76 matches found
CVE-2025-32801
Summary: CVE-2025-32801 affects Kea configurations that can load a malicious hook library via API directives, with root/context privilege. Affected versions: Kea 2.4.0–2.4.1, 2.6.0–2.6.2, and 2.7.0–2.7.8. Impact: local privilege escalation and high impact components (root may load arbitrary code)...
Report
It is an offensive tool for web application exploitation. The re...
UBUNTU-CVE-2025-22051
In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix Oops after disconnect in agilent usb If the agilent usb dongle is disconnected subsequent calls to the driver cause a NULL dereference Oops as the businterface is set to NULL on disconnect. This problem was...
CVE-2025-22051 staging: gpib: Fix Oops after disconnect in agilent usb
In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix Oops after disconnect in agilent usb If the agilent usb dongle is disconnected subsequent calls to the driver cause a NULL dereference Oops as the businterface is set to NULL on disconnect. This problem was...
PT-2025-23104
Name of the Vulnerable Software and Affected Versions Kea versions 2.4.0 through 2.4.1 Kea versions 2.6.0 through 2.6.2 Kea versions 2.7.0 through 2.7.8 Description Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave...
CVE-Research
It is an offensive tool for web application security research. T...
Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems
Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. "Attackers can leverage these entry points to execute malicious code when specific...
Code Injection
Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...
Code Injection
Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...
CVE-2024-36471
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are...
CVE-2024-36471
Apache Allura is affected (versions 1.0.1–1.16.0). The import functionality permits DNS rebinding attacks between URL verification and processing, potentially allowing Allura to read from internal services and expose them. Impact is described as high with network access and no authentication requ...
CVE-2023-46851 Apache Allura: sensitive information exposure via import
Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hijacking, or remot...
Tokens with multiple entry points can lead to loss of funds in rageQuit()
Lines of code Vulnerability details Tokens with multiple entry points can lead to loss of funds in rageQuit ERC20 tokens with multiple entry points also known as double entry tokens or two address tokens can be used to exploit the rageQuit function and steal funds from the party. Impact The...
What is ransomware and how can you defend your business from it?
Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems known as...
The many lives of BlackCat ransomware
The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service RaaS gig economy. It’s noteworthy due to its unconventional programming language Rust, multiple target devices and possible entry points, and affiliation with prolific...
Someone Is Running Lots of Tor Relays
Since 2017, someone is running about a thousand -- 10% of the total -- Tor servers in an attempt to deanonymize the network: Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial...
CVE-2019-4701
IBM Security Guardium Data Encryption GDE 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936...
CVE-2019-4701
IBM Security Guardium Data Encryption GDE 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936...
CVE-2019-4701
IBM Security Guardium Data Encryption GDE 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936...
AssassinGo
This is an extensible and concurrency pentest framework in Go, also with a WebGUI. It is an offensive tool for Network Scanning, Vulnerability Scanning, and Information Gathering. The primary CVE ID is not specified in the provided context. The target product/service is not explicitly stated, but...