as CVE-2024-57152. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2025-50902 | old-peanut Open-Shop up to 1.0.0 HTTP POST Message cross-site request forgery
1 day 11 hours ago
A vulnerability was found in old-peanut Open-Shop up to 1.0.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP POST Message Handler. Such manipulation leads to cross-site request forgery.
This vulnerability is referenced as CVE-2025-50902. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
Russian State Hackers Exploit 7-Year-Old Cisco Router Vulnerability
1 day 11 hours ago
FBI and Cisco warn Russian hackers are exploiting a 7-year-old Cisco Smart Install vulnerability on outdated routers and…
Waqas
Google Unveils Enhanced Features to Empower Defenders and Strengthen AI Security
1 day 11 hours ago
Google Cloud has announced a suite of advanced security enhancements at the 2025 Security Summit, aimed at fortifying AI ecosystems and leveraging artificial intelligence to elevate organizational defenses. These updates focus on proactive vulnerability detection, automated threat intelligence processing, and workload optimization for security teams. Central to the announcements is the expansion of Security Command […]
The post Google Unveils Enhanced Features to Empower Defenders and Strengthen AI Security appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
Life in the Swimlane with Ryan Knauer, Principal Site Reliability Engineer
1 day 12 hours ago
The post Life in the Swimlane with Ryan Knauer, Principal Site Reliability Engineer appeared first on AI Security Automation.
The post Life in the Swimlane with Ryan Knauer, Principal Site Reliability Engineer appeared first on Security Boulevard.
Maycie Belmore
Google Pixel 10 发布|自研芯片+端侧模型,谷歌抢发了完全体的「Apple 智能」
1 day 12 hours ago
谷歌的 AI 硬件棋局,落子 Tensor G5
The Ultimate Guide to Endpoint Security Management in 2025
1 day 12 hours ago
This post first appeared on blog.netwrix.com and was written by Jeremy Moskowitz.
Endpoint security management ensures visibility, control, and protection across diverse devices in hybrid environments. It integrates policy-driven automation, patching, and conditional access to reduce risk and enforce compliance. Unified Endpoint Management and Zero Trust frameworks enable scalable, centralized defense against evolving threats and operational disruptions. Introduction to Endpoint Security Management Today, organizations operate beyond the … Continued
Endpoint security management ensures visibility, control, and protection across diverse devices in hybrid environments. It integrates policy-driven automation, patching, and conditional access to reduce risk and enforce compliance. Unified Endpoint Management and Zero Trust frameworks enable scalable, centralized defense against evolving threats and operational disruptions. Introduction to Endpoint Security Management Today, organizations operate beyond the … Continued
Jeremy Moskowitz
HPE security advisory (AV25-534)
1 day 12 hours ago
Canadian Centre for Cyber Security
FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw
1 day 12 hours ago
In the past year, "Static Tundra," aka "Energetic Bear," has breached thousands of end-of-life Cisco devices unpatched against a 2018 flaw, in a campaign targeting enterprises and critical infrastructure.
Jai Vijayan, Contributing Writer
What is an AI Bill of Materials (AI BOM)?
1 day 12 hours ago
Learn how to create and automate an AI BOM.
The post What is an AI Bill of Materials (AI BOM)? appeared first on Security Boulevard.
Mend.io Team
Phishing in 2025: Smarter Threats, Smarter Defense
1 day 12 hours ago
ManagedMethods recently hosted a webinar on one of the most pressing issues in K–12 cybersecurity: phishing. While schools have been targets for years, 2025 feels different. Attackers are evolving faster than ever, and traditional email security filters are falling behind. The upside? AI-powered defenses are emerging to give districts a fighting chance. Here’s a recap ...
The post Phishing in 2025: Smarter Threats, Smarter Defense appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.
The post Phishing in 2025: Smarter Threats, Smarter Defense appeared first on Security Boulevard.
Alexa Sander
Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300)
1 day 12 hours ago
Apple has fixed yet another vulnerability (CVE-2025-43300) that has apparently been exploited as a zero-day “in an extremely sophisticated attack against specific targeted individuals.” About CVE-2025-43300 CVE-2025-43300 is an out-of-bounds write issue that could be triggered by a vulnerable device processing a malicious image file, leading to exploitable memory corruption. The vulnerability affects the Image I/O framework used by Apple’s iOS and macOS operating systems. Apple has fixed this flaw with improved bounds checking in: … More →
The post Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300) appeared first on Help Net Security.
Zeljka Zorz
Apple security advisory (AV25-533)
1 day 12 hours ago
Canadian Centre for Cyber Security
Nitrogen
1 day 12 hours ago
You must login to view this content
cohenido
Думали, что измерить ампер, вольт и ом в одном приборе невозможно? Физики из NIST создали то, что искали 100 лет
1 day 12 hours ago
Учёные создали устройство, которое оставит классические стандарты в прошлом.