60 matches found
CodeAlpha_Bug-Bounties-Tool
CodeAlphaBug-Bounties-Tool A lightweight bug bounty automatio...
PT-2026-34476
A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownershi...
Exploit for CVE-2025-8489
100-days-challenge-day-21--WP scan WP Scan helped identify co...
Web-Security-Assessment-Suite-based-on-OWASP-Top-10
Web-Security-Assessment-Suite-based-on-OWASP-Top-10 A...
EUVD-2016-4090
Malware in sbrugna...
Vulnerability of the venus_probe() function in the drivers/media/platform/qcom/venus/core.c module – A driver for supporting multimedia devices in the Linux operating system, which allows an attacker to gain access to protected information.
Vulnerability of the venusprobe function in the drivers/media/platform/qcom/venus/core.c module – The Linux kernel’s multimedia device support driver has vulnerabilities related to security configuration errors. Exploiting this vulnerability could allow an attacker to access protected information...
CVE-2022-22447
IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648...
Case Study: Are CSRF Tokens Sufficient in Preventing CSRF Attacks?
Explore how relying on CSRF tokens as a security measure against CSRF attacks is a recommended best practice, but in some cases, they are simply not enough. Introduction As per the Open Web Application Security Project OWASP, CSRF vulnerabilities are recognized as a significant threat and are...
Cross-Site Request Forgery (CSRF)
typo3/cms-beuser is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, where HTTP GET submissions are incorrectly accepted instead of enforcing the appropriate HTTP method. Misconfigurations, such as...
The vulnerability of the `cgi.force_redirect` script in the PHP programming language allows attackers to circumvent existing security restrictions.
The vulnerability of the cgi.forceredirect script in the PHP programming language is related to security configuration errors. Exploiting this vulnerability allows an attacker to bypass existing security restrictions and execute arbitrary commands...
The vulnerability of the Notes component in operating systems iPadOS and iOS, which allows a hacker to disclose sensitive information
The vulnerability of the Notes component in iPadOS and iOS operating systems is related to security configuration errors. Exploiting this vulnerability can allow attackers to disclose sensitive information that should be protected...
ServiceNow Data Exposure: A Wake-Up Call for Companies
Earlier this week, ServiceNow announced on its support site that misconfigurations within the platform could result in "unintended access" to sensitive data. For organizations that use ServiceNow, this security exposure is a critical concern that could have resulted in major data leakage of...
CVE-2022-22447
IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648...
CVE-2022-22447
IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648...
Code injection
IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648...
CVE-2022-22447 IBM Disconnected Log Collector information disclosure
IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648...
CVE-2022-22447 IBM Disconnected Log Collector information disclosure
IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648...
Gitlab -- Vulnerabilities
Gitlab reports: Privilege escalation of "external user" to internal access through group service account Maintainer can leak sentry token by changing the configured URL fix bypass Google Cloud Logging private key showed in plain text in GitLab UI leaking to other group owners Information disclosu...
Malicious Campaigns Exploit Weak Kubernetes Clusters for Crypto Mining
Exposed Kubernetes K8s clusters are being exploited by malicious actors to deploy cryptocurrency miners and other backdoors. Cloud security firm Aqua, in a report shared with The Hacker News, said a majority of the clusters belonged to small to medium-sized organizations, with a smaller subset ti...
The vulnerability of the Active Directory Federation Services (ADFS) for Windows operating systems allows a perpetrator to circumvent security restrictions.
The vulnerability of the Active Directory Federation Services AD FS for Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions remotely...