Hackers use macOS extended file attributes to hide malicious code
US govt officials’ communications compromised in recent telecom hack
OpenText Cybersecurity Unveils 2024's Nastiest Malware
Toolkit Vastly Expands APT41's Surveillance Powers
Zero-Days Win the Prize for Most Exploited Vulns
CISA Releases Its First Ever International Strategic Plan
Lacoste First to Use AI-Powered Anti-counterfeiting Solution
20% of Industrial Manufacturers Are Using Network Security as a First Line of Defense
Leaked info of 122 million linked to B2B data aggregator breach
Microsoft patches Windows zero-day exploited in attacks on Ukraine
Iranian Cybercriminals Target Aerospace Workers via LinkedIn
Google AI Platform Bugs Leak Proprietary Enterprise LLMs
China's Volt Typhoon botnet has re-emerged
US indicts Snowflake hackers who extorted $2.5 million from 3 victims
Critical bug in EoL D-Link NAS devices now exploited in attacks
New Google Pixel AI feature analyzes phone conversations for scams
Iranian threat group targets aerospace workers with fake job lures
Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws
AI Threat to Escalate in 2025, Google Cloud Warns
Hive0145 Targets Europe with Advanced Strela Stealer Campaigns
November Patch Tuesday loads up everyone’s plate
www.scworld.com | 502: Bad gateway
www.scworld.com | 502: Bad gateway
www.scworld.com | 502: Bad gateway
www.scworld.com | 502: Bad gateway
www.scworld.com | 502: Bad gateway
Zoom addressed two high-severity issues in its platform
Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel
Navigating the World of Cyber Security: A Beginner’s Roadmap | by SaikoushikNalubola | Nov, 2024 | Medium
Broadcom unveils private cloud enhancements
Edera launches open-source tool for container runtime security
Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity
Bitdefender Finds New ShrinkLocker Ransomware, Releases Its Decryptor Tool
The Role of Artificial Intelligence in Lead Generation
Cequence Security enables organizations to elevate their API defenses
Vectra AI adds AI-powered detections to help secure Microsoft customers
Adaptive Email DLP Solves the Problem of Email Misdelivery
New ShrinkLocker ransomware decryptor recovers BitLocker password
CrowdStrike Spends to Boost Identity Threat Detection
How CISOs Can Lead the Responsible AI Charge
Lazarus Group Uses Extended Attributes for Code Smuggling in macOS
ShrinkLocker ransomware decyptor recovers BitLocker-encrypted files
New Essay Competition Explores AI’s Role in Cybersecurity
How to ward-off fraudulent job seekers propped up by AI  
Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims
Absolute Security releases Enterprise Edition
GoIssue phishing tool targets GitHub developer credentials
It’s a Hard Time to Be a CISO. Transformational Leadership Is More Imp
Amazon MOVEit Leaker Claims to Be Ethical Hacker
Comprehensive Guide to Building a Strong Browser Security Program
Cisco introduces Wi-Fi 7 access points to enhance employee and customer experiences
Aerospace employees targeted with malicious "dream job" offers
Nirmata Control Hub automates security with policy-as-code
Rakuten Viber unveils new security solutions for businesses
Microsoft Fixes Four More Zero-Days in November Patch Tuesday
OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution
Emmenhtal Loader Uses Scripts to Deliver Lumma and Other Malware
Bectran adds RSA encryption to protect the transmission of sensitive data
Splunk expands observability portfolio to provide organizations with deeper business context
Syteca Account Discovery strengthens privileged access management
Tips for a successful cybersecurity job interview
Social engineering scams sweep through financial institutions
Middle East Cybersecurity Catches Up After Late Start
Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks
Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs
Cyber professionals face an IP loss reckoning in 2025
DDoS attack targets Israeli credit card readers
Joint RustyStealer, Ymir ransomware attacks emerge
Over 300K Presbyterian Healthcare patients hit by third-party breach
CISOs in 2025: Balancing security, compliance, and accountability
November Patch Tuesday brings cornucopia of 89 fixes to Windows
November brings cornucopia of 89 Windows patches
Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days
Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues
2 Zero-Day Bugs in Microsoft's Nov. Update Under Exploit
Amazon Employee Data Compromised in MOVEit Breach
November Patch Tuesday release contains three critical remote code execution vulnerabilities
Microsoft Exchange adds warning to emails abusing spoofing flaw
D-Link won’t fix critical bug in 60,000 exposed EoL modems
Advisory Boards: When and How to Build Them – Benny Lakunishok – FS #3
Millions of records from MOVEit hack released on dark web
Ahold Delhaize experienced a cyber incident affecting several of its U.S. brands
Halliburton Ransomware Attack Costs Energy Giant $35 Million - Security Spotlight
SelectBlinds Data Breach: 200,000 Customers Impacted by E-Skimming Attack - Security Spotlight
Microsoft's November Patch Tuesday Fixes 91 Vulnerabilities, 4 Zero-Days
Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)
Data Vigilante Leaks 8 Million Employee Records from Amazon, HP and Others
Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws
Windows 10 KB5046613 update released with fixes for printer bugs
Windows 11 KB5046617 and KB5046633 cumulative updates released
Struwwelpeter, Krampus, Flutter, Apple, DLink, C++, Josh Marpet and more… – SWN #430
Signal introduces convenient "call links" for private group chats
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
'GoIssue' Cybercrime Tool Targets GitHub Developers En Masse
TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware
A cyberattack on payment systems blocked cards readers across stores and gas stations in Israel
Amazon Data Breach: Employee Information Exposed After Vendor Hack - Security Spotlight
Halliburton Confirms Data Breach in Recent Cyberattack - Security Spotlight
Citrix Issues Patches for Zero-Day Recording Manager Bugs
6 Principles of Operational Technology Cybersecurity released by joint NSA initiative
Akamai App Platform reduces the complexity associated with managing Kubernetes clusters
BlackFog platform enhancements boost data loss prevention
Volt Typhoon rebuilds malware botnet following FBI disruption
What Listening to My Father Told Me About Cybersecurity
Planned ICS Security Spending: Incident Response, Anomaly Detection
Citrix Zero-Day Bug Allows Unauthenticated RCE
Power of the Purse: How to Ensure Security by Design
CISOs Turn to Indemnity Insurance as Breach Pressure Mounts
Phishing Tool GoIssue Targets Developers on GitHub
Identify Security Training: How important is it? – Eric Belardo – CSP #200
North Korean hackers create Flutter apps to bypass macOS security
New Citrix Zero-Day Vulnerability Allows Remote Code Execution
North Korea Hackers Leverage Flutter to Deliver macOS Malware
Single points of failure breed systemic risk to national security
Apple indeed added a feature called "inactivity reboot" in iOS 18.1 that reboots locked devices
North Korean Hackers Target macOS Using Flutter-Embedded Malware
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns
New GitLoker-Linked GoIssue Tool Targets GitHub Users for Phishing
Zscaler Zero Trust Segmentation prevents lateral movement from ransomware attacks
Druva empowers businesses to secure data throughout Microsoft environments
F5 AI Gateway secures and optimizes access to AI applications
Hot Topic breach: Has your credit card info been compromised?
