CVE-2026-40687

A flaw was found in Exim. When the Secure Password Authentication SPA driver processes input from a malicious SPA resource, it can lead to an out-of-bounds write, causing the connection to crash and resulting in a Denial of Service DoS. This vulnerability also allows for the disclosure of sensiti...

CVE-2026-40687

In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory...

CISA Releases Guide to Mitigate Risks from Bulletproof Hosting Providers

Today, Cybersecurity and Infrastructure Security Agency CISA, in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, released the guide Bulletproof Defense: Mitigating Risks from...

CVE-2023-26445

Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and...

CVE-2023-26445

Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and...

Auto-GPT 安全漏洞

Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. A security vulnerability exists in versions prior to Auto-GPT 0.4.3, which stems from the possibility that a malicious external resource could cause a misleading message to be printed to the consol...

Command injection

snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on SSO browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicio...

CVE-2023-34230 Snowflake Connector vulnerable to Command Injection

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...

VPN vs. DNS Security

When you are trying to get another layer of cyber protection that would not require a lot of resources, you are most likely choosing between a VPN service & a DNS Security solution. Let's discuss both. VPN Explained VPN stands for Virtual Private Networks and basically hides your IP and provides ...

Cross site request forgery (csrf)

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to...

Same-Origin Request Forgery to Backend User Interface

It has been discovered that the backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server - scripts are then executed with the privilege...

CVE-2019-6639

CVE-2019-6639 affects BIG-IP AFM/PEM TMUI Subscriber Management pages. A stored XSS in undisclosed TMUI pages is exploitable by an authenticated Resource Administrator, potentially allowing execution of system commands with Administrator privileges (bash disabled in Appliance mode, but command ex...

Apache Cordova iOS Malicious Resource Loading Vulnerability

Apache Cordova iOS is a platform for developing iOS-based mobile applications using HTML, CSS and JavaScript, and is the core engine that drives PhoneGap. A security vulnerability exists in Apache Cordova iOS that allows remote attackers to load malicious resources by exploiting a method that can...

Microsoft Visual C++ (.RC)资源文件远程栈溢出漏洞

Microsoft Visual C++是基于Windows平台的C++编译器。 Microsoft Visual C++资源编译器RCDLL.DLL模块的MSDEV.EXE进程在处理.rc资源文件时存在栈溢出漏洞，远程攻击者可能利用此漏洞通过诱骗用户打开恶意资源文件来控制用户机器。 在处理类似于以下的文件名字段时： 1 TYPELIB MOVEABLE PURE "FilePath01"...