Internet Malware Propagation: Dynamics and Control through SEIRV Epidemic Model with Relapse and Intervention

Malware attacks in today's vast digital ecosystem pose a serious threat. Understanding malware propagation dynamics and designing effective control strategies are therefore essential. In this work, we propose a generic SEIRV model formulated using ordinary differential equations to study malware...

PT-2025-29370 · Tenda · Tenda Fh1202

Name of the Vulnerable Software and Affected Versions: Tenda FH1202 version 1.2.0.14408 Description: A critical vulnerability exists in the Tenda FH1202. The fromNatlimit function within the /goform/Natlimit file is susceptible to a stack-based buffer overflow. This occurs through the manipulatio...

Agency Problems and Adversarial Bilevel Optimization under Uncertainty and Cyber Threats

We study an agency problem between a holding company and its subsidiary, exposed to cyber threats that affect the overall value of the subsidiary. The holding company seeks to design an optimal incentive scheme to mitigate these losses. In response, the subsidiary selects an optimal cybersecurity...

Critical Flaws in Traccar GPS System Expose Users to Remote Attacks

Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution under certain circumstances. Both the vulnerabilities are path traversal flaws and could be weaponized ...

GO-2023-2378 Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks

Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks...

CVE-2024-32752

The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated communications with ICU, which may allow an attacker to gain unauthorized access...

x86: Incorrect logic for BTC/SRSO mitigations

ISSUE DESCRIPTION Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see:...

CVE-2023-47578

Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery CSRF attacks due to the absence of CSRF protection in the web interface...

XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API

Impact The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming...

Medium: openssl

Issue Overview: Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may...

GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placing

...

moodle.sus.edu Cross Site Scripting vulnerability OBB-2279789

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Engel & Völkers Technology GmbH: HTML Injection in Email

Description: Hi team I have found a HTML Injection vulnerability in your system. Steps to Reproduce: 1. Navigate to https://seller-pages.engelvoelkers.com/ 2. Go to the bottom of the webpage and click on message box at right corner. 3. Fill out the form and enter the HTML payload in First Name an...

CVE-2020-1595

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm...

Spoofing

"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."...

CVE-2020-7679

CasperJS is affected by a Prototype Pollution vulnerability in the mergeObjects utility function across all versions. The issue allows an attacker to inject properties into Object.prototype (via proto or similar paths), potentially polluting prototypes and enabling unintended behavior. Documented...

CVE-2019-11269

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...

CVE-2018-7322

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound...

Kusaba X Multiple Cross Site Scripting Vulnerabilities

Kusaba X is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

[SECURITY] CVE-2010-3449: Apache Continuum CSRF vulnerability

CVE-2010-3449: Apache Continuum CSRF vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Continuum 1.3.6 Continuum 1.4.0 Beta The unsupported versions Continuum 1.1 - 1.2.3.1 are also affected. Description: Administrators are able to change any user's...