Ymir ransomware, a new stealthy ransomware grow in the wild
5 Ways Behavioral Analytics is Revolutionizing Incident Response
Massive troves of Amazon, HSBC employee data leaked
Eurotech ReliaGATE 15A-14 enables organizations to meet regulatory standards
Immersive Labs AI Scenario Generator improves cyber skills against various attack types
Energy Giant Halliburton Reveals $35m Ransomware Loss
Beyond Castle Walls: Operational Technology and Zero Trust
State of SaaS Security Report: Bold Moves Required to Secure SaaS in 2024 and Beyond
Cybersecurity jobs available right now: November 12, 2024
Powerpipe: Open-source dashboards for DevOps
Ambitious cybersecurity regulations leave companies in compliance chaos
Learn Key Strategies for Industrial Data Security
New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks
Evaluating your organization's application risk management journey
The changing face of identity security
The Ultimate Guide to the CGRC
iPhones now auto-restart to block access to encrypted data after long idle times
VMware makes Workstation and Fusion free for everyone
New Ymir ransomware partners with RustyStealer in attacks
Amazon discloses employee data breach after May 2023 MOVEit attacks
HIBP notifies 57 million people of Hot Topic data breach
Halliburton Remains Optimistic Amid $35M Data Breach Losses
Revamped Remcos RAT Deployed Against Microsoft Users
‘Top 10’ malware strain, Remcos RAT, now exploiting Microsoft Excel files
Critical NAS-ty flaw strikes D-Link storage boxes
Amazon confirms employee data breach after vendor hack
Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools
Facebook Asks Supreme Court to Dismiss Cambridge Analytica Lawsuit
Flexible Structure of Zip Archives Exploited to Hide Malware Undetected
New Remcos RAT Variant Targets Windows Users Via Phishing
WEF Launches New Framework to Combat Cybercrime
Microsoft Visio Files Used in Sophisticated Phishing Attacks
Microsoft Bookings Flaw Enables Account Hijacking and Impersonation
Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace
Halliburton reports $35 million loss after ransomware attack
AI & LLMs Show Promise in Squashing Software Bugs
Open Source Security Incidents Aren't Going Away
A new fileless variant of Remcos RAT observed in the wild
New GootLoader Campaign Targets Users Searching for Bengal Cat Laws in Australia
Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald's, HSBC, HP, and Potentially 1000+ Other Companies
EU Ramps Up Cyber Resilience with Major Crisis Simulation Exercise
How to capture that ‘sense of purpose’ in a cybersecurity career
Bitcoin Fog Operator Gets 12.5 Years for Longest-Running Bitcoin Laundering
CISA Urges Patching of Critical Palo Alto Networks’ Expedition Tool Vulnerability
Pensioners Warned Over Winter Fuel Payment Scam Texts
Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation
The ROI of Security Investments: How Cybersecurity Leaders Prove It
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04 - Nov 10)
Dispelling the Myths of Defense-Grade Cybersecurity
Man Gets 12.5 Years for Running Crypto Mixer
A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine
HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities
Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware
How human ingenuity continues to outpace automated security tools
Setting a security standard: From vulnerability to exposure management
November 2024 Patch Tuesday forecast: New servers arrive early
The Rising Tide of Linux Ransomware: Are Your Systems Secure Enough? | by Zammaar Malhi | Oct, 2024 | Medium
After 48 Years, It’s A Long Goodbye to the Diffie-Hellman Method | by Prof Bill Buchanan OBE FRSE | Oct, 2024 | Medium
Security Engineer — What makes a security engineer? Pt.1 | by Fahri Shihab | Nov, 2024 | Medium
Security Spotlight - Daily Security Review
4 reasons why veterans thrive as cybersecurity professionals
Strategies for CISOs navigating hybrid and multi-cloud security
Porn Site xHamster Crushed by Fresh Malvertising Attack
We Regret To Inform You There Has Been A Breach In Your Security Data | by Kate Brennan | Slackjaw | Nov, 2024 | Medium
My OSINT HomeServer (alpha).. I have been during the last few weeks… | by JJ Gallego | Oct, 2024 | OSINT Team
20 Open Redirect Bugs in Few Minutes | by AbhirupKonwar | Nov, 2024 | Medium
Pretend AI, aka Microsoft Recall. “If you want to keep a secret, you must… | by Prof Bill Buchanan OBE FRSE | Nov, 2024 | Medium
Email HTML injection with a simple tip | by Spider4 | Nov, 2024 | Medium
Explore topics
GitHub users targeted by dangerous new phishing threat | TechRadar
The Importance of Predicting Cyber Threats Proactively - PhishCloud
Hot Topic data breach exposed personal data of 57 million customers | TechCrunch
Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel
How to Secure the beast (GenAI): Use cases, Security Challenges, and applicable solutions
- YouTube
The cost of a NAND chip off attack is 170.87€
ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again
- YouTube
Ivanti Community
- YouTube
International Cyber Security Agencies List Top 15 Exploited Vulnerabilities Of 2023 - SecAlerts
Chinese hackers Volt Typhoon are back, and rebuilding their botnet to target new victims | TechRadar
Tackling ransomware without banning ransom payments | TechRadar
Abusing Ubuntu 24.04 features for root privilege escalation | Snyk
The Problem with IoT Cloud-Connectivity and How it Exposed All OvrC Devices to Hijacking | Claroty
Fault Injection - Down the Rabbit Hole - hn security
Trustwave and Cybereason announce merger | CyberScoop
How the Creator of Zero Trust Developed Today’s Most Robust Cybersecurity Strategy | WIRED
Adaptive Cybersecurity Strategies: Staying Ahead of Attackers - PhishCloud
Delta, Amazon confirm vendor breach as dark web posts revive MOVEit leak concerns
Vulnerability Summary for the Week of November 4, 2024 | CISA
Are Automated PRs Closing the Gap in Dependency Updates?
Millions of jobseekers could be at risk after private data leaked online by recruitment firm | TechRadar
- YouTube
Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown)
A Closer Look at White Collar and Cybercrime | by Paul Wright | Nov, 2024 | Medium
Just a moment...
Snowflake hackers identified and charged with stealing 50 billion AT&T records | TechCrunch
Critical Security Update for Dell Enterprise SONiC Distribution: Addressing CVE-2024-45763, CVE-2024-45764, and CVE-2024-45765 Vulnerabilities
Two major hacking groups are teaming up for dangerous new ransomware attacks | TechRadar
Cyber Attack Temporarily Shuts Down Southern Oregon Veterinary Specialty Center, Disrupts Animal Care Services
Trump team vulnerable to cyber threats by not signing transition memos, experts warn
Just a moment...
New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks
System Prompt Exposure: How AI Image Generators May Leak Sensitive Instructions
Major breach at American debt services firm exposes data of over a million customers | TechRadar
The WIRED Guide to Protecting Yourself From Government Surveillance | WIRED
Cyberattack Disrupts Ahold Delhaize Grocery Chains Across 18 States
Redirecting to ./063-A_Fast_Heuristic_for_Mapping_Boolean_Circuits_to_Functional_Bootstrapping
Hackers are targeting people who type these six words into their computer
New GootLoader Campaign Targets Users Searching for Bengal Cat Laws in Australia
Grocery giant Ahold Delhaize’s US operations disrupted by cyberattack | Cybersecurity Dive
Just a moment...
Karen Read and the VANITY (un)Fair Article - Part 1
GitHub - INIT6Source/AUGMENTERS-BIOHACKING-FAQ: Frequently asked questions about augmentation, biohacking, grinding, implants, and related topics.
Set Forth, Inc. Data Breach Exposes 1.5M Customer Records
How to Close Cybersecurity Compliance Gaps - PhishCloud
GitHub - chebuya/sastsweep: Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets
Bypass GuardDuty Pentest Findings for the AWS CLI - Hacking The Cloud
Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald's, HSBC, HP, and Potentially 1000+ Other Companies | InfoStealers
City of Sheboygan Faces Cyberattack and Ransom Demand
Ruby SAML CVE-2024-45409: As bad as it gets and hiding in plain sight — WorkOS
Tales of the Crimson Foes – Unicorn Security – Breaching Unicorns
- YouTube
A hack for Mark Rober's Crunchlabs Sand Garden Hackpack that converts an image into a pattern that can be drawn in the sand.
login-spring-security-prueba
This app is an anti-theft security solution designed to protect your phone from theft or unauthorized access. It features multiple services, including motion detection and pocket removal detection.
🛠️ VehicleInfoGA - Powered by open-source contributors. Let's build a safer digital world! 🌍🔍
# Cybersecurity Toolkit ### Description This repository contains various tools and projects related to cybersecurity, developed by me. It includes projects in C++ and Python focused on network security, log analysis, and automation of security tasks.
This proof of concept (POC) demonstrates the use of Debezium for CDC in a database. These changes are then streamed into Kafka and consumed by the baas-charges-module (demo project) after being serialized by the baas-analytical-module (demo project). The
DATA 1202 Project
This project is designed to fill in the gap for people who are trying to hack it on their own but still want a high quality education.
Bash Script для первой настройки сервера
Proof-of-Concept-SCARA
A test for a potential rebuild of my engine with multiple window support, may be extremely broken and only posted as a proof of concept
security-panel
This proof of concept demonstrates how to authenticate users with Tumblr using OAuth 1.0a in a Node.js application.
A cyber security tool written in python
A proof of concept to see how to implement C++ functions in a Minecraft Bedrock Environment
Proof of concept for an Event Driven DDD system
This program was created as a result of a housemate showing me a Rabbit R1. I created my own very slow version as a proof of concept using a webdriver, meta llamas, and webscraping skills. It is slow and makes occaisonal mistakes but it did win a race aga
ProofOfConcept_Timeline
A 3D track map to see the difference in racing lines between two laps. Alongside this, graphs that are available within the Motec software are created as a proof of concept.
A simple application for querying Hacker News API
Lab/Example - Link to the KubeCon CloudNativeCon NA 2024
SpringSecurityJWT-2
Jailbreaking-and-hacking-the-fire-HD-7-8-and-10
A proof of concept to decouple web apps from domain controllers and active directory
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
Building a Proof of Concept (PoC) for a Synchronous Request-Response Communication Pattern Between Two Microservices Within an E-commerce Architecture
A mobile hacking station for full-scope pentesting.
cyber_security_defense-_mechanism
Proof of concept Limbus Company server reimplementation.
A proof of concept script for cracking and obtainig `itsdangerous` library secret keys by brute forcing user cookies submited by server.
Hack HTML 1
Awesome LLM for Cybersecurity
Proof of concept Frappe Framework App for managing Enterprise and Solution Architectures
The Hospital Security Application is a system designed to verify and manage authorized visitors for patients. The system will be run by Admins and Security personnel. Security will verify the visitor’s identity using their National ID and check against th
Proof-of-concept (PoC) exploit for JSONPath-plus vulnerability
Solana Sniper Bot - Proof of Concept
Proof of Concept (POC): A preliminary project or demonstration showcasing the feasibility and potential of an idea, product, or solution.
