461 matches found
CVE-2024-37932
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...
Mercedes-Benz Head Unit security research report
Introduction This report covers the research of the Mercedes-Benz Head Unit, which was made by our team. Mercedes-Benz's latest Head Unit infotainment system is called Mercedes-Benz User Experience MBUX. We performed analysis of the first generation MBUX. MBUX was previously analysed by KeenLab...
CVE-2024-56762
...
CVE-2024-52585
creationtimestamp| type| source ---|---|--- 2024-11-18 20:50:44+00:00| seen| https://infosec.exchange/users/cve/statuses/113505930058010161 2024-11-18 23:14:27+00:00| seen| https://t.me/cvedetector/11381...
Exploit for CVE-2024-38821
cve-2024-38821 Analysis: h...
Exploit for Unrestricted Upload of File with Dangerous Type in Git
CVE-2024-32002 Versions 1.0.0https://github.com/grec...
CVE-2024-38046
creationtimestamp| type| source ---|---|--- 2024-09-10 17:25:32+00:00| seen| https://www.thezdi.com/blog/2024/9/10/the-september-2024-security-update-review...
API Attack Surface: How to secure it and why it matters
Managing an organization’s attack surface is a complex problem involving asset discovery, vulnerability analysis, and continuous monitoring. There are multiple well-defined solutions to secure the attack surface, such as extended detection and response EDR or XDR, security information & event...
Exploit for Improper Initialization in Linux Linux_Kernel
It is an exploit module/toolkit targeting unspecified products/s...
WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution Exploit
The GiveWP Donation plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP object injection POI flaw granting an unauthenticated attacker arbitrary code execution. This module requires Metasploit: https://metasploit.com/download...
Exploit for Out-of-bounds Write in Microsoft
Windows DWM Core Library Elevation of Privilege Vulnerability...
CVE-2024-38117
creationtimestamp| type| source ---|---|--- 2024-08-13 18:05:01+00:00| seen| https://www.thezdi.com/blog/2024/8/13/the-august-2024-security-update-review...
Polyfill.io Supply Chain Attack: Malicious JavaScript Injection Puts Over 100k Websites At Risk
Polyfill.io helps web developers achieve cross-browser compatibility by automatically managing necessary polyfills. By adding a script tag to their HTML, developers can ensure that features like JavaScript functions, HTML5 elements, and various APIs work across different browsers. Originally...
Measuring, Communicating, and Eliminating Risk With TruRisk™ in Qualys Web Application Scanning (WAS)
In an era where cyber threats loom larger and more complex than ever, organizations demand not just defense but intelligent, cohesive strategies for managing cyber risks. With the Enterprise TruRisk Platform, Qualys reaffirmed its commitment to these needs by focusing its cybersecurity solutions ...
BELL-CVE-2024-38560
Bulletin has no description...
Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: Kiuwan SAST on-premise KOP & cloud/SaaS Kiuwan Local Analyzer KLA vulnerable version: Kiuwan SAST 2.8.2402.3 Kiuwan Local...
CVE-2024-27370
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsinanconfiggetnlparams, there is no input validation check on halreq-numconfigdiscoveryattr coming from userspace, which can lead to a heap overwrite...
Exploit for Use After Free in Tinyproxy_Project Tinyproxy
!Profile Visitorshttps://komarev.com/ghpvc/?username=d0rb&la...
Denial of Service Vulnerability in Quantum 140CPU65150PL at Schneider Electric (China) Co.
The Quantum 140CPU65150PL is the Unity processor in the Schneider Electric family. It combines the standard features of a PLC with the diagnostic capabilities of a network server, communicating using an RJ-45 connection. A denial of service vulnerability exists in the Schneider Electric China...
TruRisk™️ Insights – The Story Behind a TruRisk Score
In the world of cloud and SaaS security, where risks arise not only from vulnerabilities but also from misconfigurations and various threats, the task of prioritizing and managing them becomes increasingly complex. Its not just about identifying vulnerabilities; its also crucial to recognize and...