CVE-2025-61777 FlagForge Allows Unauthenticated Badge Template API Access

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

Arbitrary File Read And Write

org.apache.karaf.shell.core is vulnerable to arbitrary file read and write. A user with rights to the Karaf console is able to read or write any file on the file system, which would allow an attacker with access to the sshd service to abuse the vulnerability to read or write arbitrary files on th...

BEWARE of new Facebook Malware Claims, 'Malaysia Plane MH370 Has Been Spotted'

Hackers are very smart on gaining from every opportunity they get and this time the lost Malaysian Airlines flight MH370 gave them a chance to hijack, not the plane, but you all sitting over their operating your Facebook account and having an eye on every news related to the Mysterious Malaysian...

Conceptronic Grab'n'Go Authorization Bypass

Security Advisory AA-005: Authorization Bypass Vulnerability in Password Reset Function Conceptronic Grab’n’Go Network Storage 0-day Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 6, 2012 Vulnerability Type= Authorization Bypass...