Google-Cyber-Security-Certificate
A hack on pev2
Bengali game hacking
A proof-of-concept blockchain-based identity management system for KYC.
SecurityCode
Kaeri = change, poc = proof of concept. "Changing Proof of Concept!"
SpringSecurity
Assignment 2 of the course "Ethical Hacking" at Univeristy of Stavanger
spring boot JUnit test using security
Offensive security tool, dumbshell upgrader!
This application DOES NOT have any SECURITY BACKEND. Please DO NOT use this on a live server.
SpringSecurityJWT
A simple, proof of concept application for interacting with TXDot specifications
3.3 Compare and contrast concepts and strategies to protect data
Proof of Concept for the Audio Alerts System, an interactive GUI-based application designed to test and manage audio alerts across different categories.
rainbow-six-siege-hack rainbow-six-siege-esp rainbow-six-siege-cheat r6-cheat r6-hack r6s-cheat rainbow-six-cheat r6s-hack r6s-esp rainbow-six-siege-hack-free free-r6s-hack rainbow-six-hack-free r6s-hack-free rainbow-six-siege-hacks rainbow-six-siege-chea
**Apex Web Services Superbadge**: Build and secure RESTful APIs in Salesforce. This unit enhances skills in creating and handling HTTP requests and responses, using custom metadata, and applying security best practices. Complete this badge to master scala
bashscipts for cyber security class
his POC (Proof Of Concept) is created to demostrate how Python3 - boto3 can be used for AWS resource creation and destruction.
Basic proof of concept for weapon malfunctioning
spring-security-with-custom-filter
internal security audit
SecurityAssignment
Readme About Organisation Hacks
Generic Proof of Concept Learning Management System
MEV Uniswap Bot – A sophisticated bot built for executing MEV-based trading strategies, including sandwich attacks, on Uniswap. Maximizes profitability with high security and compatibility across EVM networks. Perfect for traders and developers looking to
microfrontend proof of concept
Send Text using the ping command (proof of concept)
Proof of Concept (PoC) WebSocket server capable of handling a high volume of concurrent connections.
workflow-security-test-1
OOP Final Project 2: Proof Of Concept
securitydemo
How to hack wifi?
BNN - HAN: Hierarchical Self-Attention Network Proof-of-Concept/Demo
hack
Cyber-Security-Analyst
AIRS is a Proof of Concept (POC) application that modernizes issue tracking and resolution through AI integration and Microsoft Teams connectivity. This system leverages artificial intelligence to automate issue classification, prioritization, and resolut
Enhanced personal version of RandoInjector. This code shows a DLL injector that uses the LoadLibrary injection method by creating a remote thread in a target process to load the specified DLL. Mostly used in game hacking or malware development.
security-chatbot
Proof of concept for being able to call actions from another repo
Xavier-Ethical-Hacking-Projects-2-
Proof of concept for Avalonia as UI framework replacement for WinForms
security-resources-dashboard
Security-Test
SECURITY1
test security with kotlin
This Project is for Hack The Hills Hackathon
A proof of concept integrating sigstore verification into bundle/gem install
Authentication & Authorization with Spring Security
An encrypted password manager featuring category and tag-based organization, secure storage with cryptographic encryption, and a built-in random password generator for enhanced security
Demo for Mark @ SJ
SailPoint's Identity Security Cloud solution enables organizations to manage and secure real-time access to critical data and applications for every enterprise identity with an intelligent and unified approach.
Proof of Concept for extending Django Oauth Toolkit with JWT Bearer client validation and Grant
security-testing-client
Safemax-Security
Expo Proof of concepts collection
A keyboard layout for Netrunner, Hacker und Terminal-Junkies
Bosonnet is an autonomous, AI-driven, and Bitcoin-anchored network designed for decentralized digital asset management within the Bitmap ecosystem. Leveraging Bitcoin’s unparalleled security and AI-driven agents, Bosonnet empowers users to manage and inte
Debt token proposal for Radiant hack reimbursement
HackingHeticoWIFI
Flash USDT: Your Ultimate High-Volume Crypto Transfer Tool! Easily send a minimum of 10k USDT using our Flash USDT Sender. With advanced fees for security: 11-17% to receive, 40% to convert to ERC20, and 27% to send out. It’s all you need to manage large
proof of concept mod for https://github.com/funtimes909/serverseekerv2
Sunela Personal Security Device (top-level repo)
This project demonstrates a simplified model-based security threat and risk analysis in MATLAB and Simulink.
Course Work for my BS in Cyber security
The bbot
Used HTML, CSS, JavaScript to Developed a Password Analyzer that evaluates security elements like length, special characters, lowercase letters, and numbers.
Tiny proof-of-concept for applying apec-oriented-programming to infrastructure-as-code
Security-in-WiMAX-implementation
LLM Security
Go microservice for storing users, credentials, login and registration security
A proof of concept of using nx release version to update versions and GH CLI to create GH releases.
login-jwt---spring-security
This Project demonstrates the use of spring framework for developing the backend of a hotel booking app. It includes adding rooms, updating room information, uploading images as multipart file, creating booking information, using Java 8 new date api, upda
"Dead1ock-h4ck" is an open-source project dedicated to exploring cybersecurity and ethical hacking techniques. The project aims to provide resources and tools for learning about network security, cryptography, and penetration testing.
securityplus701
Escape from Tarkov Cheats with Radar Hack and more
netlify-dev-server-proof-of-concept
This project explores the relationship between food security and school attendance using R for data analysis and visualization.
project developed for my master's in Information and Cyber Security
Vision is a truly unique software for Deadlock
SecurityToken_Generator
A Power BI Sales Insights Dashboard that analyzes sales performance by region, product, and customer segment. Features include dynamic filters, top product analysis, and Row-Level Security (RLS) for data protection. Built with DAX and SQL, this interactiv
Created an application to track ,store,update and display user workouts. • Added authentication to provide data-security for every user using JWT.
Proof of concept of a genetic algorithm applied to schedule generation.
Fraud_detection_for_financial_security
SpringSecurityDemo
A proof-of-concept of an IoT ingest pipeline
prophet-security-takehome
RagProofOfConcept
A password toggle feature using JavaScript! This simple yet effective enhancement allows users to easily switch between showing and hiding their passwords, improving both usability and security. Check out the code snippet and see how you can add this func
A company that prioritizes security and data protection
TON | Hackers League: Winter 2024
Password Manager with OAuth Integration A secure password manager built with the MERN stack (MongoDB, Express, React, Node.js) and Tailwind CSS. Features include OAuth login (Google, GitHub, Facebook), custom password generation, security analysis, 2FA, a
This is my repository to test proof of concept GitHub Action workflows in different stacks (FastAPI, Node.js, Spring Boot, and more)
My hobby hacker
NeyworkSecurity
trying different steps to building a portfolio. I am going to follow the video instructions on this one and see if I can hack the previous portfolio project to work with the React code.
Event Management System is a secure Java-based web app that simplifies event organization and participation. Built with Spring MVC, JPA, and Thymeleaf, it ensures smooth navigation and data handling. Spring Security provides robust authentication and auth
FHE-Security-Guidelines
Registration, Authentication and Authorization with thymeleaf
Automated security scanning in DevSecOps pipelines is a medium-scale project with a significant impact. By integrating automated security tools directly into the CI/CD pipelines, organizations can identify and rectify vulnerabilities during the developmen
A simple command-line password manager in Node.js for securely storing, retrieving, and managing passwords with encryption. It allows users to set, get, and remove passwords for different websites.
Basic CSRF proof of concept generator
security_lab3
security_vulnerabilities
This python code is meant to be a proof of concept piece of code showing one how they could potentially scrap phone numbers from a list of domains.
A sample module to proof concept of parallel content building in Drupal.
firebase-security-rules-generator
ReStep-Proof-of-concept
spring-security
A front-end proof-of-concept playground to test out concepts and ideas
Group Project Security
Tracks the rank and other metrics of an Hacker News item over time.
Junction 2024 Hacking challenge
Proof of Concept
This is the repository for Hack-Web3Confr, place to submit your ideas and get a chance to win prizes on GSSOC.
Write Ups from HackTheBox, OverTheWire, VulnHub, and other different platforms.
A proof of concept for detecting misinformation using a neural network
SecurityProject
Kali-Linux-Security-and-Tools-lab-1-lab-2-lab-3-
An Undetected External Hack written in C++
javacode_spring_security_oauth
A project from the ALX Backend Engineering program focused on user data collection, validation, and storage. It covers key backend concepts such as database management, CRUD operations, and ensuring data security and privacy.
