Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

GHSA-gp5f-cx7h-8q6f: Apache Airflow's create action can upsert existing Pools/Connections/Variables

User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.

ghsa
Open in Source
#apache#git#intel
GHSA-273c-4g26-4jpm: Apache Airflow `/api/v2/dagReports` executes DAG Python in API

API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.

Aembit Introduces Identity and Access Management for Agentic AI

Silver Spring, USA/ Maryland, 30th October 2025, CyberNewsWire

The Death of the Security Checkbox: BAS Is the Power Behind Real Defense

Security doesn’t fail at the point of breach. It fails at the point of impact.  That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It's about proof. When a new exploit drops, scanners scour the internet in minutes. Once attackers gain a foothold,

ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising

The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s

Dynamic binary instrumentation (DBI) with DynamoRio

Learn how to build your own dynamic binary instrumentation (DBI) tool with open-source DynamoRIO to enable malware analysis, security auditing, reverse engineering, and more.

GHSA-jqmq-fpwv-p925: Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass. This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7.

GHSA-h72q-cq3w-h3wc: Drupal CivicTheme Design System allows Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting (XSS). This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.

GHSA-x957-32v9-m7vg: Drupal Acquia DAM allows Forceful Browsing

Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing. This issue affects Acquia DAM: from 0.0.0 before 1.1.5.

GHSA-fg8x-q69g-4qp3: Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables. This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.