DEBIAN-CVE-2024-26648

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix variable deferencing before NULL check in edpsetupreplay In edpsetupreplay, 'struct dc dc' & 'struct dmubreplay replay' was dereferenced before the pointer 'link' & 'replay' NULL check. Fixes the below:...

UBUNTU-CVE-2024-26648

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix variable deferencing before NULL check in edpsetupreplay In edpsetupreplay, 'struct dc dc' & 'struct dmubreplay replay' was dereferenced before the pointer 'link' & 'replay' NULL check. Fixes the below:...

DEBIAN-CVE-2021-47158

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: add error handling in sja1105setup If any of sja1105staticconfigload, sja1105clockingsetup or sja1105devlinksetup fails, we can't just return in the middle of sja1105setup or memory will leak. Add a cleanup pat...

CVE-2021-47158

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: add error handling in sja1105setup If any of sja1105staticconfigload, sja1105clockingsetup or sja1105devlinksetup fails, we can't just return in the middle of sja1105setup or memory will leak. Add a cleanup pat...

NPS computy < 2.7.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Settings NPS Monitoring"...

Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload

Description The plugin does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup PoC 1. Go to the plugin setting and in the "Restore" section...

Pentest-Muse-Cli - AI Assistant Tailored For Cybersecurity Professionals

Pentest Muse is an AI assistant tailored for cybersecurity professionals. It can help penetration testers brainstorm ideas, write payloads, analyze code, and perform reconnaissance. It can also take actions, execute command line codes, and iteratively solve complex tasks. Pentest Muse Web App In...

Tracking Code Manager < 2.1.0 -Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Advanced Access Manager < 6.9.21 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-29419

There is a Cross-site scripting XSS vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013...

CVE-2023-46839

PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context...

CVE-2024-29419

There is a Cross-site scripting XSS vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013...

CVE-2024-29419

TOTOLINK X2000R is affected by a Cross-site Scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page. The issue exists in versions prior to v1.0.0-B20231213.1013, with the likely impact being execution of arbitrary script within the device’s web UI. Remediation per PT-2024...

PT-2024-22888 · Totolink · Totolink X2000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X2000R versions prior to v1.0.0-B20231213.1013 Description: The issue is related to a Cross-site scripting XSS vulnerability. This vulnerability is located in the Wireless settings under the Easy Setup Page. Recommendations: For...

SUSE CVE-2021-47134

In the Linux kernel, the following vulnerability has been resolved: efi/fdt: fix panic when no valid fdt found setuparch would invoke efiinit-efigetfdtparams. If no valid fdt found then initialbootparams will be null. So we should stop further fdt processing here. I encountered this issue on risc...

Exploit for Path Traversal in Aiohttp

CVE-2024-23334-PoC A proof of concept of the path traversal vu...

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Click SendPress in the Admin...

UBUNTU-CVE-2021-47134

In the Linux kernel, the following vulnerability has been resolved: efi/fdt: fix panic when no valid fdt found setuparch would invoke efiinit-efigetfdtparams. If no valid fdt found then initialbootparams will be null. So we should stop further fdt processing here. I encountered this issue on risc...

PT-2024-22389 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: gpac version 2.3-DEV-rev921-g422b78ecf-master Description: The issue is related to an out of boundary read vulnerability via the gf dash setup period function in the media tools/dash client.c file at line 6374. This vulnerability can allow a...

DarkGPT - An OSINT Assistant Based On GPT-4-200K Designed To Perform Queries On Leaked Databases, Thus Providing An Artificial Intelligence Assistant That Can Be Useful In Your Traditional OSINT Processes

DarkGPT is an artificial intelligence assistant based on GPT-4-200K designed to perform queries on leaked databases. This guide will help you set up and run the project on your local environment. Prerequisites Before starting, make sure you have Python installed on your system. This project has...