Assignments Completed during CSE350:Network Security Course in IIITD during Winter 2024 Semester. Professor: Bijendra Nath Jain
Spring-Security-Recap
security_project
SecurityBaselineConfig.ps1
This is the frontend repo of SafeMax Security
SQLMap Command Generator: A web-based tool to easily generate customizable SQLMap commands for testing SQL injection vulnerabilities. Features include target configuration, connection options, detection levels, and various SQL injection techniques. Perfec
A Java-based API testing framework for healthcare benefits management, using RestAssured and JUnit for automated testing. It covers authentication, benefits endpoints, and security validation, with Mockito for mocking and Allure for reporting. Ensures API
A proof-of-concept exploit for old, vulnerable xwiki installations (educational purposes only)
Aplicación Spring Boot con Api Gateway y Spring Security
codeguru-security-reviewer
security-auditing
An Augmented Reality Tattoo Previewer Proof of Concept powered by AI by Ignacio Castro for CoCreate
This is the eighth project for the AI engineering master. The main goal is to develop an advanced cybersecurity solution based on Reinforcement Learning algorithms. The project focuses on the application of SARSE and DDQN within the gym-idsgame environmen
I am an aspiring cybersecurity professional with strengths in problem-solving and programming, driven by a commitment to protect people and ensure equitable access. Currently earning certifications, I am focused on building a career dedicated to safeguard
A comprehensive bug bounty methodology compiled from extensive research, covering web application reconnaissance, checklists, and methods for identifying various bugs. This guide aims to help bug hunters improve their skills in finding, verifying, and res
2024-software_architecture_and_design_task-2_proof_of_concept
Cryptography-and-Computer-Security
Spring-Security-
implemting an ui-app using angular and backend in spring
Proof of concept for the landing page of a marketing site
Safemax_Security
Rally Fury unlimited money and tokens and speed hack download
An ecommerce rest api app made using spring boot and spring security dependencies'.
Roblox Welcome to Bloxburg Script Hack Cheat Exploit Executor GUI Lua Keyless No Key Macros Pastebin 2024 (Working PC/Mobile/Android/IOS) OP Autofarm
Hi, I'm Muhammad Zubair, a Cyber Security Professional. I use writing to share insights and help others navigate the evolving world of cybersecurity.
Roblox Warrior Cats: Ultimate Edition Script Hack Cheat Exploit Executor GUI Lua Keyless No Key Macros Pastebin 2024 (Working PC/Mobile/Android/IOS) OP Autofarm
Website for AWS Hacks Fall 2024
Roblox Tower Defense X Script Hack Cheat Exploit Executor GUI Lua Keyless No Key Macros Pastebin 2024 (Working PC/Mobile/Android/IOS) OP Autofarm INF CASH, AND MORE
Roblox Five Nights TD Script Hack Cheat Exploit Executor GUI Lua Keyless No Key Macros Pastebin 2024 (Working PC/Mobile/Android/IOS) OP Autofarm Auto Upgrade Auto Farm & Place
Implementación DevOps basada en Docker-Bench-Security: Integración de seguridad y monitoreo con Docker, Jenkins, Prometheus y Grafana
Declarative auth, authz, and rate limiting for Connect/gRPC services using Protobuf options. Define security policies directly in your APIs.
RSA encryption is a public-key cryptographic system that secures data by encrypting it with a public key and decrypting it with a private key, relying on the difficulty of factoring large numbers for security.
Process hollowing is a technique in which a unlegitimate programm injects its code into the address space of a legitimate running process, effectively taking over its execution while remaining hidden. This technique is most commonly used in game hacking o
Shld is a comprehensive attack surface management and security scanning solution designed to identify, assess, and protect critical assets from vulnerabilities. It helps organizations proactively secure their infrastructure by scanning for potential risks
A proof of concept to validate the viability of security log analysis using LLMs within the RODELA platform.
Uma implementação OAuth2 usando Spring Boot 3.3+. Este projeto demonstra uma configuração completa do OAuth2 com um servidor de autorização, servidor de recursos e aplicativos cliente.
Security-Audit
A project for Ctrl Hack Del Project (2024)
OWASP Web is a deliberately vulnerable web application with the intent to test users on their software security skills.
6005CEM--Security
java-security
A security-first app that scans public Instagram data to reveal sensitive info you might be unknowingly sharing. Get a privacy score and tips to boost your digital security instantly.
Simple PHP page to implement 2FA and test SQL injection
CyberSecurityDashboard
This repo contains the reports, analysis results, and worksheets that I completed during the Google Cybersecurity Specialization course. It serves as a collection of materials and hands-on exercises designed to enhance my knowledge and practical skills
Venom Security Tools is a streamlined network security suite for cybersecurity professionals and enthusiasts. With features like open port scanning, service detection, Wi-Fi speed tests, and IP hop tracing, it provides essential insights for network vulne
Hotel Application with Security Implementation
Comprehensive solutions and vulnerability reports for all levels of Ethernaut by OpenZeppelin. Each level includes task details, solution analysis, security insights, and lesson summaries
CyberSecurityLearning
Roblox Da Hood Script Hack Cheat Exploit Executor GUI Lua Keyless Pastebin 2024 (Working PC/Mobile/Android/IOS) OP Autofarm Aimlock, ESPs, More
Roblox PETS GO Script Hack Cheat Exploit Executor GUI Lua Keyless Pastebin 2024 (Working PC/Mobile/Android/IOS) OP Autofarm Breakeables, Auto Relics, Auto Pickup TRADE SCAM
Hackers Teaching Hackers (HTH) 2024 - Kubernetes Village
A proof of concept for a Breakout/Arkanoid like clone in MS Access
The Digital Banking Hub by us is a fintech project offering accessible digital banking. Features include user account management, employee transaction processing, and admin control. Built with VS Code, PostgreSQL, it enhances efficiency and security while
Securityplus701
CS 338: Computer Security Final Project
spring-security
Security-System
The backend is developed using Spring Boot, and Spring Data JPA is used for database interaction. The system features authentication and authorization using JWT (JSON Web Tokens) and Spring Security. A RESTful API is exposed for communication with the fro
Roblox Blox Fruits Script Hack Cheat Lua OP Auto Farm Auto Raid Mobile/PC GUI Keyless Pastebin Teleports Fruit Rain Fake Stats Snipe Fruit 2024
Security-Plus-701
IndexedDB-based caching library with encryption and chunked storage, optimized for performance and security. Implements AsyncStorage interface.
SecurityPlus701
Security-701
SecurityPlus701
spring-security-jwt-auth
My portfolio showcasing projects in network analysis, security automation, industry security standards, cloud security, and more. Trying to build expertise in threat detection, vulnerability management, incident response, and secure coding practices using
A web app for tracking personal finances, allowing users to register, log in, and manage spending by adding or deleting entries. Built with a Java Spring Boot backend and PostgreSQL for secure data storage, with Spring Boot Security for password encryptio
SpringBoot_Security
InformationSecurity
Trabalho de cyber security
security-review-portfolio
Both parts of the final project for Security and Privacy, Autumn 2024
end to end machine learning network security
Simple tool for testing web applications.
Cyber security course git repo
How to use the Cisco Security Cloud Control API to automated managed firewall services
Python_Implementation_ComputersAndSecurity_RoboticsCaseStudies_Cut-The-Rope
WD Windows Tracker captures all keyboard and mouse activities on your Windows device, creating a log for later review. Designed to enhance your privacy and security, this open-source tool allows the community to contribute and improve its features. Perfec
Brazilian Nut News - a Hacker News clone created from the Freaking Fullstack workshop by Amy Dutton!
Hack loop project
A collection of cybersecurity blue team projects focusing on detection, response, and defense strategies. Includes hands-on tools, SOAR solutions, EDR configurations, and security automation scripts.
JaeJoon_Lim_hufs-security
TFLint ruleset to enforce security best practices on the AzureRM provider
advanced-security-assignment
related-category-security
Security framework for LLM-generated SQL queries 🛡️
serverless-security-platform
These are my Security-Reviews portfolio
CISA Bot is a GitHub bot that automatically monitors the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. When new vulnerabilities are published in the KEV, the bot creates GitHub issues in this reposi
A writeup containing solutions of Portswigger's Web Security Academy
This platform enables companies to post ads for services, which users can then view and book directly through the site. Built with a secure backend, it leverages Spring Security and JWT tokens for user authentication and role-based access control. The fro
security-workflow
This tool is a versatile reverse shell generator designed to assist cybersecurity professionals and ethical hackers in setting up reverse shells for penetration testing and red teaming activities
web application that simplifies HR tasks like managing employee records, tracking attendance, and processing leave requests, all while ensuring data security and ease of use.
🛡️🔬📊[Just started] Self-service infrastructure based on open solutions for DevSecOps using SCA, SAST, DAST and IAST technologies.
spring-security
sequence_analysis_security-study
🔎 what-rs - Identify what something is!
The Sassy Security Checker
Prompt Defender helps engineers and security professionals build LLM defences into their applications using a Simple UI, they can take easily advantage of immense LLM security research
go-security-examples
BISV Hacks Website.
Vuxpn-Smart-Home-Safety-and-Security-System
Easily hackable and configurable python module bundler
The ShopSmart API is built with Spring Boot, Spring Security, MySQL, Redis, and Hibernate to provide a secure, scalable backend for managing users, products, orders, and carts.
H3 Proof-of-concept -- THIS IS NOT THE REAL H3
Hacker Rank Problems Solving using Python
To make our application fully functional, we need to persist data by storing it in a cloud database. We’re using Firebase, a popular and secure cloud service, accessible from any application. This integration ensures real-time data syncing and robust secu
security-games-website
my portfolio! This project is built using React and showcases my journey as a Cybersecurity Enthusiast, Full Stack Developer, and Ethical Hacker. Here, you can explore my skills, projects, and thoughts on cybersecurity, programming, and web development.
