-
CVE-2024-13484 – ArgoCD Cluster-Wide PrometheusRule Injection Vulnerability
CVE ID : CVE-2024-13484 Published : Jan. 28, 2025, 6:15 p.m. | 13 hours, 44 minutes ago Description : A flaw was found in ArgoCD. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring…
-
CVE-2018-9373 – MTK WLAN Driver Out-of-Bounds Write Privilege Escalation Vulnerability
CVE ID : CVE-2018-9373 Published : Jan. 28, 2025, 5:15 p.m. | 14 hours, 45 minutes ago Description : In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is…
-
CVE-2025-0781 – FSFlight Tracker Nasal Privilege Escalation RCE
CVE ID : CVE-2025-0781 Published : Jan. 28, 2025, 5:15 p.m. | 14 hours, 44 minutes ago Description : An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. Severity: 8.6 | HIGH Visit the link for more details, such…
-
CVE-2025-23213 – Tandoor Recipes Cross-Site Scripting (XSS)
CVE ID : CVE-2025-23213 Published : Jan. 28, 2025, 4:15 p.m. | 15 hours, 44 minutes ago Description : Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed…
-
How to migrate to SASE and zero trust | Kaspersky official blog
SASE components: ZTNA, CASB CSWG, NGFW, SD-WAN, and how they improve network security The traditional network security model — with a secure perimeter and encrypted channels for external access to that perimeter — is coming apart at the seams. Cloud services and remote working have challenged the very notion of “perimeter”, while the primary method of accessing…
-
Trustwave SpiderLabs December 2024: Phishing and Email Security Insights
There was some good, bad, and neutral news when it comes to email threats in December 2024, according to new data compiled by Trustwave SpiderLabs’ MailMarshal email security team. Go to Source
-
Cracking the Giant: How ODAT Challenges Oracle, the King of Databases
In the past decade, Oracle Database (Oracle DB) has reigned supreme in the competitive arena of database engine popularity ranking as shown in Figure 1 and Figure 2. This pervasiveness has led Oracle Database to be trusted by Fortune 500 companies (e.g. Netflix, LinkedIn, eBay, etc.) to house, process, and safeguard their critical data. Its…