The vulnerability of the `retry-delay` command in the cURL command-line utility allows a hacker to trigger a service failure.

The vulnerability of the retry-delay command in the cURL command-line utility is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure...

DRUPAL-CONTRIB-2023-044

The Webprofiler module provides a way of displaying the Symfony profile debugging tool at the bottom of each page. The abbr\class Twig filter can be used to bypass the Twig auto-escape feature. This vulnerability is mitigated by the fact that it is only exposed when the filter is specifically use...

CVE-2023-23774

CVE-2023-23774 affects the Motorola EBTS/MBTS Site Controller. The vulnerability arises when an unhandled exception causes the device to drop to a debug prompt on the serial port, which an attacker with physical access can trigger. This can potentially allow extraction of secret key material and/...

Spring-Kafka has Java Deserialization vulnerability When Improperly Configured

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers...

CVE-2023-34040 Java Deserialization vulnerability in Spring-Kafka When Improperly Configured

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers...

PT-2023-4846 · D Link · D-Link Dap-2622

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2622 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. The specific flaw exists within the DDP service, resulti...

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL version 12.2 that could...

What's New in CVSS v4

The pending update to the Common Common Vulnerability Scoring System CVSS, version 4.0, has garnered a noticeable volume of articles, blog posts and watercooler now known as Slack and Zoom air time. Reaction from the community has been positive, with general sentiment pinned somewhere near...

CVE-2023-40041

TOTOLINK T10v2 5.9c.5061B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cstemodules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code...

mooSocial 3.1.8 - Reflected XSS Vulnerability

Exploit Title: mooSocial 3.1.8 - Reflected XSS Exploit Author: CraCkEr Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://travel.moosocial.com/ Version: 3.1.8 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4173 Greetings ThePitBull...

PT-2023-4279 · Cockpit Hq · Cockpit

Name of the Vulnerable Software and Affected Versions: cockpit-hq/cockpit versions prior to 2.6.3 Description: The issue is related to a Cross-site Scripting XSS - Stored vulnerability in the cockpit-hq/cockpit GitHub repository. This vulnerability exists due to inadequate protection of the web...

CVE-2023-36858

CVE-2023-36858 affects BIG-IP Edge Client for Windows and macOS. Root cause: insufficient verification of data allows an attacker with local access to modify the client’s configured server list. Impact: potential redirection of traffic to a malicious server. Remediation (from K000132563): upgrade...

The vulnerability of the kernel of iOS, iPadOS, and macOS allows a perpetrator to trigger a service failure.

The vulnerability in the kernels of iOS, iPadOS, and macOS exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to cause service failures...

CVE-2023-37920

A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector...

CVE-2020-35698

Thinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting XSS. The impact is: execute arbitrary code remote. The component is: Affected Source code of the website CMS which is been used by many to host their online courses using the Thinkific Platform. The attac...

CVE-2020-35698

Thinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting XSS. The impact is: execute arbitrary code remote. The component is: Affected Source code of the website CMS which is been used by many to host their online courses using the Thinkific Platform. The attac...

harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks

A vulnerability was found HarfBuzz. This flaw allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...

Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page

Summary Unauthenticated HTML Injection / XSS Possible. Conditions: 2factor authentication must not set before Vulnerable Endpoint: /admin/login/2fa-setup Vulnerable Param: error= How it works, So basically any admin, who has not setup 2 factor authentication before is vulnerable for this attack,...

IBM DB2 Code Execution Vulnerability (CNVD-2023-58518)

IBM DB2 is a relational database management system from International Business Machines IBM. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 suffers from a code execution vulnerability that originates from an unchecked logger...

First liquidity provider can break minting of shares

Lines of code Vulnerability details Impact The attack vector and impact is that users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”. Proof of Concept The attack vector and impact is that users may not receive shares...