phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint

Summary The WebAuthn prepare endpoint /api/webauthn/prepare creates new active user accounts without any authentication, CSRF protection, CAPTCHA, or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Details File:...

CVE-2022-50672

In the Linux kernel, the following vulnerability has been resolved: mailbox: zynq-ipi: fix error handling while deviceregister fails If deviceregister fails, it has two issues: 1. The name allocated by devsetname is leaked. 2. The parent of device is not NULL, deviceunregister is called in...

CVE-2022-50672 mailbox: zynq-ipi: fix error handling while device_register() fails

In the Linux kernel, the following vulnerability has been resolved: mailbox: zynq-ipi: fix error handling while deviceregister fails If deviceregister fails, it has two issues: 1. The name allocated by devsetname is leaked. 2. The parent of device is not NULL, deviceunregister is called in...

CVE-2025-40308 Bluetooth: bcsp: receive data only if registered

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bcsp: receive data only if registered Currently, bcsprecv can be called even when the BCSP protocol has not been registered. This leads to a NULL pointer dereference, as shown in the following stack trace: KASAN:...

CVE-2023-21320

In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

kernel: net: hns3: fix kernel crash problem in concurrent scenario

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash problem in concurrent scenario When link status change, the nic driver need to notify the roce driver to handle this event, but at this time, the roce driver may uninit, then cause kernel crash. To fix...

CVE-2024-41733

In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the...

UBUNTU-CVE-2024-39507

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash problem in concurrent scenario When link status change, the nic driver need to notify the roce driver to handle this event, but at this time, the roce driver may uninit, then cause kernel crash. To fix...

苹果CMS继续无视所有过滤进行SQL注入，第二发

简要描述： 这次这个地方主要是想绕过一个限制达到getshell的目的，但是本人水平有限，所以希望大家可以讨论下。 详细说明： 估计依旧小厂商，当然这倒不要紧。 继续上次的注入，如果说上次是因为单词写错的缘故，这次就不仅仅是粗心所造成的了。 接着看代码： 同样index.php开头： 上次分析过，这次直接看 ifempty$ac $ac='vod'; $method='index'; $colnum = array"id","pg","yaer","typeid","classid";//依然是这里 if$parlen=2 $method = $par1; for$i=2;$iP$par...