CVE-2025-21797 HID: corsair-void: Add missing delayed work cancel for headset status

In the Linux kernel, the following vulnerability has been resolved: HID: corsair-void: Add missing delayed work cancel for headset status The canceldelayedworksync call was missed, causing a use-after-free in corsairvoidremove...

CVE-2023-48750

Missing Authorization vulnerability in voidthemes Void Elementor Post Grid Addon for Elementor Page builder void-elementor-post-grid-addon-for-elementor-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Void Elementor Post Grid Addon for...

CVE-2023-48750 WordPress Void Elementor Post Grid Addon for Elementor Page builder plugin <= 2.1.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in voidthemes Void Elementor Post Grid Addon for Elementor Page builder void-elementor-post-grid-addon-for-elementor-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Void Elementor Post Grid Addon for...

CVE-2023-48750

CVE-2023-48750 affects the Void Elementor Post Grid Addon for Elementor Page Builder (WordPress) up to version 2.1.10. Root cause is Missing Authorization / Incorrectly Configured Access Control Security Levels, enabling unauthenticated access in ways defined by the vulnerability description. Imp...

WordPress plugin Void Elementor Post Grid Addon for Elementor Page builder 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-13640 · Elementor +1 · Elementor Page Builder +1

Name of the Vulnerable Software and Affected Versions: Void Elementor Post Grid Addon for Elementor Page builder versions 2.1.10 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels...

PT-2024-40952 · Pprof · Pprof

Name of the Vulnerable Software and Affected Versions: pprof versions prior to 0.14.0 Description: The issue arises from the unsafe usage of the std::slice::from raw parts API, specifically in the TempFdArrayIterator.next function and when validating addresses with type c void. This can lead to t...

What is known about the Spoofing – Windows MSHTML Platform (CVE-2024-43573) vulnerability from the October Microsoft Patch Tuesday?

What is known about the Spoofing - Windows MSHTML Platform CVE-2024-43573 vulnerability from the October Microsoft Patch Tuesday? In fact, just that it is being exploited in the wild. There are no write-ups or public exploits yet. The Acknowledgements section in the Microsoft bulletin is empty. I...

PT-2024-6158

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Description The issue is related to a Windows MSHTML platform spoofing vulnerability, which allows attackers to execute arbitrary code remotely. This vulnerability has been exploited by the...

How to root an Android device for analysis and vulnerability assessment

TL;DR Rooting is useful for Android assessments The process is relatively simple It will wipe all user data from the device and void any warranty Introduction For mobile testing, be it for apps or hardware, having complete control over the device is essential for analysis and vulnerability...

CVE-2024-43281

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows PHP Local File Inclusion.This issue affects Void Elementor Post Grid Addon for Elementor Page builder: from n/a through 2.3...

WordPress plugin Void Elementor Post Grid Addon for Elementor Page builder 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2024-30446 · Elementor · Void Elementor Post Grid Addon

Name of the Vulnerable Software and Affected Versions: Void Elementor Post Grid Addon for Elementor Page builder versions prior to 2.3 Description: The issue affects the Void Elementor Post Grid Addon for Elementor Page builder, allowing PHP Local File Inclusion due to a Path Traversal...

CVE-2024-43291

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder allows Stored XSS.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.4.1...

CVE-2024-43291

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder allows Stored XSS.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.4.1...

WordPress plugin Void Contact Form 7 Widget For Elementor Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Void Contact Form 7 Widge...

WordPress Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin Void Contact Form 7 Widget For Elementor Page Builder versions = 2.4.1...

CVE-2024-42063 bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...

Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer

An advanced persistent threat APT group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in mid-Ma...

CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks

Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched...