Aggregator

CVE-2020-28196 | Oracle Communications Pricing Design Center 12.0.0.3.0 Kerberos denial of service

Vuldb Updates
1 month 2 weeks ago
A vulnerability was found in Oracle Communications Pricing Design Center 12.0.0.3.0 and classified as critical. Affected is an unknown function of the component Kerberos. The manipulation results in denial of service. This vulnerability is known as CVE-2020-28196. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2020-28196 | Oracle Communications Cloud Native Core Policy 1.14.0 denial of service

Vuldb Updates
1 month 2 weeks ago
A vulnerability classified as critical was found in Oracle Communications Cloud Native Core Policy 1.14.0. The impacted element is an unknown function of the component Policy. The manipulation results in denial of service. This vulnerability is known as CVE-2020-28196. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2019-19956 | libxml2 up to 2.9.9 parser.c xmlParseBalancedChunkMemoryRecover release of resource (USN-4274-1 / Nessus ID 233181)

Vuldb Updates
1 month 2 weeks ago
A vulnerability, which was classified as problematic, was found in libxml2 up to 2.9.9. Impacted is the function xmlParseBalancedChunkMemoryRecover of the file parser.c. The manipulation results in missing release of resource. This vulnerability is reported as CVE-2019-19956. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2025-13633 | Google Chrome up to 142.0.7444.175 Digital Credentials use after free (ID 458082 / EUVD-2025-200302)

Vuldb Updates
1 month 2 weeks ago
A vulnerability identified as critical has been detected in Google Chrome. Impacted is an unknown function of the component Digital Credentials. Performing manipulation results in use after free. This vulnerability is cataloged as CVE-2025-13633. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2025-13631 | Google Chrome up to 142.0.7444.175 on macOS Google Updater Remote Code Execution (ID 448113 / EUVD-2025-200308)

Vuldb Updates
1 month 2 weeks ago
A vulnerability marked as critical has been reported in Google Chrome on macOS. The impacted element is an unknown function of the component Google Updater. The manipulation leads to Remote Code Execution. This vulnerability is documented as CVE-2025-13631. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

University of Pennsylvania and University of Phoenix disclose data breaches

Security Affairs
1 month 2 weeks ago
The University of Pennsylvania and the University of Phoenix confirm they were hit in the Oracle E-Business Suite hacking campaign. The University of Pennsylvania (Penn) and the University of Phoenix confirmed they were hit in the recent cyberattack targeting Oracle E-Business Suite customers. Penn explained that it uses Oracle’s E-Business Suite (EBS) platform for supplier […]
Pierluigi Paganini

CVE-2024-29223 | Intel QuickAssist Technology Software up to 2.1.x uncontrolled search path (intel-sa-01124)

Vuldb Updates
1 month 2 weeks ago
A vulnerability was found in Intel QuickAssist Technology Software up to 2.1.x. It has been rated as problematic. Affected by this vulnerability is an unknown functionality. This manipulation causes uncontrolled search path. This vulnerability appears as CVE-2024-29223. The attack requires local access. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2025-27415 | Nuxt up to 3.15.x on Vue HTTP acceptance of extraneous untrusted data with trusted data (GHSA-jvhm-gjrh-3h93)

Vuldb Updates
1 month 2 weeks ago
A vulnerability has been found in Nuxt up to 3.15.x on Vue and classified as problematic. This affects an unknown function of the component HTTP Handler. This manipulation causes acceptance of extraneous untrusted data with trusted data. This vulnerability is handled as CVE-2025-27415. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.
vuldb.com

Scaling AI From Copilots to Agentic Workflows

BankInfoSecurity.com
1 month 2 weeks ago
Organizations are adopting agentic artificial intelligence as the next phase of AI. Kim Basile, CIO of Kyndryl, explains how organizations can prepare teams to work with agentic AI, emphasizing culture, training and governance as the crucial drivers of AI readiness and adoption.

Marketing and Compliance Software Vendor to Banks Breached

BankInfoSecurity.com
1 month 2 weeks ago
Marquis Software Solutions Says Ransomware Group Hit SonicWall Device, Stole Data
Marketing and compliance software maker Marquis Software Solutions, which counts over 700 banks and credit unions as customers, said a ransomware group breached its SonicWall firewall and stole hundreds of thousands of individuals' personal details, including Social Security numbers.

China Skirts US Attempts to Restrict AI Exports

BankInfoSecurity.com
1 month 2 weeks ago
China Still Relies on US Technology, Experts tell Senate
Washington spent years constructing export barriers around America's most sensitive artificial intelligence technology. Witnesses told the U.S. Senate Foreign Relations Committee that China is finding ways to move around them. Where one pathway closes, Beijing opens another.

Codex Bug Let Repo Files Execute Hidden Commands

BankInfoSecurity.com
1 month 2 weeks ago
Attackers Could Hijack Developer Machines via Tampered Config Files
OpenAI patched a command injection flaw in its Codex CLI tool that let attackers run arbitrary commands on developer machines by hiding malicious configuration files inside code repositories. Hackers could turn ordinary repository files into execution vectors.

India’s New SIM-Binding Rule for WhatsApp, Signal, Telegram and Other Messaging Platforms

Cyber Security News
1 month 2 weeks ago

India has implemented a mandatory SIM-binding requirement for messaging applications, including WhatsApp, Telegram, Signal, Snapchat, and others. The Department of Telecommunications issued a directive on November 28 requiring all app-based communication services to ensure that users maintain an active SIM card in their devices to access messaging features. Under the new rules, messaging platforms must […]

The post India’s New SIM-Binding Rule for WhatsApp, Signal, Telegram and Other Messaging Platforms appeared first on Cyber Security News.

Abinaya

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

The Hackers News
1 month 2 weeks ago
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0. The vulnerability has been codenamed React2shell. It allows "unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React
The Hacker News

Managed ad