CVE-2023-34800

D-Link Go-RT-AC750 revAv101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgimain...

Microsoft Warns of New Russian State-Sponsored Hacker Group with Destructive Intent

Microsoft on Wednesday took the lid off a "novel and distinct Russian threat actor," which it said is linked to the General Staff Main Intelligence Directorate GRU and has a "relatively low success rate." The tech giant's Threat Intelligence team, which was previously tracking the group under its...

编号撤回

glib2 is a general-purpose, portable utility library open-sourced by GNOME. Many useful data types, macros, type conversions, string utilities, file utilities, main loop abstractions, etc. are provided. This CVE number has been withdrawn...

DEBIAN-CVE-2023-34823

fdkaac before 1.0.5 was discovered to contain a stack overflow in readcallback function in src/main.c...

fdkaac 缓冲区错误漏洞

fdkaac is a command-line front-end for the libfdk-aac encoder by the Japanese individual developer nu774. A security vulnerability exists in versions of fdkaac prior to 1.0.5, which stems from the discovery of a stack overflow vulnerability via the readcallback function in src/main.c. The...

PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)

Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Date: 06-10-2023 Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import...

Cross-Site Scripting (XSS)

org.apache.jspwiki:jspwiki-main is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters in the PARAMPAGE parameter before it output to the front end in several plugins, allowing an attacker to inject and execute malicious JavaScript on victim...

mainstreetmarketokotoks.com Cross Site Scripting vulnerability OBB-3397446

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

DEBIAN-CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

org.apache.jspwiki.it:jspwiki-selenide-tests (>=2.11.0 <=2.11.3), org.apache.jspwiki:jspwiki-210-adapters (>=2.11.0 <=2.11.3) +5 more potentially affected by CVE-2022-46907 via org.apache.jspwiki:jspwiki-main (>=2.11.0 <=2.11.3)

org.apache.jspwiki:jspwiki-main MAVEN version =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.3 Source cves: CVE-2022-46907 Source advisory: OSV:GHSA-QVQ8-CW7F-M7M4...

PT-2023-20351 · Teltonika · Teltonika'S Remote Management System

Name of the Vulnerable Software and Affected Versions: Teltonika’s Remote Management System versions prior to 4.10.0 Description: The issue is related to a cross-site scripting XSS vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connect...

Fedora 36 : chromium (2023-12b28d0d37)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-12b28d0d37 advisory. update to 113.0.5672.64. Fixes the following security issues: CVE-2023-2459 CVE-2023-2460 CVE-2023-2461 CVE-2023-2462 CVE-2023-2463 CVE-2023-2464...

Node.js: Permissions policies can be bypassed via process.mainModule

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

Design/Logic Flaw

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-0756

Removed by vendor...

CVE-2023-2462

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. Chromium security severity: Medium...