EUVD-2025-13150

Malicious code in bioql PyPI...

CVE-2024-49934 fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name

In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dumpmapping accessing invalid dentry.dname.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: ------------ cut here...

CVE-2024-44961

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Forward soft recovery errors to userspace As we discussed before1, soft recovery should be forwarded to userspace, or we can get into a really bad state where apps will keep submitting hanging command buffers cascadin...

CVE-2024-6607

It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a select element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox 128...

CVE-2023-52831 cpu/hotplug: Don't offline the last non-isolated CPU

In the Linux kernel, the following vulnerability has been resolved: cpu/hotplug: Don't offline the last non-isolated CPU If a system has isolated CPUs via the "isolcpus=" command line parameter, then an attempt to offline the last housekeeping CPU will result in a WARNON when rebuilding the...

CVE-2021-47265

CVE-2021-47265 is a Linux kernel RDMA issue in the mlx5_ib driver. The vulnerability stems from missing validation of the user-supplied port when creating a flow rule, leading to an improper check and a kernel oops as shown in the call trace (_create_flow_rule … mlx5_ib_create_flow …). The CVE ha...

centroricercagianfrancoferre.it Cross Site Scripting vulnerability OBB-3900271

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

lisaanmasry.org Cross Site Scripting vulnerability OBB-3885641

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

green-brain-krautrock.de Cross Site Scripting vulnerability OBB-3879560

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Email Validation Bypass And Preventing Sign Up From Email's Owner

Summary Email validation can easily be bypassed because verifyemailenabled option enable email validation at sign up only. A user changing it's email after signing up and verifying it can change it without verification in /profile. This can be used to prevent legitimate owner of the email address...

Design/Logic Flaw

References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more...

Why Defenders Should Embrace a Hacker Mindset

Today's security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have intern...

What Else Can You Do to Defend Against Bots?

...

Cross site request forgery (csrf)

Rejected reason: Accidental Request...

dnsmasq security update

2.76-17.0.1.3 - Prevent use after free in dhcp6norelay CVE-2022-0934 Orabug: 34775167...

Conquering Adversarial Bots and Humans to Prevent Account Takeovers

...

corammaterial.com Cross Site Scripting vulnerability OBB-3477029

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Preventing and Detecting Attacks Involving 3CX Desktop App

In this blog entry, we provide technical details and analysis on the 3CX attacks as they happen. We also discuss available solutions which security teams can maximize for early detection and mitigate the impact of 3CX attacks...

Introducing Malware Protection for Scanning File Uploads

With Malware Protection, you can scan once at the edge and prevent malware from draining your time and budget...

Preventing Insider Attacks on Your HR System

By Owais Sultan An insider threat has emerged as one of the most significant threats to all types of businesses and organizations. This is a post from HackRead.com Read the original post: Preventing Insider Attacks on Your HR System...