Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Microsoft Windows Defender Security Vulnerability

Microsoft Windows Defender is a suite of antivirus software that comes with Windows systems from Microsoft USA. A security vulnerability exists in Microsoft Windows Defender. An attacker exploiting the vulnerability could bypass certain features...

PT-2023-15808 · Unknown · Control De Ciber

Name of the Vulnerable Software and Affected Versions: Control de Ciber version 1.650 Description: The issue is a Buffer Overflow vulnerability in the printing function. It occurs when an administrator tries to accept or delete a print query created by a modified request sent by an attacker. This...

The vulnerability of the `retry-delay` command in the cURL command-line utility allows a hacker to trigger a service failure.

The vulnerability of the retry-delay command in the cURL command-line utility is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure...

DRUPAL-CONTRIB-2023-044

The Webprofiler module provides a way of displaying the Symfony profile debugging tool at the bottom of each page. The abbr\class Twig filter can be used to bypass the Twig auto-escape feature. This vulnerability is mitigated by the fact that it is only exposed when the filter is specifically use...

Options could not be settled, causing liquidity get locked in vault

Lines of code Vulnerability details Impact In settle logics, RdpxV2Core contract calls to PerpetualAtlanticVault.settle to update funding, burn option tokens and do some token settles. However, the logic could be reverted in the call...

CVE-2023-23774

CVE-2023-23774 affects the Motorola EBTS/MBTS Site Controller. The vulnerability arises when an unhandled exception causes the device to drop to a debug prompt on the serial port, which an attacker with physical access can trigger. This can potentially allow extraction of secret key material and/...

Spring-Kafka has Java Deserialization vulnerability When Improperly Configured

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers...

CVE-2023-34040 Java Deserialization vulnerability in Spring-Kafka When Improperly Configured

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers...

PT-2023-4846 · D Link · D-Link Dap-2622

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2622 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. The specific flaw exists within the DDP service, resulti...

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL version 12.2 that could...

What's New in CVSS v4

The pending update to the Common Common Vulnerability Scoring System CVSS, version 4.0, has garnered a noticeable volume of articles, blog posts and watercooler now known as Slack and Zoom air time. Reaction from the community has been positive, with general sentiment pinned somewhere near...

CVE-2023-40041

TOTOLINK T10v2 5.9c.5061B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cstemodules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code...

mooSocial 3.1.8 - Reflected XSS Vulnerability

Exploit Title: mooSocial 3.1.8 - Reflected XSS Exploit Author: CraCkEr Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://travel.moosocial.com/ Version: 3.1.8 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4173 Greetings ThePitBull...

PT-2023-4279 · Cockpit Hq · Cockpit

Name of the Vulnerable Software and Affected Versions: cockpit-hq/cockpit versions prior to 2.6.3 Description: The issue is related to a Cross-site Scripting XSS - Stored vulnerability in the cockpit-hq/cockpit GitHub repository. This vulnerability exists due to inadequate protection of the web...

CVE-2023-36858

CVE-2023-36858 affects BIG-IP Edge Client for Windows and macOS. Root cause: insufficient verification of data allows an attacker with local access to modify the client’s configured server list. Impact: potential redirection of traffic to a malicious server. Remediation (from K000132563): upgrade...

The vulnerability of the kernel of iOS, iPadOS, and macOS allows a perpetrator to trigger a service failure.

The vulnerability in the kernels of iOS, iPadOS, and macOS exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to cause service failures...

CVE-2023-37920

A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector...

CVE-2020-35698

Thinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting XSS. The impact is: execute arbitrary code remote. The component is: Affected Source code of the website CMS which is been used by many to host their online courses using the Thinkific Platform. The attac...

CVE-2020-35698

Thinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting XSS. The impact is: execute arbitrary code remote. The component is: Affected Source code of the website CMS which is been used by many to host their online courses using the Thinkific Platform. The attac...