CVE-2025-0473

Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimportauthorities’ endpoint. When a file is uploaded via this...

Yubico pam-u2f 安全漏洞

Yubico pam-u2f is a pluggable authentication module for U2F and FIDO2 from Yubico. A security vulnerability exists in Yubico pam-u2f versions prior to 1.3.1 that stems from allowing authentication to be bypassed in certain configurations, where local elevation of privilege may occur...

PT-2025-3079 · Cp Plus · Cp Plus Cp-Vnr-3104

Name of the Vulnerable Software and Affected Versions: CP Plus CP-VNR-3104 B3223P22C02424 affected versions not specified Description: An issue allows attackers to obtain the second RSA private key, potentially accessing sensitive data or executing a man-in-the-middle attack. Recommendations: At...

CVE-2024-49385

creationtimestamp| type| source ---|---|--- 2025-01-02 15:16:12+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lerem5lvq425 2025-01-02 15:56:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lergv5djiw2r 2025-01-02 16:46:01+00:00| seen|...

CVE-2024-56246

creationtimestamp| type| source ---|---|--- 2025-01-02 12:20:57+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ler2sw24jr2o 2025-01-02 14:15:18+00:00| seen| https://t.me/cvedetector/14134 2025-01-02 20:08:33+00:00| seen|...

CVE-2024-56242

creationtimestamp| type| source ---|---|--- 2025-01-02 12:20:47+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ler2slryjr2o 2025-01-02 19:53:33+00:00| seen| https://infosec.exchange/users/cve/statuses/113760509126694174...

CVE-2024-37490

creationtimestamp| type| source ---|---|--- 2025-01-02 12:19:22+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ler2q365ad2e 2025-01-02 17:38:24+00:00| seen| https://infosec.exchange/users/cve/statuses/113759977723218951...

CVE-2023-47693

creationtimestamp| type| source ---|---|--- 2025-01-02 12:18:06+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ler2nsj3ir2o 2025-01-02 15:53:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113759564333327586...

CVE-2023-47689

creationtimestamp| type| source ---|---|--- 2025-01-02 12:18:01+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ler2nnnq5522 2025-01-02 15:38:15+00:00| seen| https://infosec.exchange/users/cve/statuses/113759505297140595...

CVE-2023-47225

creationtimestamp| type| source ---|---|--- 2025-01-02 12:17:42+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ler2n3pp6i25 2025-01-02 15:08:13+00:00| seen| https://infosec.exchange/users/cve/statuses/113759387210898557...

CVE-2024-56035

creationtimestamp| type| source ---|---|--- 2025-01-02 09:19:48+00:00| seen| https://infosec.exchange/users/cve/statuses/113758017179229788 2025-01-02 09:23:36+00:00| seen| https://infosec.exchange/users/cve/statuses/113758032067931651 2025-01-02 10:16:04+00:00| seen|...

MAL-2024-11817 Malicious code in planweb-core-ui (npm)

This package contains code to download a second stage payload which establishes a C2 connection and persistence via registry keys. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acc967a53ff92a71f6b9518c692bf641aa3595a3b65f28cc403b471c0474b175 Any computer that has...

Malicious code in planweb-core-ui (npm)

This package contains code to download a second stage payload which establishes a C2 connection and persistence via registry keys. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acc967a53ff92a71f6b9518c692bf641aa3595a3b65f28cc403b471c0474b175 Any computer that has...

PT-2024-36570 · Unknown · Sigstore-Python

Name of the Vulnerable Software and Affected Versions: sigstore-python versions 2.0.0 through 3.6.0 Description: The issue concerns insufficient validation of the "integration time" in "v2" and "v3" bundles during the verification flow. This affects versions of sigstore-python newer than 2.0.0 bu...

PT-2024-17476 · Unknown · Code-Projects Hotel Management System

Name of the Vulnerable Software and Affected Versions: code-projects Hotel Management System version 1.0 Description: A problem has been found in the code-projects Hotel Management System, affecting unknown code of the Administrator Login Password Handler component. The manipulation of the Str2...

CVE-2024-53712

creationtimestamp| type| source ---|---|--- 2024-12-02 17:36:29+00:00| seen| https://infosec.exchange/users/cve/statuses/113584438574544520...

CVE-2024-53123

creationtimestamp| type| source ---|---|--- 2024-12-02 17:06:27+00:00| seen| https://infosec.exchange/users/cve/statuses/113584320481604222...

[SECURITY] [DLA 3972-1] tzdata new timezone database

------------------------------------------------------------------------- Debian LTS Advisory DLA-3972-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 28, 2024 https://wiki.debian.org/LTS -...

Debian dla-3972 : tzdata - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3972 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3972-1 [email protected] https://www.debian.org/lts/security/...

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...