CVE-2023-24026

In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload...

CVE-2023-24026

In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload...

CVE-2023-24026

In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload...

ridhoq soundslike SQL注入漏洞

soundslike is an application by the individual developers of ridhoq. Enables users to discover music by traversing a music relationship graph constructed by other users. An SQL injection vulnerability exists in ridhoq soundslike. An attacker could exploit this vulnerability to cause sql injection...

GSD-2023-1000995 ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link()

ASoC: audio-graph-card: fix refcount leak of cpuep in graphforeachlink This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...

GSD-2023-1000561 ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link()

ASoC: audio-graph-card: fix refcount leak of cpuep in graphforeachlink This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

LATMA - Lateral Movement Analyzer Tool

Lateral movement analyzer LATMA collects authentication logs from the domain and searches for potential lateral movement attacks and suspicious activity. The tool visualizes the findings with diagrams depicting the lateral movement patterns. This tool contains two modules, one that collects the...

CVE-2022-23532 neo4j-apoc-procedures is vulnerable to path traversal

APOC Awesome Procedures on Cypher is an add-on library for Neo4j that provides hundreds of procedures and functions. A path traversal vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the...

CVE-2022-23532

CVE-2022-23532 describes a path traversal vulnerability in the APOC library for Neo4j, specifically in the apoc.export.* procedures. The issue allows an attacker who can run arbitrary Cypher (or has app Cypher injection) to break out of the intended directory and create arbitrary files (overwriti...

GHSA-5V8V-GWMW-QW97 org.neo4j.procedure:apoc Path Traversal Vulnerability

Impact A Path Traversal Vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the expected directory. The vulnerability is such that files could only be created but not overwritten. For the...

Mercurius 安全漏洞

Mercurius is a GraphQL adapter Fastify. A security vulnerability exists in Mercurius versions prior to 10.5.0, which is caused by a denial of service attack when any user sends an incorrectly formatted packet to "/graphql" via WebSocket...

PT-2025-54168

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to interrupt request IRQ handling on the arm64 architecture. Specifically, the filter irq stacks function, intended to filter IRQ-related entries...

PT-2025-37702

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the coresight component of the Linux kernel, specifically related to the acpi buffer-pointer. The leak occurs because the ACPI buffer memory is not freed after us...

CVE-2022-46582

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the loginname parameter in the dographauth sub4061E0 function...

TRENDnet TEW-755AP 缓冲区错误漏洞

The TRENDnet TEW-755AP is a router from TRENDnet. The TRENDnet TEW-755AP suffers from a stack overflow vulnerability that stems from a lack of size checking of input data in the loginname parameter of the dographauth sub4061E0 function, which can be exploited by an attacker to execute arbitrary...

PT-2022-27910 · Trendnet · Trendnet Tew755Ap

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW755AP version 1.13B01 Description: A stack overflow issue was discovered, related to the login name parameter in the do graph auth sub 4061E0 function. Recommendations: For TRENDnet TEW755AP version 1.13B01, consider restricting...

OpenTSDB 2.4.0 Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 CVE-2020-35476 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If...

OpenTSDB 2.4.0 unauthenticated command injection

This module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 CVE-2020-35476 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version...

Outlining a new SiestaGraph backdoor

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Foreign Affairs Office of an Association of Southeast Asian Nations ASEAN member is targeted by multiple threat actors who are coordinating active campaigns via a vulnerable Microsoft Exchange server...

AzureGraph - Azure AD Enumeration Over MS Graph

AzureGraph is an Azure AD information gathering tool over Microsoft Graph. Thanks to Microsoft Graph technology, it is possible to obtain all kinds of information from Azure AD, such as users, devices, applications, domains and much more. This application, allows you to query this data through th...