EUVD-2018-19977

Malware in sbrugna...

CVE-2011-2634

Opera before 11.10 allows remote attackers to hijack 1 searches and 2 customizations via unspecified third party applications...

PYSEC-2025-179

OpenCTI is an open cyber threat intelligence CTI platform. Prior to version 6.4.11 any user with the capability manage customizations can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the...

PT-2025-19737 · Opencti · Opencti

Name of the Vulnerable Software and Affected Versions: OpenCTI versions prior to 6.4.11 Description: OpenCTI is an open cyber threat intelligence CTI platform. Prior to version 6.4.11, any user with the capability manage customizations can execute commands on the underlying infrastructure where...

Ioctlance - A Tool That Is Used To Hunt Vulnerabilities In X64 WDM Drivers

Description Presented at CODE BLUE 2023, this project titled Enhanced Vulnerability Hunting in WDM Drivers with Symbolic Execution and Taint Analysis introduces IOCTLance, a tool that enhances its capacity to detect various vulnerability types in Windows Driver Model WDM drivers. In a comprehensi...

CVE-2022-34267

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...

CVE-2022-34267

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...

CVE-2022-34267

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...

WordPress WooKit – WooCommerce Tools & Customizations Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software WooKit – WooCommerce Tools & Customizations Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 650930cce60d Credits Rafie...

How to Unhide the Restore Reason Page

Purpose This article documents how to unhide the Reason tab in the Restore Wizard after the "Do not show me this page again " option has been checked, causing the Reason tab to no longer appear during future restores. Solution The "Do not show me this page again" setting and other user-specific U...

SUSE CVE-2011-2634

Opera before 11.10 allows remote attackers to hijack 1 searches and 2 customizations via unspecified third party applications...

SUSE CVE-2018-10120

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service heap-based buffer overflow with write access or possibly have unspecifie...

Malicious code in @m365-admin/customizations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 67df9064253c6ee1deb2df543436530fcd9bad3b70a30eb34d838e86bcf0f29b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-403 Malicious code in @m365-admin/customizations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 67df9064253c6ee1deb2df543436530fcd9bad3b70a30eb34d838e86bcf0f29b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ALBA-2022:2145 osbuild-composer bug fix and enhancement update

The osbuild-composer package is a service for building customized OS artifacts, such as virtual machine VM images and OSTree commits. Apart from building images for local usage, it can also upload images directly to cloud. The package is compatible with composer-cli and cockpit-composer clients...

osbuild-composer bug fix and enhancement update

The osbuild-composer package is a service for building customized OS artifacts, such as virtual machine VM images and OSTree commits. Apart from building images for local usage, it can also upload images directly to cloud. The package is compatible with composer-cli and cockpit-composer clients...

Deposits don't work with fee-on transfer tokens

Handle cmichel Vulnerability details There are ERC20 tokens that may make certain customizations to their ERC20 contracts. One type of these tokens is deflationary tokens that charge a certain fee for every transfer or transferFrom. Others are rebasing tokens that increase in value over time like...

Deposits don't work with fee-on transfer tokens

Handle cmichel Vulnerability details There are ERC20 tokens that may make certain customizations to their ERC20 contracts. One type of these tokens is deflationary tokens that charge a certain fee for every transfer or transferFrom. Others are rebasing tokens that increase in value over time like...

Security Analysis Clears TikTok of Censorship, Privacy Accusations

Nebulous privacy and censorship criticisms about video social-media app TikTok have been swirling for months. Security analysts from CitizenLab are the first to collect real data on the platform’s source code, and reported that TikTok meets reasonable standards of security and privacy. The...

Code Injection in prayag2/konsave

✍️ Description konsave is a CLI program that will let you save and apply your KDE Plasma customizations with just one command , which is vulnerable to YAML deserialization attack caused by unsafe loading leads to Arbitary Code Execution. 🕵️‍♂️ Proof of Concept Installation bash pip install konsave...