PT-2024-7860 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the f2fs component of the Linux kernel, where an unnecessary f2fs bug on call can cause a panic when verify blkaddr is triggered after injecting a fault into f2...

BIT-RAILS-2022-3704

A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real...

CVE-2023-50356 Improper Certificate Validation in AREAL Topkapi Vision (Server)

SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision Server. This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login...

PT-2024-19520 · Seo Panel · Seo Panel

Name of the Vulnerable Software and Affected Versions: SEO Panel version 4.10.0 Description: A user enumeration issue was found, occurring during user authentication. This issue allows an attacker to determine if a username is valid or not through differences in error messages, enabling a...

CVE-2023-52325

A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker...

USN-6571-1 monit vulnerability

Youssef Rebahi-Gilbert discovered that Monit did not properly process credentials for disabled accounts. An attacker could possibly use this issue to login to the platform with an expired account and a valid password...

PT-2024-13859 · Rengine · Rengine

Name of the Vulnerable Software and Affected Versions: reNgine versions prior to 2.1.2 Description: The issue allows OS Command Injection if an adversary has a valid session ID. The attack involves placing shell metacharacters in an "api/tools/waf detector/?url=" string. The commands are executed...

reNgine Operating System Command Injection Vulnerability

reNgine is an automated reconnaissance framework for web applications from the individual developer Yogesh Ojha. Focused on a highly configurable streamlined reconnaissance process supported by an engine, reconnaissance data correlation and organization, continuous monitoring, supported by a...

Honor NTH-AN00 Data Forgery Issue Vulnerability

The Honor NTH-AN00 Honor 50 is a smartphone from the Chinese company Honor. The Honor NTH-AN00 suffers from a security vulnerability that stems from a signature management vulnerability, successful exploitation of which could result in a forged system file overwriting a correct system file...

UBUNTU-CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

CVE-2023-4320

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity...

CVE-2023-4320 Satellite: arithmetic overflow in satellite

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity...

CVE-2023-6837

Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with...

CVE-2023-48392 Kaifa Technology WebITR - Hard-coded Cryptographic Key

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...

Brute force exploit can be used to collect valid usernames

Impact A brute force exploit that can be used to collect valid usernames is possible. Explanation of the vulnerability It's a brute force exploit that can be used to collect valid usernames by using the “forgot password” function when trying to log into the Backoffice. If the username/email is...

Exposure of Sensitive Information

Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information via a brute force attack. An attacker can collect valid usernames by repeatedly attempting to authenticate with different usernames. Remediation Upgrade Umbraco.Cms to version 10.8.1, 12.3.4 or higher...

CVE-2023-49278 Umbraco CMS brute force exploit can be used to collect valid usernames

Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue...

Diamond Sleet supply chain compromise distributes a modified CyberLink installer

Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet ZINC involving a malicious variant of an application developed by CyberLink Corp., a software company that develops multimedia software products. This malicious file is a legitima...

Diamond Sleet supply chain compromise distributes a modified CyberLink installer

Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet ZINC involving a malicious variant of an application developed by CyberLink Corp., a software company that develops multimedia software products. This malicious file is a legitima...

kodbox security breach

kodbox is a network file manager. A security vulnerability exists in kodbox version 1.46.01. An attacker could exploit the vulnerability to identify valid users based on different response messages...