#auth

Vehicle Service Management System version 1.0 suffers from a cross site request forgery vulnerability.

Transport Management System version 1.0 suffers from an insecure direct object reference vulnerability.

Printing Business Records Management System version 1.0 suffers from an ignored default credential vulnerability.

Online Eyewear Shop version 1.0 suffers from an ignored default credential vulnerability.

AVideo version 12.4 suffers from a PHP code injection vulnerability.

NIST standardized three algorithms for post-quantum cryptography. What does that mean for the information and communications technology (ICT) industry?

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The `org.apache.commons.io.input.XmlStreamReader` class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.

Medical imaging company I-MED left thousands of patient files exposed through re-used login credentials.