Security-Fundamentals-and-Development-Group-G
platanus hack 24, powered by next and cursor
The Security Maturity Project Tracking Matrix helps organizations evaluate and enhance their security capabilities across multiple domains. It provides a structured framework to track progress, streamline processes, and achieve security maturity goals eff
Computer-Networks-and-Security
Sanctum is a proof-of-concept EDR like tool, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.
Welcome to My Portfolio I am a passionate coder specializing in web and app development and ethical hacking . Here, you’ll find my projects that showcase my skills in Python,hacking and web development , along with my commitment to creating efficient and
A modern and intelligent approach to SNMP hacking
Dynasty Defense Security - Business case
nfjs-architectural-patterns-security-deep-dive
🍴 FoodPatka is a cutting-edge e-commerce project built with Next.js, Sanity.io, and captivating SVG animations. Designed for speed and security, FoodPatka leverages the external EasyCart service for seamless one-click payments. FoodPatka mission is to sho
A Hardware-Based USB VPN Dongle for Ultimate Data Security.
Repository for FSI (Fundamentals of Informatics Security) course of LEIC FEUP, for year 2024-25
Exercises and lab material for the Information Systems Security and Privacy course at the Polytechnic University of Bari.
This Python script checks the status of a website, including response time, Cloudflare protection, security headers, SSL/TLS certificate information, and potential vulnerabilities. It helps identify server info leaks, insecure cookies, and clickjacking ri
GEMS (Global Enterprise Monitoring System) is a comprehensive web-based application designed for global risk management. It enables security managers to input and manage detailed country and asset risk data, assess a wide spectrum of security risks, and a
CS2233 Cryptography and information security homework
Information security projects' repository. Projects had be written as a part of Master's degree in SPbSTU.
A proof-of-concept peer-to-peer botnet implemented in Rust using the libp2p networking stack
Intro to Security
Multi-Agent OS for Offensive Security
This is a repository that contains the project reports and other related information in relation to the Ethical Hacking Training Bootcamp at Virtual Infosec Africa Limited Training Lab at KNUST,Ghana.
🔬 Proof of Concept of Tensorflow with .NET
This is a proof-of-concept monorepo for a General Message Passing Router
Persevere Pro is a team-based performance management platform, developed for National Level Pac Hack 24-Hour Hackathon at Presidency University
SoftwareSupplyChainSecurity-hw1
wy's personal CyperSecurity tech arch.
crafting malware, presentation and discussion material for network and computer security courses. [ Group - 2 ]
A work-in-progress C#/XAML/Powershell proof-of-concept attempting to port AllInOneCLI into a GUI for a more user-friendly experience.
Repo for the cyber security dashboard project started in 2024 for capping with Archtop and Devin Overington
An SDL2 library hook hacking
Supply Chain Security Assignment 1: signing
Final Year Btech project
A curated collection of amazing software, libraries, documents, books, resources, and other cool security-related content.
National Security Solution is shop of cctv camera and it maintence
A collection of PowerShell scripts for investigating Windows PCs. These tools help detect potential compromises by analyzing network connections, user accounts, shared folders, scheduled tasks, and system logs, offering both general and in-depth security
Networking-Protocol-Security-Kali-linux
This repository serves as a comprehensive collection of Logic Apps specifically designed for cybersecurity operations. It includes a wide range of workflows that automate and streamline security tasks, such as threat detection, incident response, vulnerab
Proof-of-concept application for self-deposit of scholarly articles.
It's a hot code reloading proof of concept. Hot potato get it? No. Good.
Content Security Policy Report Manager. Backend (REST API) written in Go using Fiber. Work in progress.
Semi-automated bash scripts that provide security hardening for Linux, Debian based, 2024, attempts DISA STIG and CIS Compliance
holbertonschool-cyber_security
Dashboard for Hack The Future
The proof-of-concept version of Sight Oracle backend service
Proof of concept for a Generic Simulation and Modelling Platform (GSMP).
POC (Proof of concept) to implement microservice with multi services using multi languages
Notes on the basics learned in the field of cybersecurity and summaries of eJPT | N+ | eCIR | Sec+ | Linux Fundamental
Testing cyber security tools in ICS areas
Detailed writeups for machines from various platforms. New writeups added weekly. Perfect for learning and improving your penetration testing skills.
This project focuses on designing and building a secure network architecture in Azure, monitoring with a SIEM and adopting a Zero Trust Model.
Apparmor Profiles for Void Linux & runit init System
Key-security
Repository for our website at https://security.science
Ransomware proof-of-concept that uses Discord as a C2 to store encryption keys
Proof of concept custodial wallet
Bjorn is a powerful network scanning and offensive security tool for the Raspberry Pi with a 2.13-inch e-Paper HAT. It discovers network targets, identifies open ports, exposed services, and potential vulnerabilities. Bjorn can perform brute force attacks
Security test for tiproxy
This Python script uses the VirusTotal API to check the reputation of IP addresses and domains, fetching detailed security, location, and network information. It ensures necessary output directories are created.
SpringSecurity
A proof of concept software meant at solving a crosstalk software bounty.
A simple python based Key-Logger project in Cyber Security
Discord bot, made for security of servers.
Magento 2 Admin Activity Log is a tool that allows you to log every action admin users take and every login attempt to impove your store security.
A proof of concept for snap configuration sharing across snaps using snapd's configuration registries
openshift-security-roadshow
You've been hired to come in as as a security analyst on a team working for Maven Clinic. Maven clinic, a file transfer platform, recently flagged some unusual network activity that has raised alarms.
5G API Observability and Security
🟢Django Blog app
A project for Hack this fall
Repository containing a Proof of Concept (PoC) demonstrating the impact of CVE-2023-4911, a vulnerability in glibc's ld.so dynamic loader, exposing risks related to Looney Tunables.
A script used to change the TCP/IP addresses in the CIT-254 lab enviornment for my CIT-254 Ethical Hacking classes.
My write-up for tackling the Objectives and Challenges of the SANS Holiday Hack Challenge 2019
HudHud Proof of Concept App
This is azure security project
hacker-toolbox
Every projects i've made to gain knowledge about DevOps architecture, security, low-programming...
Balancing Security and Accessibility in SSH Configurations
Security test for ng-monitoring
Security test for monitoring
Security test for tiflow
Security test for tidb-binlog
API Rest feito em Java Spring Boot, Spring Security e JPA em que encripta password de login no banco de dados após realização do cadastro , além disso, esta API pode ser totalmente aplicada em outros projetos após alguns ajustes.
This script covers some basic security measures, such as updating packages, configuring a firewall, enabling Fail2Ban, securing SSH, disabling unnecessary services, and more.
Server Security Configuration Script
Elegant design meets blazing performance. Fire-Browser does it all with speed, simplicity, and security.
A Laravel package to enable users to manage and monitor their active browser sessions. Allows users to view devices where they are logged in and provides options to terminate unrecognized or all sessions, enhancing account security
The Network Execution Tool
web-security
Simple authentication with secret code for Spring Security/Spring Boot
Trying to get into cyber security and pen testing. Using this repo as my writeup location for any CTFs or whatnot that I do
Different terms used in cybersecurity industry
Defender SDK
Web application vulnerabilities written in PHP.
A proof-of-concept blockchain-based swarm robot system designed to enhance the security of robot swarms using blockchain technology.
Python malware builder that steals saved passwords, cookies, creditcards, and much more!
Security test for tiflash
My notes about IT topics (security, low-level, os-dev, Linux, Windows etc).
Hack The Web - source code and build instructions
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
eBPF-based Networking, Security, and Observability
The goal is to make good patches that go along well with Revamp to make good level hacks
Tool for Wifi Network Attacks (WPA/WPA2 - PSK- Hijacking - Rainbow Tables - Beacon Flood - DoS Attack - Scanner - Fake/Rogue AP - Force Brute with GPU).
Offline Windows security descriptor translation
机器学习(Machine learing)、网络安全(CyberSecurity)、大模型、数据集、AI竞赛
Web Programming 260 Instruction
The Willows Security Village website files
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
Proof of Concept: XMLTV grabber tool using Gracenote's TMS API
Security test for tikv
Quality News - Towards a fairer ranking formula for Hacker News
Debian Assistant CLI
Protect wordpress with .htacess for paranoid bloggers
♻️ Optimizes Windows and improves privacy and security. All without breaking a single app.
Fortify Helm Charts to automate deployment of Software Security Center (SSC), ScanCentral SAST and ScanCentral DAST to a Kubernetes
A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar
Tool and framework for securely reading untrusted USB mass storage devices.
Scan the devices connected to your WIFI / LAN and alert you the connection of unknown devices. It also warns if a "always connected" device disconnects. In addition, it is possible to check web services for availability. For this purpose HTTP status codes
OpenFGA Client SDK Generator
A Terraform module uses as an example to start new Oracle Cloud Infrastructure Terraform module. It includes all the automation (versioning, providers update, lint, security) and best practices from HashiCorp
CSS styles for HTML elements for your next Proof of Concept project
📃 White paper for Backend developers
Security Playbook for NAV IT
Ansible role for Red Hat 9 CIS Baseline
Proof of concept path finding algorithm
Proof of Concepts and Random Experiments
Categories for the Digital Humanities. A proof of concept and an experiment
This repository is for active development of the IBM Security Verify SDK for Android.
