CVE-2024-49861

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps Lonial found an issue that despite user- and BPF-side frozen BPF map like in case of .rodata, it was still possible to write into it from a BPF program side through specific helpers having...

AI and the SEC Whistleblower Program

Tax farming is the practice of licensing tax collection to private contractors. Used heavily in ancient Rome, it’s largely fallen out of practice because of the obvious conflict of interest between the state and the contractor. Because tax farmers are primarily interested in short-term revenue,...

PT-2024-33729

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A problem in the Linux kernel has been identified where a bpf program may cause a kernel crash due to a signed divide error. The issue arises when the divisor is -1, which can lead to ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improper write to a read-only map in the bpf program...

Web server DOS through run metrics

This report is not public...

CVE-2024-49243

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ramjon27 Dynamic Elementor Addons dynamic-elementor-addons allows PHP Local File Inclusion.This issue affects Dynamic Elementor Addons: from n/a through = 1.0.0...

CVE-2024-49243 WordPress Dynamic Elementor Addons plugin <= 1.0.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ramjon27 Dynamic Elementor Addons dynamic-elementor-addons allows PHP Local File Inclusion.This issue affects Dynamic Elementor Addons: from n/a through = 1.0.0...

Open Redirect

This report is not public...

CVE-2024-49314

Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through = 2.5.2...

CVE-2024-49314 WordPress JiangQie Free Mini Program plugin <= 2.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through = 2.5.2...

CVE-2024-49314 WordPress JiangQie Free Mini Program plugin <= 2.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through = 2.5.2...

CVE-2024-49314

CVE-2024-49314 concerns the JiangQie Free Mini Program WordPress plugin (versions n/a through 2.5.2). Public docs describe an Unrestricted Upload of File with Dangerous Type vulnerability that allows unauthenticated arbitrary file uploads, enabling a potential web shell on the target web server. ...

CVE-2024-49317 WordPress Point Maker plugin <= 0.1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ZIPANG Point Maker point-maker allows PHP Local File Inclusion.This issue affects Point Maker: from n/a through = 0.1.4...

Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service RaaS called Cicada3301 after successfully gaining access to the group's affiliate panel on the dark web. Singapore-headquartered Group-IB said it contacted the threat actor behind the Cicada3301...

AWS VDP: Reflected XSS on Amazon EC2 Instance

Product: Amazon Elastic Compute Cloud Amazon EC2 Vulnerability Type: Reflected Cross-Site Scripting XSS CVE: CVE-2022-29548 Severity: Medium Description: A reflected XSS vulnerability was discovered on the Amazon EC2 instance, allowing an attacker to inject malicious JavaScript code, potentially...

PT-2024-33454 · Unknown · Jiangqie Free Mini Program

Name of the Vulnerable Software and Affected Versions: JiangQie Free Mini Program versions n/a through 2.5.2 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to significant security...

WordPress plugin JiangQie Free Mini Program 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the WordPress plugin...

CVE-2024-48029

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hung Trang Si SB Random Posts Widget sb-random-posts-widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through = 1.0...

CVE-2024-49251

CVE-2024-49251 corresponds to a Local File Inclusion in the WordPress plugin Maan Addons For Elementor (

Local File Inclusion in netease-youdao/qanything

This report is not public...