PT-2025-32539 · Unknown +1 · Nasm Netwide Assembler +1

Name of the Vulnerable Software and Affected Versions: NASM Netwide Assembler version 2.17rc0 Description: A stack-based buffer overflow issue was identified in the assemble file function within the nasm.c file. The issue can be exploited on the local host. The exploit has been publicly disclosed...

CVE-2024-43705

CVE-2024-43705 affects Imagination Technologies PowerVR-GPU (Imagination GPU Driver). The issue stems from a vulnerability in the GPU kernel driver where PVRSRVBridgePhysmemWrapExtMem can write to arbitrary read-only system files mapped into application memory, allowing a non-privileged user to p...

CVE-2024-12956

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /addachievementdetails.php. The manipulation of the argument achcerty leads to unrestricted upload. The attack may be initiated remotel...

Debian dla-3997 : php-illuminate-auth - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3997 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3997-1 [email protected] https://www.debian.org/lts/security/...

The vulnerability of the “sta_log_htm” application programming interface in the microprogramming-based wireless access points of Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the “staloghtm” application programming interface in the microprogramming-based wireless access points of Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO models exists due to the lack of measures taken to neutralize the special elements used in the operating syst...

Oracle Siebel Server <= 22.5 (April 2023 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the April 2023 CPU advisory. - Vulnerability in the Siebel CRM product of Oracle Siebel CRM component: Loging Apache ZooKeeper. Supported versions that are affected are 22.5 and prior...

PT-2024-35860 · Unknown · Maeve Lander Paypal Responder

Name of the Vulnerable Software and Affected Versions: Maeve Lander PayPal Responder versions n/a through 1.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

CVE-2024-54003

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission...

CVE-2024-11240

A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument dbloginrole leads to cross site scripting. The attack may be...

CVE-2024-11058

A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component About Us Page. The manipulation of the argument id leads to sql injection. The attack can be...

[slackware-security] expat

New expat packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/expat-2.6.4-i586-1slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Fix crash within function XMLResumeParser from ...

firefox: thunderbird: Use-after-free in layout with accessibility

The Mozilla Foundation's Security Advisory: An attacker could cause a use-after-free when accessibility is enabled, leading to a potentially exploitable crash...

firefox: thunderbird: Use-after-free in layout with accessibility

The Mozilla Foundation's Security Advisory: An attacker could cause a use-after-free when accessibility is enabled, leading to a potentially exploitable crash...

CVE-2024-10941

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox 126...

K000148380: MySQL vulnerability CVE-2024-21204

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PS. Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model LLM assisted framework called Big Sleep formerly Project Naptime. The tech giant described the development as the "first real-world vulnerability" uncovered using the...

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code

Posted by the Big Sleep team Introduction In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-a...

firefox: thunderbird: Use-after-free in layout with accessibility

The Mozilla Foundation's Security Advisory: An attacker could cause a use-after-free when accessibility is enabled, leading to a potentially exploitable crash...

firefox: thunderbird: Use-after-free in layout with accessibility

The Mozilla Foundation's Security Advisory: An attacker could cause a use-after-free when accessibility is enabled, leading to a potentially exploitable crash...

CVE-2024-50802

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/emailtemplates.php. The vulnerability is exploitable via the id parameter...