Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation Exploit

Exploit Title : Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation Exploit Author: E1 Coders CVE: CVE-2024-21338 require 'msf/core' class MetasploitModule 'CVE-2024-21338 Exploit', 'Description' = 'This module exploits a vulnerability in FooBar version 1.0. It may lead to remote code...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

VolleyballSquid-----CVE-2023-38831-and-Bypass-UAC This is my...

The vulnerability of the Apache Avro data serialization library, related to deficiencies in the deserialization mechanism, allows attackers to trigger a service failure.

The vulnerability of the Apache Avro data serialization library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker to cause service failures...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2024-15361)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

The vulnerability of the Python interpreter, related to errors in processing symbolic references, allows attackers to exploit their privileges.

The vulnerability of the Python interpreter is related to errors in processing symbolic references. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created symbolic reference...

CVE-2024-27914 Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...

Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2024-21147)

The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. Microsoft Windows Kernel suffers from an elevation of privilege vulnerability due to a flaw in a kernel component that can be exploited by an attacker to gain SYSTEM privileges...

CVE-2024-27307

A vulnerability was found in JSONata. A malicious expression can exploit the transform operator to override properties on the Object constructor and prototype. This issue can result in denial of service, remote code execution, or other unforeseen behavior in applications that assess user-provided...

Apache Airflow Information Disclosure Vulnerability (CNVD-2024-26530)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow versions prior to...

The vulnerability of the hci_conn_getPhy function in the Linux operating system’s Bluetooth driver allows a hacker to cause a service failure.

The vulnerability of the hciconngetPhy function in the Linux operating system’s Bluetooth driver leads to a freeze. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the Microsoft Dynamics 365 resource planning software lies in the lack of measures taken to protect the website structure, allowing attackers to perform cross-site scripting attacks.

The vulnerability of the Microsoft Dynamics 365 resource planning software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...

Enhavo CMS Security Vulnerability

Enhavo CMS is a content management system from Enhavo. A security vulnerability exists in Enhavo CMS version v0.13.1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into the Title text field...

How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity

Finding, managing and patching security vulnerabilities on any network, no matter the size, is a tall task. In the first week of 2024 alone, there were 621 new common IT security vulnerabilities and exposures CVEs disclosed worldwide, covering a range of applications, software and hardware that...

GHSA-9W99-78RJ-HMXQ Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

CVE-2024-25298

An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php...

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks PAN-OS. An attacker can exploit the vulnerability to execute malicious JavaScript...

Hyperledger Ursa Information Disclosure Vulnerability

Hyperledger Ursa is a cryptographic library open-sourced by Hyperledger for use with the blockchain. Hyperledger Ursa suffers from an information disclosure vulnerability that is caused by a flaw in the dangling scheme in the CL Signatures implementation. An attacker could exploit the vulnerabili...

Patch now! Fortra GoAnywhere MFT vulnerability exploit available

On January 22, 2024, software company Fortra warned customers about a new authentication bypass vulnerability impacting GoAnywhere MFT Managed File Transfer that allows an attacker to create a new admin user. Fortra GoAnywhere MFT is a file transfer solution that organizations use to exchange the...

CVE-2023-41176

Reflected cross-site scripting XSS vulnerabilities in Trend Micro Mobile Security Enterprise could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177...

CVE

It is a...