CVE-2021-47740 KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability

KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms...

Breaking ECDSA with Electromagnetic Side-Channel Attacks: Challenges and Practicality on Modern Smartphones

Smartphones handle sensitive tasks such as messaging and payment and may soon support critical electronic identification through initiatives such as the European Digital Identity EUDI wallet, currently under development. Yet the susceptibility of modern smartphones to physical side-channel analys...

EUVD-2016-6959

Malware in sbrugna...

EUVD-2020-7107

Malware in sbrugna...

EUVD-2024-48866

Malicious code in bioql PyPI...

EUVD-2024-17624

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-10976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and...

CVE-2025-54412 skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution

skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke...

Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution

Summary An inconsistency in OperatorFuncNode can be exploited to hide the execution of untrusted operator.xxx methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. Note: This...

Credential Reuse Attack

github.com/arkmq-org/activemq-artemis-operator is vulnerable to Credential Reuse Attack. The vulnerability is due to improper password management where the activemq-artemis-operator generating static passwords that do not regenerate between separate CR dependencies, which allows an attacker to ga...

CVE-2024-44821

ZZCMS 2023 contains a vulnerability in the captcha reuse logic located in /inc/function.php. The checkyzm function does not properly refresh the captcha value after a failed validation attempt. As a result, an attacker can exploit this flaw by repeatedly submitting the same incorrect captcha...

CVE-2020-14977

An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execut...

CVE-2024-1902

lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker...

CVE-2024-7915

The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading...

CVE-2024-7915 macOS Sensei Mac Cleaner Local Privilege Escalation via PID Reuse - Race Condition Attack

The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading...

CVE-2024-7915 macOS Sensei Mac Cleaner Local Privilege Escalation via PID Reuse - Race Condition Attack

The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading...

CVE-2024-7915

CVE-2024-7915 affects Sensei Mac Cleaner. A local privilege escalation via PID reuse in the XPC-based SenseiHelper allows an attacker to impersonate a legitimate client and invoke arbitrary methods, potentially performing root-level actions. Reported capabilities include arbitrary file deletion/w...

Layui has DOM Clobbering gadgets that leads to Cross-site Scripting

Summary A DOM Clobbering vulnerability has been discovered in layui that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. It's worth noting that we’ve identifed similar issues in other popular...

GHSA-J827-6RGF-9629 Layui has DOM Clobbering gadgets that leads to Cross-site Scripting

Summary A DOM Clobbering vulnerability has been discovered in layui that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. It's worth noting that we’ve identifed similar issues in other popular...

DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in rollup when bundling scripts that use import.meta.url or with plugins that emit and reference asset files from code in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting XSS in web pages where scriptless...