Tag: deserialization
-
Hacker News: JEP Draft: Prepare to Make Final Mean Final
Source URL: https://openjdk.org/jeps/8349536 Source: Hacker News Title: JEP Draft: Prepare to Make Final Mean Final Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses significant upcoming changes in Java regarding the mutation of final fields through deep reflection. A future release aims to enforce immutability by default, enhancing both safety and performance,…
-
Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2025/03/26/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability These types of vulnerabilities…
-
Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2025/03/26/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability These types of vulnerabilities…
-
The Register: Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist
Source URL: https://www.theregister.com/2025/03/20/infoseccers_criticize_veeam_over_critical/ Source: The Register Title: Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist Feedly Summary: Palming off the blame using an ‘unknown’ best practice didn’t go down well either In patching the latest critical remote code execution (RCE) bug in Backup and Replication, software shop Veeam is attracting criticism from…
-
Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2025/02/24/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2017-3066 Adobe ColdFusion Deserialization Vulnerability CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious…
-
Alerts: Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software
Source URL: https://www.cisa.gov/news-events/alerts/2025/02/07/trimble-releases-security-updates-address-vulnerability-cityworks-software Source: Alerts Title: Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software Feedly Summary: CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability (CVE-2025-0994) discovered by Trimble impacting its Cityworks Server AMS (Asset Management System). Trimble has released security updates and an advisory…
-
Alerts: CISA Adds One Known Exploited Vulnerability to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2025/02/07/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0994 Trimble Cityworks Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the…