Public proof-of-concept obfuscator using the MapleIR framework designed by cts & bibl
Open Source, Google Zanzibar-inspired database for scalably storing and querying fine-grained authorization data
R package to download historical bhavcopy of Equities and F&O, get live market data, plot treemap of movement in securities
Information Keeping Web Application using Spring Boot, Spring Data JPA, Thymeleaf Templating Engine and Spring Security. Deployed on Amazon elastic beanstalk.
Crypto, blockchain and security note taking
This repo addresses further work involving Kubernetes network security beyond the initial NetworkPolicy resource
Various proofs of concept examples using Github Actions 🤖
🕳️ Proof of Concept exploits and their descriptions for various products
Open source vulnerability DB and triage service.
Proof-of-concept tool for bypassing PAX Store captcha for registration and password recovery
A repo of useful CyberSec tools/urls, OSINT, Linux security resources, and more.
Software Supply Chain Transparency Log
security-committee
Elastic Security Documentation
:microscope: Proof of Concept of a microservice in Rust
User and developer documentation for the ArPI Home Security System
Endo is a distributed secure JavaScript sandbox, based on SES
Github Action for integrating Security Alerts with JIRA
A Proof of Concept implementation for the storage of Patient Health Records in their native format.
linux-security-module.vger.kernel.org.0
Security, Privacy, and Consumer Protection
Lagom demo to test the lagom-pac4j security library
Scalable fuzzing infrastructure.
Authentication using X-APIKEY HTTP header for ASP.NET Core
Proof of Concepts
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
dexaran.github.io
0xdeadbeef.info website.
Bandit is a tool designed to find common security issues in Python code.
Test of https://github.com/mitchellkrogza/Suspicious.Snooping.Sniffing.Hacking.IP.Addresses/blob/master/ips.list
Ethereum smart contract fuzzer
基于spring mvc的内部开发框架. 包括了对 spring mvc, spring security, spring session 等等开源框架的整合; 同时,设计了一套基础用户、组织机构和功能权限、数据权限体系,作为公司内部研发的基础平台。
Scripting for generating signed production releases of AOSP and metadata for the Updater app along with partially automated maintenance of out-of-tree patch sets.
VULNRΞPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE,CVE,MITRE ATT&CK,PCI DSS, import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, TXT/JSON/MARKDOWN/HTML/DOCX report, attachments, automatic
CVE Automation Working Group
Cross-platform HttpClientHandler with TLS1.2 and Certificate Pinning
Universal Radio Hacker: Investigate Wireless Protocols Like A Boss
platform_packages_apps_Settings
Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.
My personal collection of settings and hacks
🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
CVE-2022-45157 -- A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI a
CVE-2023-35659 -- In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction
CVE-2023-38920 -- Cross Site Scripting vulnerability in Cyber Cafe Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the adminname parameter.
CVE-2024-10012 -- In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability.
CVE-2024-10013 -- In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability.
CVE-2024-10038 -- The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,
CVE-2024-10174 -- The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' cl
CVE-2024-10529 -- The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authen
CVE-2024-10530 -- The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authe
CVE-2024-10531 -- The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authen
CVE-2024-10575 -- CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on
CVE-2024-10577 -- The ????(Fat Rat Collect) ????????????????, ??????????????????????????? plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to missing escaping on a URL in all versions up to, and including, 2.7.3. This makes it possible for unauthent
CVE-2024-10593 -- The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. This is due to missing or incorrect nonce validat
CVE-2024-10629 -- The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticate
CVE-2024-10684 -- The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible
CVE-2024-10686 -- The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'style_scheme' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization
CVE-2024-10717 -- The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. This
CVE-2024-10778 -- The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be includ
CVE-2024-10794 -- The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it
CVE-2024-10800 -- The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers,
CVE-2024-10802 -- The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthentic
CVE-2024-10816 -- The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on
CVE-2024-10820 -- The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers t
CVE-2024-10828 -- The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option
CVE-2024-10850 -- The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This
CVE-2024-10851 -- The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it p
CVE-2024-10852 -- The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authe
CVE-2024-10853 -- The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated at
CVE-2024-10854 -- The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for
CVE-2024-10877 -- The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. This mak
CVE-2024-10882 -- The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.8.0. T
CVE-2024-10887 -- The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes (nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories) in all versions up to, and including, 3.6.5 due to insuffic
CVE-2024-11028 -- The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current use
CVE-2024-11143 -- The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the update_assistant, add_new_assistant, and delete_a
CVE-2024-11150 -- The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauth
CVE-2024-11159 -- Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.
CVE-2024-11165 -- An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the yb_backup log files, exposing the SAS to
CVE-2024-11175 -- A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may
CVE-2024-11193 -- An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potential
CVE-2024-21540 -- All versions of the package source-map-support are vulnerable to Directory Traversal in the retrieveSourceMap function.
CVE-2024-21541 -- All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to
CVE-2024-21783 -- Integer overflow for some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21799 -- Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21808 -- Improper buffer restrictions in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21820 -- Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-21850 -- Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-21853 -- Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access.
CVE-2024-22185 -- Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-23198 -- Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
CVE-2024-23312 -- Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23715 -- In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exp
CVE-2024-23918 -- Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-23919 -- Improper buffer restrictions in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-24984 -- Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-24985 -- Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-25563 -- Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-25565 -- Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access.
CVE-2024-25647 -- Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-26017 -- Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-27200 -- Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28028 -- Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2024-28030 -- NULL pointer dereference in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-28049 -- Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
CVE-2024-28051 -- Out-of-bounds read in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2024-28169 -- Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable denial of service via adjacent access.
CVE-2024-28881 -- Uncontrolled search path for some Intel(R) Fortran Compiler Classic software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28885 -- Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.
CVE-2024-28950 -- Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28952 -- Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-29076 -- Uncaught exception for some Intel(R) CST software before version 8.7.10803 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-29077 -- Improper access control in some JAM STAPL Player software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-29079 -- Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-29083 -- Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-29085 -- Improper access control for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2024-29211 -- A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.
CVE-2024-31074 -- Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.
CVE-2024-31154 -- Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-31158 -- Improper input validation in UEFI firmware in some Intel(R) Server Board S2600BP Family may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-31337 -- In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not need
CVE-2024-31407 -- Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-32044 -- Improper access control for some Intel(R) Arc(TM) Pro Graphics for Windows drivers before version 31.0.101.5319 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2024-32048 -- Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-32483 -- Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-32485 -- Improper Input Validation in some Intel(R) VROC software before version 8.6.0.2003 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-32667 -- Out-of-bounds read for some OpenCL(TM) software may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-33611 -- Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow a privileged user to potentially enable denial of service via local access.
CVE-2024-33617 -- Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.
CVE-2024-33624 -- Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2024-34022 -- Improper Access Control in some Thunderbolt(TM) Share software before version 1.0.49.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34023 -- Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34028 -- Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user to potentially enable escalation of privilege via local
CVE-2024-34164 -- Uncontrolled search path element in some Intel(R) MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34165 -- Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34167 -- Uncontrolled search path for the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34170 -- Improper buffer restrictions in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-34719 -- In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-34729 -- In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploit
CVE-2024-34747 -- In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed
CVE-2024-34776 -- Out-of-bounds write in some Intel(R) SGX SDK software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34787 -- Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
CVE-2024-35201 -- Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access.
CVE-2024-35245 -- Uncontrolled search path element in some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36242 -- Protection mechanism failure in the SPP for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36245 -- Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36253 -- Uncontrolled search path in the Intel(R) SDP Tool for Windows software all version may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36275 -- NULL pointer dereference in some Intel(R) Optane(TM) PMem Management software versions before CR_MGMT_02.00.00.4040, CR_MGMT_03.00.00.0499 may allow a authenticated user to potentially enable denial of service via local access.
CVE-2024-36276 -- Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36282 -- Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-36284 -- Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2024-36294 -- Insecure inherited permissions for some Intel(R) DSA software before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36482 -- Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-36488 -- Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-37024 -- Uncontrolled search path for some ACAT software maintained by Intel(R) for Windows before version 3.11.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-37025 -- Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-37027 -- Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-37398 -- Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
CVE-2024-37400 -- An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.
CVE-2024-38383 -- Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-38387 -- Uncontrolled search path in the Intel(R) Graphics Driver installers for versions 15.40 and 15.45 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-38649 -- An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-38654 -- Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.
CVE-2024-38655 -- Argument injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-38656 -- Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-38660 -- Protection mechanism failure in the SPP for some Intel(R) Xeon(R) processor family (E-Core) may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-38665 -- Out-of-bounds write in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-38668 -- Uncontrolled search path for some Intel(R) Quartus(R) Prime Standard Edition software for Windows before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-39285 -- Improper access control in UEFI firmware in some Intel(R) Server M20NTP Family may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-39368 -- Improper neutralization of special elements used in an SQL command ('SQL Injection') in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2024-39609 -- Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-39709 -- Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 and Ivanti Policy Secure before version 22.6R1 allow a local authenticated attacker to escalate their privileges.
