IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2025-04977)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

Microsoft Excel Resource Management Error Vulnerability (CNVD-2025-02966)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A resource management error vulnerability exists in Microsoft Excel. An attacker exploiting this vulnerability could remotely execute code...

CVE-2024-13758

CVE-2024-13758 involves the CP Contact Form with PayPal plugin for WordPress. The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation in cp_contact_form_paypal_check_init_actions(), affecting all versions up to and including 1.3.52. This allows unauth...

QNAP Symlink Remote Code Execution

The QNAP operating system suffers from a symlinking vulnerability. It is possible to upload a symlink trough a ZIP file and abuse the encrypt/decrypt function to gain an arbitrary file write primitive which can be turned into remote code execution. An attacker with privileges of a regular user ca...

Mozilla -- Memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

USN-7118-1: ZBar vulnerabilities

It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. CVE-2023-40889 It was discovered that ZBar did not properly handl...

Buying Stuff For Free From Shopping Websites

Rapid7 is often tasked with evaluating the security of e-commerce sites. When dealing directly with customer financials, the security of these transactions is a top concern. Fortunately, there are ample pre-built e-commerce platforms one can simply purchase or install. From an attacker’s...

CVE-2024-34102

CVE-2024-34102 is an XXE vulnerability in Adobe Commerce/Magento Open Source that allows remote code execution. The issue affects Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier, via improper restriction of XML external entity references. Exploitation can occur without use...

GTKWave code execution vulnerability (CNVD-2024-36927)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to potentially cause arbitrary code execution via a specially crafted fst file...

Surge in QR Code Quishing: Check Point Records 587% Attack Spike

By Deeba Ahmed Explore insights into the rise of Quishing attacks, the risks associated with QR code exploitation, and crucial preventive… This is a post from HackRead.com Read the original post: Surge in QR Code Quishing: Check Point Records 587% Attack Spike...

NETGEAR R6400v2 Code Execution Vulnerability

The NETGEAR R6400v2 is a router from NETGEAR. A hardware device that connects two or more networks and acts as a gateway between networks. The NETGEAR R6400v2 suffers from a code execution vulnerability that stems from the program's failure to properly filter special elements that construct code...

CVE-2023-41040

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

PT-2023-18888

Name of the Vulnerable Software and Affected Versions WooCommerce Google Sheet Connector WordPress plugin versions prior to 1.3.6 Description The issue concerns a lack of CSRF check when updating the Access Code, allowing attackers to potentially make logged-in admins change the access code to an...

CVE-2023-32556

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

Proposed Token Request Exceeds Available Funds Check Missing.

Lines of code Vulnerability details Impact The proposeStandard function in StandardFunding.sol contract does not include a direct check to ensure that the proposed tokens requested are less than or equal to the actual available funds for the distribution period. Instead, it only checks if the...

CVE-2023-32215

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...

CVE-2023-1097

Baicells EG7035-M11 devices with BCE-ODU-1.0.8 and prior firmware are affected by an improper HTTP GET command injection vulnerability. The issue allows pre-login execution of commands with root privileges via HTTP GET, as demonstrated and validated by a third‑party analyst. Affected component: d...

CVE-2023-0776

Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following metho...

CVE-2023-24508

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods...

CVE-2022-44650

A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on...