Tag
#web
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rapid Response Monitoring Equipment: My Security Account App Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attacker to access sensitive information of other users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rapid Response Monitoring products are affected: My Security Account App API: Versions prior to 7/29/24 3.2 VULNERABILITY OVERVIEW 3.2.1 Authorization Bypass Through User-Controlled Key CWE-639 Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users. CVE-2025-0352 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). A CVSS v4 score ...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Carrier Equipment: Block Load Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious actor to execute arbitrary code with escalated privileges . 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Carrier product, which is a HVAC load calculation program, are affected: Block Load: Version 4.16 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 The vulnerability could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges. CVE-2024-10930 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-10930. A base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/A...
Breeze Liu has been a prominent advocate for victims. But even she struggled to scrub nonconsensual intimate images and videos of herself from the web.
The continent faces "relentless" military espionage, and increased cyber sabotage at the hands of authoritarian regimes, according to a high-ranking intelligence director.
The startup incubator and PR firm with holdings in more than 70 cybersecurity firms has announced a data breach with as-yet-unknown effects.
While AI-generation services and major camera makers are adopting the specification for digitally signed metadata, creating a workflow around the nascent ecosystem is still a challenge.
There is no excerpt because this is a protected post.
The authentication bypass vulnerability in the OS for the company's firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.
Malwarebytes now protects ARM-based Windows devices, such as Microsoft’s Surface Pro X and Lenovo’s Yoga laptops.
Google is allowing its advertizing customers to fingerprint website visitors. Can you stop it?