Aggregator

Одни ликуют, другие кусают локти — и вот почему.

A vulnerability classified as critical has been found in auth0 passport-wsfed-saml2 up to 4.6.3. Affected is an unknown function of the component SAML2 Authentication. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-46573. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SeaCMS 13.3. It has been rated as critical. This issue affects some unknown processing of the file admin_comment_news.php. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-44073. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Crestron Automate VX up to 6.4.0.49. It has been declared as problematic. This vulnerability affects unknown code of the component Network API. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-47418. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Autorize is an open-source Burp Suite extension that checks if users can access things they shouldn’t. It runs automatic tests to help security testers find authorization problems. Autorize installation To use Autorize, you’ll need Burp Suite and Jython. Here’s how to set it up: Download Burp Suite Download Jython Open burp > Extender > Options > Python Environment > Select File > Choose the Jython standalone JAR Install Autorize from the BApp Store or download … More →

The post Autorize: Burp Suite extension for automatic authorization enforcement detection appeared first on Help Net Security.

A vulnerability was found in IBM i 7.2/7.3/7.4/7.5/7.6. It has been classified as critical. This affects an unknown part of the component Netserver. The manipulation leads to improper certificate validation. This vulnerability is uniquely identified as CVE-2025-3218. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Milesightが提供するUG65-868M-EAには、ブートコードがコピーされる揮発性メモリに対するアクセス制御が不適切な脆弱性が存在します。

BrightSignが提供するBrightsignプレーヤーには、不要な権限での実行の脆弱性が存在します。

SQCTF2025-Crypto-WP

没必要为了某个「新范式」去创业。

Employees are feeling heightened concerns around the use of technology to enhance productivity, as well as job dissatisfaction and a lack of motivation at work. In fact, 30% of employees who use GenAI tools at work worry their job may be cut and 27% experience AI-fueled imposter syndrome, saying they don’t want people to question their ability, according to Ivanti. “Ivanti’s research shows that employees continue to want greater autonomy over their work lives and … More →

The post 1 in 3 workers keep AI use a secret appeared first on Help Net Security.

A vulnerability has been found in McAfee Endpoint Security up to 10.7.0 and classified as critical. This vulnerability affects unknown code. The manipulation leads to improper authentication. This vulnerability was named CVE-2020-7276. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Netgear D3600, D6000, EX3700, EX3800, EX6000, EX6100, EX6120, EX6130, EX6150v1, EX6200, EX7000 and WN2500RPv2. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2019-20691. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Netgear GS728TP, GS728TPPv2, GS728TPv2, GS752TPP and GS752TPv2. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2019-20694. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Netgear D3600, D6000, D7800, DM200, R7500v2, R7800, R8900, R9000, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50, RBS40, WN3000RPv2, WN3000RPv3, WN3100RPv2, WNDR4300v2, WNDR4500v3 and WNR2000v5. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting (Stored). This vulnerability is handled as CVE-2019-20714. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Netgear D3600, D6000, D6100, D7800, DM200, R7500v2, R7800, RBK50, RBR50 and RBS50. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). This vulnerability is uniquely identified as CVE-2019-20715. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Netgear D6100, D7800, JNR1010v2, JWNR2010v5, RBK50, RBR50, RBS50, R6020, R6080, R6100, R6120, R6700v2, R6800, R6900v2, R7500v2, R7800, R9000, WN3000RPv2, WN3000RPv3, WNDR3700v4, WNDR3700v5, WNDR4300v1, WNDR4300v2, WNDR4500v3, WNR1000v4, WNR2000v5, WNR2020 and WNR2050. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting (Stored). This vulnerability is handled as CVE-2019-20738. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Netgear DGN2200v4, DGND2200Bv4, R7300, R8300 and R8500. This vulnerability affects unknown code. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2019-20740. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Netgear WAC510 2.1.7/5.0.0.17/5.0.5.4/5.0.10.2/5.6.8.3. Affected is an unknown function. The manipulation leads to basic cross site scripting (Stored). This vulnerability is traded as CVE-2019-20742. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

投稿送端午礼盒啦~