Security
Headlines
HeadlinesLatestCVEs

Latest News

ABB Cylon Aspect 3.08.02 (logYumLookup.php) Authenticated File Disclosure

The ABB BMS/BAS controller suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device.

Zero Science Lab
Open in Source
#vulnerability#web#php#auth
Roundcube Webmail Cross Site Scripting

Roundcube Webmail versions prior to 1.5.7 and 1.6.x prior to 1.6.7 allows cross site scripting via SVG animate attributes.

pfSense 2.5.2 Cross Site Scripting

A cross site scripting vulnerability in pfsense version 2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.

Red Hat Security Advisory 2024-8374-03

Red Hat Security Advisory 2024-8374-03 - An update for python3.11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Security Advisory 2024-8365-03

Red Hat Security Advisory 2024-8365-03 - An update for python-idna is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8238-03

Red Hat Security Advisory 2024-8238-03 - Red Hat OpenShift Container Platform release 4.14.39 is now available with updates to packages and images that fix several bugs and add enhancements.

Pinterest tracks users without consent, alleges complaint

Pinterest is facing a complaint because it failed to comply with GDPR rules about using personal data for personalized advertising.

AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that could have resulted in an account takeover under specific circumstances. "The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover," Aqua said in a report shared

Misconfigured UN Database Exposes 228GB of Gender Violence Victims’ Data

A cybersecurity researcher discovered a massive data leak exposing over 115,000 sensitive documents associated with the UN Trust…

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software. Arising due to resource