Aggregator

A vulnerability was found in TOTOLINK LR350 9.3.5u.6369_B20220309. It has been classified as critical. This affects the function setOpModeCfg. The manipulation of the argument pppoeUser leads to buffer overflow. This vulnerability is uniquely identified as CVE-2022-44257. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in TOTOLINK LR350 9.3.5u.6369_B20220309. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation of the argument command leads to buffer overflow. This vulnerability was named CVE-2022-44258. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in TOTOLINK LR350 9.3.5u.6369_B20220309. It has been rated as critical. This issue affects the function setParentalRules. The manipulation of the argument week/sTime/eTime leads to buffer overflow. The identification of this vulnerability is CVE-2022-44259. Access to the local network is required for this attack. There is no exploit available.

A vulnerability classified as critical has been found in TOTOLINK LR350 9.3.5u.6369_B20220309. Affected is the function setIpPortFilterRules. The manipulation of the argument sPort/ePort leads to buffer overflow. This vulnerability is traded as CVE-2022-44260. Access to the local network is required for this attack to succeed. There is no exploit available.

Are You Fully Satisfied with Your Current Secrets Management? How often do you question the effectiveness of your secrets management processes? It’s paramount to ensure the processes and tools employed in secrets management are keeping pace with ever-advancing technology. Finding a solution that ensures your Non-Human Identities (NHIs) are well-managed and secure in your cloud […]

The post Satisfied with Your Secrets Management? appeared first on Entro.

The post Satisfied with Your Secrets Management? appeared first on Security Boulevard.

Is Your Enterprise Leveraging NHI Management Innovations? Every organization operating in our interconnected digital era must adopt modern cybersecurity measures to safeguard their data and systems. But how many are aware of the critical role Non-Human Identities (NHIs) play in achieving this? NHIs are machine identities birthed in cybersecurity. These unique identities are a combination […]

The post Innovations in Non-Human Identity Management appeared first on Entro.

The post Innovations in Non-Human Identity Management appeared first on Security Boulevard.

Is your organization truly secure against Secrets sprawl? Cloud-based firms face a growing wave of identity and secrets security challenges. Among these, the phenomenon of Secrets sprawl threatens to jeopardize the integrity of data and IT systems. Unchecked, it opens the door to an array of potential digital threats. But fear not, there is a […]

The post Are You Free from Secrets Sprawl Worry? appeared first on Entro.

The post Are You Free from Secrets Sprawl Worry? appeared first on Security Boulevard.

CISA's Supply Chain Integrity Month reminds us of an undeniable truth about modern software development: transparency in software supply chains is no longer optional. The theme of week 4 is "Transparency: Securing Hardware and Software Across the Supply Chain." With more than 90% of modern software applications relying on open source, this message couldn't be more timely. Transparency is at the heart of the current trend in legislative action, which puts a spotlight on the way agencies evaluate, purchase, and monitor software.

The post How SBOMs power secure software acquisition | Sonatype Blog appeared first on Security Boulevard.

Как современный VPN помогает минимизировать любопытные взгляды.

A vulnerability, which was classified as problematic, was found in Mytel Telecom Online Account System 1.0. This affects an unknown part of the component OTP Verification. The manipulation leads to authentication bypass by spoofing. This vulnerability is uniquely identified as CVE-2025-28128. The attack can only be initiated within the local network. There is no exploit available.

​​Microsoft has released the KB5055627 preview cumulative update for Windows 11 24H2 with many new features gradually rolling out, and some new bug fixes for everyone. [...]

A vulnerability, which was classified as problematic, was found in WBCE CMS 1.5.4. Affected is an unknown function of the file /admin/users/index.php. The manipulation of the argument Display Name leads to cross site scripting. This vulnerability is traded as CVE-2022-45037. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in WBCE CMS 1.5.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/save.php. The manipulation of the argument Website Footer leads to cross site scripting. This vulnerability is known as CVE-2022-45038. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in WBCE CMS 1.5.4 and classified as critical. Affected by this issue is some unknown functionality of the component Server Settings Module. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2022-45039. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in WBCE CMS 1.5.4. It has been classified as problematic. This affects an unknown part of the file /admin/pages/sections_save.php. The manipulation of the argument Name Section leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-45040. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in WBCE CMS 1.5.4. Affected is an unknown function of the component Search Settings Module. The manipulation of the argument No Results leads to cross site scripting. This vulnerability is traded as CVE-2022-45036. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Phpgurukul Blood Donor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/dashboard.php. The manipulation leads to improper access controls. This vulnerability is known as CVE-2022-38813. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in Tiny File Manager 2.4.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2022-23044. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in Microweber 1.3.1 and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument select-file leads to cross site scripting. This vulnerability was named CVE-2022-0698. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in PyroCMS 3.9 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2022-37721. The attack may be initiated remotely. There is no exploit available.