The vulnerability of the Libraries component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Libraries component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to modify, add, ...

The vulnerability of the Networking component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to manipulate data.

The vulnerability of the Networking component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability allows a malicious actor to manipulate data remotely...

The vulnerability of the Libraries component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Libraries component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to modify, add, ...

The vulnerability of the Core component of the Oracle Health Sciences InForm software for clinical testing allows a hacker to gain access to data and manipulate it.

The vulnerability of the Core component of the Oracle Health Sciences InForm software for clinical testing exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data and manipulate it using a specially craft...

GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets

GitHub has announced the general availability of a new security feature called push protection, which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ago...

Microsoft Security Update Validation Report May 2023

Microsoft’s May 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

Project Name CVE-2021-22555 attack script Description Th...

Product Security: Harnessing the Collective Experience and Collaborative Tools in DevSecOps

In the fast-paced cybersecurity landscape, product security takes center stage. DevSecOps swoops in, seamlessly merging security practices into DevOps, empowering teams to tackle challenges. Let's dive into DevSecOps and explore how collaboration can give your team the edge to fight cyber villain...

Product Security: Harnessing the Collective Experience and Collaborative Tools in DevSecOps

In the fast-paced cybersecurity landscape, product security takes center stage. DevSecOps swoops in, seamlessly merging security practices into DevOps, empowering teams to tackle challenges. Let's dive into DevSecOps and explore how collaboration can give your team the edge to fight cyber villain...

How to Test Port Connectivity

Purpose This article documents how to test connectivity between two machines over a specific port. Product Service Ports Most connection errors involving ports in the 61xx, 93xx, 94xx, and 10xxx ranges are related to Veeam product-related services. Determine if the port in the connection error is...

CVE-2023-30550

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...

Design/Logic Flaw

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...

CVE-2023-30550 IDOR vulnerability exists in metersphere

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...

CVE-2023-30550

MeterSphere (open source continuous testing platform) contains an IDOR vulnerability that lets a project administrator modify other projects within the same workspace, potentially escalating privileges to obtain operating permissions. The issue is fixed in version 2.9.0. Affected component: proje...

CVE-2023-30550 IDOR vulnerability exists in metersphere

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...

PT-2023-9399 · Yealink · Yealink Meeting Server

Name of the Vulnerable Software and Affected Versions: Yealink Meeting Server versions prior to V26.0.0.67 Description: The issue is related to insufficient protection of service data, allowing a remote attacker to gain access to user credentials. This can be achieved by sending an HTTP request...

Updating a submission - testing is i can add a submission by team that was originally an issue for a single warden.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps testings...

CVE-2022-33281

Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames...

Memory corruption

Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames...

PT-2023-13286 · Unknown · Eva Kernel

Name of the Vulnerable Software and Affected Versions: EVA kernel affected versions not specified Description: The issue is related to memory corruption due to improper validation of an array index in computer vision. This occurs when testing the EVA kernel without sending any frames...