CVE-2024-39710 -- Argument injection in Ivanti Connect Secure before version 22.7R2 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-39712 -- Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-39766 -- Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-39811 -- Improper input validation in firmware for some Intel(R) Server M20NTP Family UEFI may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-40443 -- SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php
CVE-2024-40660 -- In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio
CVE-2024-40661 -- In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User i
CVE-2024-40671 -- In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti
CVE-2024-40885 -- Use after free in the UEFI firmware of some Intel(R) Server M20NTP BIOS may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-41167 -- Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-42834 -- A stored cross-site scripting (XSS) vulnerability in the Create Customer API in Incognito Service Activation Center (SAC) UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName p
CVE-2024-43080 -- In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploi
CVE-2024-43081 -- In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio
CVE-2024-43082 -- In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exp
CVE-2024-43083 -- In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploita
CVE-2024-43084 -- In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43085 -- In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privilege
CVE-2024-43086 -- In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. U
CVE-2024-43087 -- In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privileg
CVE-2024-43088 -- In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries wit
CVE-2024-43089 -- In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed
CVE-2024-43090 -- In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.
CVE-2024-43091 -- In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43093 -- In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no a
CVE-2024-45594 -- Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0.
CVE-2024-45875 -- The create user function in baltic-it TOPqw Webportal 1.35.287.1 (fixed in version1.35.291), in /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, is vulnerable to SQL injection. The JSON object username allows the manipulation of SQL queries.
CVE-2024-45876 -- The login form of baltic-it TOPqw Webportal v1.35.283.2 (fixed in version 1.35.283.4) at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUsername, which allows for manipulation of SQL queries.
CVE-2024-45877 -- baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate informat
CVE-2024-45878 -- The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 (fixed in version 1.35.291), in /Apps/TOPqw/qwStammdaten.aspx, is vulnerable to persistent Cross-Site Scripting (XSS).
CVE-2024-45879 -- The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 (fixed in version 1.35.291), in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx, is vulnerable to Cross-Site Scripting (XSS). To exploit the persistent XSS vulnerab
CVE-2024-4741 -- Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
CVE-2024-47574 -- A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with hig
CVE-2024-48510 -- Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the m
CVE-2024-48900 -- A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.
CVE-2024-48989 -- A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages.
CVE-2024-49379 -- Umbrel is a home server OS for self-hosting. The login functionality of Umbrel before version 1.2.2 contains a reflected cross-site scripting (XSS) vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the
CVE-2024-49504 -- grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
CVE-2024-49505 -- A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the  REGEX and P parameters.
CVE-2024-49506 -- Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem
CVE-2024-50852 -- Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function.
CVE-2024-50853 -- Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.
CVE-2024-50854 -- Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function.
CVE-2024-50955 -- An issue in how XINJE XD5E-24R and XL5E-16T v3.5.3b handles TCP protocol messages allows attackers to cause a Denial of Service (DoS) via a crafted TCP message.
CVE-2024-50956 -- A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM401-CPU1608TPTN 21.38.0.0, HCPLC_AM402-CPU1608TPTN 41.38.0.0, and HCPLC_AM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a craf
CVE-2024-50969 -- A Reflected cross-site scripting (XSS) vulnerability in browse.php of Code-projects Jonnys Liquor 1.0 allows remote attackers to inject arbitrary web scripts or HTML via the search parameter.
CVE-2024-50970 -- A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2024-50971 -- A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter.
CVE-2024-50972 -- A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter.
CVE-2024-51027 -- Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9 is vulnerable to command execution in /itbox_pi/networksafe.php via the province parameter.
CVE-2024-51996 -- Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the co
CVE-2024-52268 -- Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product.
CVE-2024-52291 -- Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the
CVE-2024-52292 -- Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-e
CVE-2024-52293 -- Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulner
CVE-2024-52295 -- DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2
CVE-2024-52298 -- macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the att
CVE-2024-52299 -- macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the
CVE-2024-52300 -- macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the
CVE-2024-52305 -- UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can
CVE-2024-52306 -- FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.
CVE-2024-52549 -- Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission t
CVE-2024-52550 -- Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build
CVE-2024-52551 -- Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous
CVE-2024-52552 -- Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission
CVE-2024-52553 -- Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.
CVE-2024-52554 -- Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to
CVE-2024-7295 -- In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
CVE-2024-8001 -- A vulnerability was found in VIWIS LMS 9.11. It has been classified as critical. Affected is an unknown function of the component Print Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. A user with the
CVE-2024-8049 -- In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process un
CVE-2024-8874 -- The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.24. This makes i
CVE-2024-8933 -- CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CVE-2024-8935 -- CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss
CVE-2024-8936 -- CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory
CVE-2024-8938 -- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could
CVE-2024-8985 -- The Social Proof (Testimonial) Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spslider-block shortcode in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping on use
CVE-2024-9059 -- The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping. This makes it
CVE-2024-9409 -- CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become
CVE-2024-9413 -- The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware.
CVE-2024-9426 -- The Aqua SVG Sprite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at
CVE-2024-9476 -- A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will onl
CVE-2024-9477 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).This issue affects Air4443 Firmware: through 14102024.
CVE-2024-9578 -- The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to do_shortcode being hooked through the comment_text filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execu
CVE-2024-9614 -- The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for un
CVE-2024-9668 -- The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user
CVE-2024-9682 -- The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on us
CVE-2021-27700 -- SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify user, delete user, etc.
CVE-2021-27701 -- SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery (CSRF) via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add/Modify any random user data by sending a crafted CSRF r
CVE-2021-27702 -- Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic utility in the router dashboard.
CVE-2021-27703 -- Sercomm Model Etisalat Model S3- AC2100 is affected by Cross Site Scripting (XSS) via the firmware update page.
CVE-2021-27704 -- Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset page.
CVE-2023-32736 -- A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions <
CVE-2023-44255 -- An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read e
CVE-2023-47543 -- An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests.
CVE-2023-50176 -- A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link.
CVE-2023-52268 -- The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub.
CVE-2024-10179 -- The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on u
CVE-2024-10218 -- XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence
CVE-2024-10245 -- The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rl_do_ajax' function. This makes it possible for unauthenticated atta
CVE-2024-10323 -- The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible fo
CVE-2024-10538 -- The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.12.5 due to insufficient input sanitization and output e
CVE-2024-10672 -- The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2. This makes it po
CVE-2024-10685 -- The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it
CVE-2024-10695 -- The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for au
CVE-2024-10790 -- The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. This makes it possible for
CVE-2024-10923 -- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ ALM Octane Management allows Stored XSS. The vulnerability could result in a remote code execution attack.
CVE-2024-10943 -- An
CVE-2024-10944 -- A Remote
CVE-2024-10945 -- A Local Privilege Escalation vulnerability exists in the affected product. The vulnerability requires a local, low privileged threat actor to replace certain files during update and exists due to a failure to perform proper security checks before installa
CVE-2024-10971 -- Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission.
CVE-2024-10971 -- Improper access control in the Password History feature in Devolutions DVLS 2024.3.7 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission.
CVE-2024-11004 -- Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
CVE-2024-11007 -- Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-11079 -- A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outpu
CVE-2024-11096 -- A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. This affects an unknown part of the file /newProject.php. The manipulation of the argument projectName leads to sql injection. It is possible to initiate the a
CVE-2024-11097 -- A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulation leads to infinite loop. Attacking locally is a requir
CVE-2024-11099 -- A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remote
CVE-2024-11100 -- A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql inject
CVE-2024-11101 -- A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection
CVE-2024-11102 -- A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross si
CVE-2024-11110 -- Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
CVE-2024-11111 -- Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-11112 -- Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-11113 -- Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-11114 -- Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Mediu
CVE-2024-11115 -- Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium)
CVE-2024-11116 -- Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-11117 -- Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-11121 -- A vulnerability classified as critical was found in ???????????? Lingdang CRM up to 8.6.4.3. Affected by this vulnerability is an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of t
CVE-2024-11122 -- A vulnerability, which was classified as critical, has been found in ???????????? Lingdang CRM up to 8.6.4.3. Affected by this issue is some unknown functionality of the file /crm/wechatSession/index.php?msgid=1&operation=upload. The manipulation of the a
CVE-2024-11123 -- A vulnerability, which was classified as problematic, was found in ???????????? Lingdang CRM up to 8.6.4.3. This affects an unknown part of the file /crm/data/pdf.php. The manipulation of the argument url with the input ../config.inc.php leads to path tra
CVE-2024-11124 -- A vulnerability has been found in TimGeyssens UIOMatic 5 and classified as critical. This vulnerability affects unknown code of the file /src/UIOMatic/wwwroot/backoffice/resources/uioMaticObject.r. The manipulation leads to sql injection. The attack can b
CVE-2024-11125 -- A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The expl
CVE-2024-11126 -- A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The complexity
CVE-2024-11127 -- A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The a
CVE-2024-11130 -- A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be lau
CVE-2024-11138 -- A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlink_add.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate
CVE-2024-11168 -- The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than o
CVE-2024-21937 -- Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21938 -- Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2024-21939 -- Incorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21945 -- Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21946 -- Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21949 -- Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash.
CVE-2024-21957 -- Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21958 -- Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2024-21976 -- Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.
CVE-2024-2208 -- Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulner
CVE-2024-2315 -- APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability.
