CVE-2024-12790

A vulnerability was found in code-projects Hostel Management Site 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file room-details.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to...

Secure Coding with AI, from Creation to Inspection

While prior studies have explored security in code generated by ChatGPT and other Large Language Models, they were conducted in controlled experimental settings and did not use code generated or provided from actual developer interactions. This paper not only examines the security of code generat...

CVE-2023-4265

Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usbdcnativeposix.cL359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usbdcnativeposix.cL359...

CVE-2025-0781

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level...

ShopXO Code Issues Vulnerabilities

ShopXO is an open source enterprise-level open source e-commerce system from ShopXO Inc. A code issue exists in ShopXO version 6.1.0 and earlier versions, which is caused by a server-side request forgery vulnerability in the source parameter of the extend/base/Uploader.php file...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by a logic error in code in multiple locations. An attacker can exploit this vulnerability to cause an elevation of privilege...

Supply Chain Security Leaders Collaborate to Help Developers Choose Open-Source

Supply Chain Security Leaders Collaborate to Help Developers Choose Open-Source By Trellix, Checkmarx and Illustria · September 05, 2023 Working together to keep open source safe At the beginning of 2023, top researchers from industry-leading companies established the Supply Chain Attack Research...

_getNextObservationIndex() Random use of timestamp to determine the currentTime can be manipulated bacause of dangerous strict equalities

Lines of code Vulnerability details Impact The use of strict equalities can be easily manipulated by an attacker. Miners may attempt to manipulate the timestamp. Proof of Concept File: TwabLib.sol Code Link: Code: if newestObservation.timestamp == currentTime File: TwabLib.sol Code Link: Code: if...

K27228191: Node.js vulnerability CVE-2018-7159

Security Advisory Description The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the...

Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections

Security teams face an expanding attack surface as organizations increasingly use cloud-native services to develop, deploy, and manage applications across their multicloud and hybrid environments. Their challenge is compounded by incomplete visibility, siloed processes, and a lack of prioritized...

Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections

Security teams face an expanding attack surface as organizations increasingly use cloud-native services to develop, deploy, and manage applications across their multicloud and hybrid environments. Their challenge is compounded by incomplete visibility, siloed processes, and a lack of prioritized...

Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections

Security teams face an expanding attack surface as organizations increasingly use cloud-native services to develop, deploy, and manage applications across their multicloud and hybrid environments. Their challenge is compounded by incomplete visibility, siloed processes, and a lack of prioritized...

Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections

Security teams face an expanding attack surface as organizations increasingly use cloud-native services to develop, deploy, and manage applications across their multicloud and hybrid environments. Their challenge is compounded by incomplete visibility, siloed processes, and a lack of prioritized...

SUSE-SU-2022:2182-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2022-1292: Fixed command injection in crehash bsc1199166. - CVE-2022-2068: Fixed more shell code injection issues in crehash. bsc1200550...

CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...

MGASA-2021-0406 Updated qtwebengine5 packages fix security vulnerabilities

Updated qtwebengine5 packages fix security vulnerabilities: The qtwebengine5 package has been updated to version 5.15.5, fixing several security issues in the bundled chromium code...

Etherpad 1.8.13 - Code Execution Vulnerabilities

Etherpad is one of the most popular online text editors that allows collaborating on documents in real-time. It is customizable with more than 250 plugins available and features a version history as well as a chat functionality. There are thousands of instances deployed worldwide with millions of...

Argo Code Issues Vulnerabilities

Argo is an open source container native workflow engine. A code issue vulnerability exists in Argo CD versions prior to 1.8.4, which stems from the incorrect handling of Token in the util/session/sessionmanager.go file, resulting in the Token remaining valid after the user is unavailable. No...

The Untold History of America’s Zero-Day Market

The lucrative business of dealing in code vulnerabilities is central to espionage and war planning, which is why brokers never spoke about it—until now...

Debian DLA-2014-1 : vino security update

Several vulnerabilities have been identified in the VNC code of vino, a desktop sharing utility for the GNOME desktop environment. The vulnerabilities referenced below are issues that have originally been reported against Debian source package libvncserver. The vino source package in Debian ships...