Oracle Critical Patch Update, April 2026 Security Update Review

Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 481 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...

pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass)

Summary pyLoad caches role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database. As a result, an already logged-in user can keep old revoked privileges until logout/session...

EUVD-2021-28003

Malicious code in bioql PyPI...

CVE-2024-28986

creationtimestamp| type| source ---|---|--- 2024-08-14 02:19:45+00:00| seen| https://t.me/cvedetector/3087 2024-08-14 09:24:18+00:00| seen| https://t.me/HackingInsights/9834 2024-08-14 19:46:35+00:00| published-proof-of-concept| Telegram/cNxbFZZdo4lIvFx4xvc0hLK4F8fRxTqcrmeBNIRfXm1RHD0 2024-08-15...

CVE-2018-16763

creationtimestamp| type| source ---|---|--- 2022-07-13 13:02:16+00:00| seen| MISP/8bf50bb8-94dd-4004-a646-5f78db6f0b6a 2024-12-23 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-12-23 2024-12-27 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities -...

CVE-2021-40847

The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled ...

Remote code execution

The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled ...

CVE-2021-40847

CVE-2021-40847 affects Netgear routers through the Circle parental controls update mechanism. The Circle update daemon (circled), enabled by default, fetches unsigned updates over HTTP and, under a MitM, can be tricked into delivering a crafted compressed database that overwrites executables with...

Microsoft Dynamics CRM 2011 Update Rollup 6

Microsoft Dynamics CRM 2011 Update Rollup 6 INTRODUCTION Update Rollup 6 for Microsoft Dynamics CRM 2011 is available. This article describes the hotfixes and the updates that are included in this update rollup. This update rollup is available for all languages that are supported by Microsoft...

Release Notes for Veeam Backup & Replication 9.0 Update 2

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge Release Notes for Veeam Backup & Replication 9.0 Update 2 Cause Please confirm you are running version 9.0.0.902 or 9.0.0.1491 prior to installing this updat...

DEBIAN-CVE-2015-3282

vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network...

[SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2115-2 [email protected] http://www.debian.org/security/ Florian Weimer October 11, 2010 http://www.debian.org/security/faq -...

HDWiki-V4. 0. 5 proof 0day cross site vulnerability-vulnerability warning-the black bar safety net

Effects: the HDWiki-V4. 0. 5 Degree of harm: high-risk Vulnerability description: Ann-day lab Safety research and Emergency Response Center of Antiy CERT by penetration testing found the HDWiki-V4. 0. 5 This version in the Create and edit entries, for inside the HTML element does not have very go...

eTrust Access Control - Root compromise for default install

eTrust Access Control formerly SeOS default installation vulnerable to root level compromise In working with eTrust Access ControlSeOS we found that the default installation can be compromised in order to gain root access to the machines. The attacker is required to be on the same network as the...