CVE-2024-48425

CVE-2024-48425 affects the Open Asset Import Library (assimp) in SplitLargeMeshesProcess_Triangle::UpdateNode, causing a segmentation fault from a null/invalid pointer dereference observed during AddressSanitizer fuzzing (read access to 0x460). Reports across openSUSE/SUSE advisories and Nessus p...

DEBIAN-CVE-2022-48992

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcmbereparent API, to handle kernel NULL pointer dereference error. The issue occurred in fuzzing test...

Guide:  The Ultimate Pentest Checklist for Full-Stack Security

Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organization's attack surface, both...

Oracle Application Testing Suite (October 2024 CPU)

The versions of Oracle Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory. - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps...

@semic/testing (=2.2.11) potentially affected by CVE-2024-48914 via @vendure/asset-server-plugin (=3.0.0)

@vendure/asset-server-plugin NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @vendure/asset-server-plugin and may be impacted: - @semic/testing =2.2.11 Source cves: CVE-2024-48914 Source advisory: OSV:GHSA-R9MQ-3C9R-FMJQ...

Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus

CVE-2021-40539 CVE-2021-40539: ADSelfService Plus RCE Vulner...

Malicious code in test-automation-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f06e180b42b483251e9be9757c11456faac61b034b2b3c0cb72e20162987c156 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Microsoft Security Update Validation Report October 2024

Microsoft’s October 2024 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwar...

Google Search user interface: A/B testing shows security concerns remain

For the past few days, Google has been A/B testing some subtle visual changes to its user interface for the search results page. You may only get the new UI for certain types of searches or based on your current geolocation. This test is not to be confused with but could part of a previously...

Accumulated Test Vectors

I like tests. I especially like reusable test vector libraries. Sometimes test vectors are lovingly handcrafted to target obscure edge-cases. Those vectors belong in Wycheproof or with the upstream specification. Sometimes though vectors are produced by sheer brute force. Enumerate every possible...

Qualys VMDR Rated as the Only Leader and Outperformer by Independent Analyst Firm for the Second Consecutive Year

Qualys VMDR received the highest possible scores for risk-based assessment, cloud-native and serverless function scanning, and flexibility of deployment, among 20 vendors evaluated in this report. As the threat landscape evolves, vulnerability management remains a cornerstone of security...

Why Fuzzing Isn’t Enough to Test Your APIs for Security Issues

Learn about API testing best practices and find out why fuzzing has limitations for enterprises that need API security...

The vulnerability of the Kernel-mode microprogramming driver for Intel Ethernet E800 series controllers in the Linux operating system allows a hacker to induce a service failure.

The vulnerability of the Kernel-mode microprogramming driver for Intel Ethernet E800 series controllers in the Linux operating system is related to insufficient testing of unusual or exceptional states. Exploiting this vulnerability could allow a perpetrator to cause service failures...

Exploit for Cross-site Scripting in Wondercms

CVE-2023-41425 Description A Cross Site Scripting vulnerab...

The vulnerability of the version_upgrade.asp function in D-Link router microprogramming devices such as DI-7003G, DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 allows a hacker to execute arbitrary commands.

The vulnerability of the versionupgrade.asp function in D-Link router microprogramming devices such as DI-7003G, DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 is related to insufficient testing of the arguments passed in the command. Exploitation of this...

Exploit for SQL Injection in Bplugins Html5_Video_Player

EN A PoC exploit scanner for CVE-2024-5522 vulnerability in Wo...

xmlsec1 bug fix update

An update is available for xmlsec1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list XML Security Library is a C library based on LibXML2 and OpenSSL. The library...

libuser bug fix and enhancement update

An update is available for libuser. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libuser library implements a standardized interface for manipulating and...

The vulnerability of Intel Data Center GPU Max relates to insufficient testing of unusual or exceptional states, allowing a perpetrator to trigger a service failure.

The vulnerability of the Intel Data Center GPU Max graphic processor is related to insufficient testing of unusual or exceptional states. Exploiting this vulnerability can allow a perpetrator to cause service failures...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

EN Is a Proof of Concept PoC script to check for vulnerabil...