How Python Software Development Enhances Cyber Defense

Python has emerged as a powerful ally in combating rising cybersecurity threats and tracking cybercrime through tools leveraging…...

vue-i18n 跨站脚本漏洞

vue-i18n is an application from intlify open source. A cross-site scripting vulnerability exists in vue-i18n, which stems from the fact that vue-i18n can pass locale information to createI18n or useI18n. When generating a locale information AST in development mode, this could lead to a cross-site...

PT-2024-35457 · Vue-I18N · Vue-I18N

Name of the Vulnerable Software and Affected Versions: vue-i18n versions prior to 9.14.2 vue-i18n versions prior to 10.0.5 Description: The issue concerns a Cross-site Scripting XSS attack possibility in vue-i18n, an internationalization plugin for Vue.js. This occurs when locale message ASTs are...

Denial of Service Vulnerability in XunRuiCMS of Sichuan Xunruiyun Software Development Co.

XunRuiCMS is a content management framework based on CodeIgniter4. Sichuan XunRuiCloud Software Development Co., Ltd. XunRuiCMS has a denial-of-service vulnerability that can be exploited by an attacker to cause the contents of a file to be emptied, resulting in a denial of service...

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release

Red Hat OpenShift Dev Spaces 3.17 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534. Following the Red Hat Product Security standards this update is rated as having a security impact of...

CVE-2024-53261 Cross-Site Scripting attack (XSS) on dev mode 404 page in SvelteKit

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from the request URL flows into end, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack XSS." The files...

GHSA-RJJV-87MX-6X3H @sveltejs/kit vulnerable to XSS on dev mode 404 page

Summary "Unsanitized input from the request URL flows into end, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack XSS." Details Source of potentially tainted data is in packages/kit/src/exports/vite/dev/index.js, line 437. This...

@sveltejs/kit vulnerable to XSS on dev mode 404 page

Summary "Unsanitized input from the request URL flows into end, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack XSS." Details Source of potentially tainted data is in packages/kit/src/exports/vite/dev/index.js, line 437. This...

PT-2024-35699 · Sveltekit · Sveltekit

Name of the Vulnerable Software and Affected Versions: SvelteKit versions prior to 2.8.3 Description: Unsanitized input from the request URL flows into end, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack XSS. The files...

Why New York is a Prime Location for Leading Mobile Development Agencies

New York, the city that never sleeps, is renowned as a global epicentre for innovation, creativity, and business…...

Panda Security Dome 安全漏洞

Panda Security Dome is an antivirus product for ransomware and spyware from the Spanish company Panda Security. A security vulnerability exists in Panda Security Dome that stems from a lack of proper permission settings for folders created by the Hydra Sdk Windows service, which could allow a loc...

CVE-2018-9477

In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

PT-2024-10711 · Unknown · Settings App

Name of the Vulnerable Software and Affected Versions: Settings app affected versions not specified Description: The issue is related to a possible authentication bypass in the development options section of the Settings app due to a missing permission check. This could lead to local escalation o...

Exploit for Allocation of Resources Without Limits or Throttling in Vmware Spring_Framework

Spring CVE-2022-22970 Proof of Concept This repo contains...

Exploit for CVE-2024-22262

Spring CVE-2024-22262 Proof of Concept This repo contains...

edk2: Integer overflows in PeCoffLoaderRelocateImage

A flaw was found in the EDK2 package. This flaw allows an attacker to cause memory corruption due to an overflow via an adjacent network. This issue may lead to loss of confidentiality, integrity, and availability...

Moderate: Red Hat Security Advisory: edk2 security update

An update for edk2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

Zoom多款产品 安全漏洞

Zoom Rooms and others are products of Zoom Corporation, a U.S.-based company.Zoom Rooms is a software-based conferencing system.Zoom Meeting SDK is a development kit.Zoom Workplace is a desktop application. A security vulnerability exists in a number of Zoom products. The vulnerability stems from...

CVE-2024-21287

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain component: Software Development Kit, Process Extension. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

kernel-devel-6.11.8-1.1 on GA media (moderate)

kernel-devel-6.11.8-1.1 on GA media Announcement ID: openSUSE-SU-2024:14500-1 Rating: moderate Cross-References: CVE-2023-52917 CVE-2024-46869 CVE-2024-47671 CVE-2024-47675 CVE-2024-47676 CVE-2024-47677 CVE-2024-47678 CVE-2024-47679 CVE-2024-47680 CVE-2024-47681 CVE-2024-47682 CVE-2024-47683...