Synopsys Cybersecurity Research Center

Application Security Blog

CVE-2023-0871 is an XML External Entity injection vulnerability in OpenNMS Horizon.  Overview The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-0871, an XML External Entity injection vulnerability, in OpenNMS Horizon ... Read More

Listed at #5 in the OWASP Top 10 list, security misconfiguration refers to vulnerabilities that result from an application’s configuration.  ... Read More

Synopsys Cybersecurity Research Center discovers new RCE vulnerability that can leave Pluck Content Management System vulnerable ... Read More

Listed as #4 on the OWASP Top 10 list, insecure design is a new category added in 2021 and is related to design and architectural flaws in web apps.  ... Read More

Listed as #3 on the OWASP Top 10 list, injection occurs when an attacker sends malicious data to an app to make it do something it’s not supposed to do ... Read More

Listed as #2 on the OWASP Top 10 list, cryptographic failures expose sensitive data due to a lack of or weak encryption ... Read More

Learn about CVE-2022-23846, a denial-of-service-vulnerability affecting GTP libraries found in Open5GS ... Read More

Listed as #1 on the OWASP Top 10 list, broken access control is when an attacker can gain unauthorized access to restricted information or systems ... Read More

In this new Cybersecurity Research Center series, we analyze the OWASP Top 10, which is a list of the most common vulnerabilities in web applications ... Read More

This in-depth analysis explores CVE-2020-25669, a vulnerability that exploited a memory corruption issue in Linux Kernel. The post CyRC Case Study: Exploitable memory corruption using CVE-2020-25669 and Linux Kernel appeared first on Application Security Blog ... Read More