CVE-2024-23666 -- A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData
CVE-2024-26011 -- A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.
CVE-2024-28726 -- An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function.
CVE-2024-28728 -- Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a crafted payload to the WiFi SSID Name field.
CVE-2024-28729 -- An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request.
CVE-2024-28730 -- Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module.
CVE-2024-28731 -- Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option.
CVE-2024-29075 -- Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alter the settings of the device .
CVE-2024-29119 -- A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3). The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges.
CVE-2024-30133 -- HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability. The application does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.
CVE-2024-31496 -- A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged at
CVE-2024-32116 -- Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a p
CVE-2024-32117 -- An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigDat
CVE-2024-32118 -- Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and befo
CVE-2024-33505 -- A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14
CVE-2024-33510 -- An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version
CVE-2024-33658 -- APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitra
CVE-2024-33660 -- An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.
CVE-2024-35274 -- An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below
CVE-2024-36140 -- A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks.
CVE-2024-36507 -- A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering.
CVE-2024-36509 -- An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticat
CVE-2024-36513 -- A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.
CVE-2024-37365 -- A remote code execution vulnerability exists in the affected
CVE-2024-38203 -- Windows Package Library Manager Information Disclosure Vulnerability
CVE-2024-38264 -- Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
CVE-2024-39281 -- The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator.
CVE-2024-40592 -- An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with
CVE-2024-42372 -- Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application.
CVE-2024-42442 -- APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside
CVE-2024-43415 -- An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to manipulate sql queries to disclose information, read and write
CVE-2024-43447 -- Windows SMBv3 Server Remote Code Execution Vulnerability
CVE-2024-43450 -- Windows DNS Spoofing Vulnerability
CVE-2024-43451 -- NTLM Hash Disclosure Spoofing Vulnerability
CVE-2024-43530 -- Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-43598 -- LightGBM Remote Code Execution Vulnerability
CVE-2024-43602 -- Azure CycleCloud Remote Code Execution Vulnerability
CVE-2024-43623 -- Windows NT OS Kernel Elevation of Privilege Vulnerability
CVE-2024-43624 -- Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
CVE-2024-43625 -- Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
CVE-2024-43626 -- Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2024-43629 -- Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-43630 -- Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-43635 -- Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43636 -- Win32k Elevation of Privilege Vulnerability
CVE-2024-43639 -- Windows Kerberos Remote Code Execution Vulnerability
CVE-2024-43641 -- Windows Registry Elevation of Privilege Vulnerability
CVE-2024-43642 -- Windows SMB Denial of Service Vulnerability
CVE-2024-43643 -- Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43644 -- Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2024-43645 -- Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
CVE-2024-43646 -- Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-44102 -- A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with
CVE-2024-45147 -- Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue
CVE-2024-45289 -- The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option.
CVE-2024-45827 -- Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may exec
CVE-2024-46888 -- A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipu
CVE-2024-46889 -- A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key materia
CVE-2024-46890 -- A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privilege
CVE-2024-46891 -- A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logg
CVE-2024-46892 -- A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an auth
CVE-2024-46894 -- A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to
CVE-2024-47426 -- Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open
CVE-2024-47438 -- Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak. This vulnerability allows an attacker to write a controlled value at a controlled memory location, which could r
CVE-2024-47439 -- Substance3D - Painter versions 10.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of
CVE-2024-47440 -- Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this
CVE-2024-47443 -- After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim
CVE-2024-47446 -- After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this
CVE-2024-47449 -- Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issu
CVE-2024-47450 -- Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must
CVE-2024-47452 -- Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open
CVE-2024-47456 -- Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue req
CVE-2024-47457 -- Illustrator versions 28.7.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service c
CVE-2024-47458 -- Bridge versions 13.0.9, 14.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of servic
CVE-2024-47535 -- Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded
CVE-2024-47586 -- SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and r
CVE-2024-47587 -- Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application.
CVE-2024-47588 -- In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative
CVE-2024-47590 -- An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in th
CVE-2024-47592 -- SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability.
CVE-2024-47593 -- SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the
CVE-2024-47595 -- An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application.
CVE-2024-47783 -- A vulnerability has been identified in SIPORT (All versions < V3.4.0). The affected application improperly assigns file permissions to installation folders.
CVE-2024-47799 -- Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain information o
CVE-2024-47808 -- A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system.
CVE-2024-47906 -- Excessive binary privileges in Ivanti Connect Secure which affects versions 22.4R2 through 22.7R2.2 inclusive within the R2 release line and Ivanti Policy Secure before version 22.7R1.2 allow a local authenticated attacker to escalate privileges.
CVE-2024-47907 -- A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-47909 -- A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
CVE-2024-47940 -- A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attack
CVE-2024-47941 -- A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attack
CVE-2024-47942 -- A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the sy
CVE-2024-48075 -- A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL 09.09.24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message.
CVE-2024-48837 -- Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Comm
CVE-2024-48838 -- Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, le
CVE-2024-49018 -- SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49019 -- Active Directory Certificate Services Elevation of Privilege Vulnerability
CVE-2024-49021 -- Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2024-49030 -- Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49032 -- Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2024-49033 -- Microsoft Word Security Feature Bypass Vulnerability
CVE-2024-49039 -- Windows Task Scheduler Elevation of Privilege Vulnerability
CVE-2024-49040 -- Microsoft Exchange Server Spoofing Vulnerability
CVE-2024-49042 -- Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
CVE-2024-49043 -- Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
CVE-2024-49044 -- Visual Studio Elevation of Privilege Vulnerability
CVE-2024-49048 -- TorchGeo Remote Code Execution Vulnerability
CVE-2024-49049 -- Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
CVE-2024-49050 -- Visual Studio Code Python Extension Remote Code Execution Vulnerability
CVE-2024-49051 -- Microsoft PC Manager Elevation of Privilege Vulnerability
CVE-2024-49056 -- Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.
CVE-2024-49369 -- Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an
CVE-2024-49393 -- In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.
CVE-2024-49394 -- In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
CVE-2024-49395 -- In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.
CVE-2024-49508 -- InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha
CVE-2024-49509 -- InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha
CVE-2024-49512 -- InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of
CVE-2024-49514 -- Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac
CVE-2024-49515 -- Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. If the application uses a search path to locate critical resources such as programs, then an att
CVE-2024-49520 -- Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim
CVE-2024-49521 -- Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnera
CVE-2024-49525 -- Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v
CVE-2024-49528 -- Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must o
CVE-2024-49557 -- Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potential
CVE-2024-49558 -- Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of
CVE-2024-49560 -- Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
CVE-2024-50310 -- A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesy
CVE-2024-50313 -- A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by
CVE-2024-50318 -- A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-50321 -- An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-50322 -- Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
CVE-2024-50323 -- SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
CVE-2024-50324 -- Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-50328 -- SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-50329 -- Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
CVE-2024-50330 -- SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.
CVE-2024-50331 -- An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory.
CVE-2024-50336 -- matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue a
CVE-2024-50386 -- Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 an
CVE-2024-50572 -- A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M8
CVE-2024-51093 -- Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/{{user-id}}/#files.
CVE-2024-51094 -- An issue in Snipe-IT v.7.0.13 build 15514 allows a remote attacker to escalate privileges via the file /account/profile of the component "Name" field value under "Edit Your Profile".
CVE-2024-51179 -- An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and the Session Management Function (SMF), The Packet Data Unit (PDU) session establis
CVE-2024-51562 -- The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value.
CVE-2024-51563 -- The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition.
CVE-2024-51564 -- A guest can trigger an infinite loop in the hda audio driver.
CVE-2024-51565 -- The hda driver is vulnerable to a buffer over-read from a guest-controlled value.
CVE-2024-51566 -- The NVMe driver queue processing is vulernable to guest-induced infinite loops.
CVE-2024-51720 -- An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone nu
CVE-2024-51721 -- A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root p
CVE-2024-51722 -- A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts listed in the co
CVE-2024-51749 -- Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a fi
CVE-2024-51750 -- Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched
CVE-2024-52010 -- Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that all
CVE-2024-52296 -- libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. At ospd_common.c, on the osdp_reply_name function, any reply id between REPLY_ACK and REPLY_XRD is valid
CVE-2024-52297 -- Tolgee is an open-source localization platform. Tolgee 3.81.1 included the all configuration properties in the PublicConfiguratioDTO publicly exposed to users. This vulnerability is fixed in v3.81.2.
CVE-2024-52301 -- Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulne
CVE-2024-7516 -- A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing
CVE-2024-7571 -- Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
CVE-2024-8068 -- Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
CVE-2024-8069 -- Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server
CVE-2024-8074 -- Improper Privilege Management vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users.This issue affects Nomysem: before 13.10.2024.
CVE-2024-8495 -- A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-8534 -- Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserv
CVE-2024-8535 -- Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resou
CVE-2024-8539 -- Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
CVE-2024-8881 -- A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating sy
CVE-2024-8882 -- A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a
CVE-2024-9357 -- The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization and output escaping. This makes it possible for unauthe
CVE-2024-9420 -- A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution.
CVE-2024-9835 -- The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
CVE-2024-9836 -- The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform
CVE-2024-9842 -- Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
CVE-2024-9843 -- A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.
CVE-2024-9998 -- Rejected reason: The vulnerability has no impact, so it has been deprecated.
CVE-2024-9999 -- In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.