CVE-2024-1015

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...

CVE-2024-1023

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

DRUPAL-CONTRIB-2024-006

The Drupal Swift Mailer module extends the basic e-mail sending functionality provided by Drupal by delegating all e-mail handling to the Swift Mailer library. This enables your site to take advantage of the many features which the Swift Mailer library provides. The module could allow an attacker...

New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic

Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. "This is the first documented case of malware deploying the 9Hits applicatio...

CVE-2023-40051

CVE-2023-40051 affects Progress Application Server (PAS) for OpenEdge. A WEB transport request can allow unintended file uploads to a server directory path on the PASOE host, potentially enabling a later attack if the uploaded payload is exploitable. Affected versions are 11.7 before 11.7.18, 12....

UBUNTU-CVE-2023-51698

Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CB...

PHPJabbers Cleaning Business Software Cross-Site Scripting Vulnerability

PHPJabbers Cleaning Business Software is a cleaning reservation software from PHPJabbers Serbia. PHPJabbers Cleaning Business Software suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

CVE-2023-45139 fonttools XML External Entity Injection (XXE) Vulnerability

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

Red Hat FreeIPA Security Vulnerability

Red Hat FreeIPA is a comprehensive security information management solution. A security vulnerability exists in Red Hat FreeIPA. An attacker could exploit the vulnerability by tricking a user into submitting a request that could be executed as the user, resulting in a loss of confidentiality and...

ZTE ZXCLOUD iRAI Code Issue Vulnerability

The ZTE ZXCLOUD iRAI is a virtualization device from ZTE Corporation ZTE of China. A security vulnerability exists in ZTE ZXCLOUD iRAI. An attacker can exploit this vulnerability to place a fake DLL file in a specific directory and successfully execute malicious code...

GHSA-F8MP-X433-5WPF Arbitrary remote code execution within `wrangler dev` Workers sandbox

Impact The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run...

Arbitrary remote file read in Wrangler dev server

Impact Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any...

The vulnerability of Mozilla browsers, related to writing beyond the buffer limit, allows attackers to execute arbitrary code.

The vulnerability of the Mozilla browser is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2023-50094

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...

CVE-2023-7058

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. The attack can be launched remotely. The...

Hospital Management System 4.0 XSS / Shell Upload / SQL Injection Vulnerabilities

Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities. Description: Mutiple vulnerabilties were discovered in Hospital Management System Affected CMS: Hospital Management System Affected Version: unread...

PT-2023-9274 · Superagi · Superagi

Name of the Vulnerable Software and Affected Versions: SuperAGI versions all Description: The issue is related to the incorrect management of code generation in the eval function of the SuperAGI framework, which can be exploited by a remote attacker to execute arbitrary code and gain full control...

Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices

John Hanley of IBM Security shares 4 key findings from the highly acclaimed annual Cost of a Data Breach Report 2023 What is the IBM Cost of a Data Breach Report? The IBM Cost of a Data Breach Report is an annual report that provides organizations with quantifiable information about the financial...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-0118434)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

PT-2023-31316 · [Vendor] · [Product]

Name of the Vulnerable Software and Affected Versions: PRODUCT version VERSION Description: A problem in COMPONENT of VENDOR PRODUCT on PLATFORMS allows ATTACKER to IMPACT via VECTOR. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...