Aggregator

InfluxDB OSS 2.7.11 - Operator Token Privilege Escalation

Sony XAV-AX5500 1.13 - Firmware Update Validation Remote Code Execution (RCE)

GeoVision GV-ASManager 6.1.0.0 - Information Disclosure

为企业构建一个安全、高效、绿色的计算环境。

A vulnerability, which was classified as problematic, was found in WP Video Lightbox Plugin up to 1.9.6 on WordPress. Affected is an unknown function of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2022-4465. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in FreeRADIUS and classified as problematic. Affected by this issue is the function compute_password_element of the component EAP-PWD Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2022-41859. The attack needs to be approached within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in GE Grid Solutions MS3000. It has been classified as critical. Affected is an unknown function of the component FC46-WebBridge. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2022-43976. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GE Grid Solutions MS3000. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component FC46-WebBridge. The manipulation leads to path traversal. This vulnerability is known as CVE-2022-43975. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Cyber Cafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file edit-computer-details.php. The manipulation of the argument compname leads to cross site scripting. This vulnerability is known as CVE-2024-30979. The attack can be launched remotely. There is no exploit available.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Secure by Design is an important step to reduce the number of vulnerabilities present originally, but is it progressing fast enough? According to security experts Chris Wysopal and Jason Healey, the landscape is improving.

Threat Attack Daily - 7th of April 2025

Cortex Cloud integrates Prisma Cloud with CDR to provide a consolidated security posture management and real-time threat detection and remediation platform.

Ransomware Attack Update for the 7th of April 2025

书中内容完美贴合四个字，誓言无声。

书中内容完美贴合四个字，誓言无声。

How CIOs and CISOs Can Navigate With Balance
Tariff wars may hit technology leaders hard in 2025 as the Trump administration's 10% import tax, plus reciprocal tariffs, spikes costs. CIOs and CISOs face supply chain disruption and heightened cyber risks. But they can adapt with cloud shifts, smart deals and better advocacy.