AI weaponization becomes a hot topic on underground forums
Enterprises increasingly block AI transactions over security concerns
Cybercriminals use cheap and simple infostealers to exfiltrate data
How CISOs tackle business payment fraud
Saudi Arabia, UAE Top List of APT-Targeted Nations in the Middle East
Our Team - Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
Debunking compliance myths in the digital era
Malware Development Essentials Part 1 | by Smukx | Mar, 2024 | Medium
Wondering Why You Are Still N00b After Several Hacker Trainings? | by Alexis Lingad | Mar, 2024 | Medium
“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation | by Guardio | Mar, 2024 | Medium
Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024
New Darcula phishing service targets iPhone users via iMessage
Windows 11 22H2 Home and Pro get preview updates until June 26
Threat Report: Examining the Use of AI in Attack Techniques
Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass
Checkmarx Announces Partnership With Wiz
WiCyS and ISC2 Launch Spring Camp for Cybersecurity Certification
Millions of Hotel Rooms Worldwide Vulnerable to Door Lock Exploit
Flare Acquires Foretrace to Accelerate Threat Exposure Management Growth
New Cyber Threats to Challenge Financial Services Sector in 2024
What We Don’t Know Will Hurt Us – Cheryl Biswas – BTS #26
Apple ID ‘push bombing’ scam campaign hits cyber startup founders
Google fixes Chrome zero-days exploited at Pwn2Own 2024
DHS Proposes Critical Infrastructure Reporting Rules
Rockwell Automation posts advisories on 10 new bugs
INC Ransom threatens to leak 3TB of NHS Scotland stolen data
CISA tags Microsoft SharePoint RCE bug as actively exploited
Building the Modern SOC with Next-Gen SIEM
Vietnam Securities Broker Suffered Cyberattack That Suspended Trading
'Tycoon' Malware Kit Bypasses Microsoft, Google MFA
NHS Trust Confirms Clinical Data Leaked by Recognized Ransomware Group
Configure your Red Team Operations Infrastructure #2 | by Joas Antonio | Mar, 2024 | Medium
Apple has Unfixable Major Vulnerability & Hacking into Hotel Rooms, Cyber News Beat | by Michael Lopez | Mar, 2024 | Medium
Why we need a zero-trust certification program
Ransomware as a Service and the Strange Economics of the Dark Web
KuCoin charged with AML violations that let cybercriminals launder billions
Zero-Day Bonanza Drives More Exploits Against Enterprises
Immediate creation of dedicated US Cyber Force pushed
Nearly $10M in fines imposed on robocaller
ASEAN targeted by Chinese APTs
Cyber threat readiness maturity severely lacking worldwide
CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog
Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite
COTI and Civic Partner to Give Users Self-sovereignty of Their Digital Identity
DeFi Protocol Unstable Raises $2.5M to Drive LRTfi Sector Forward
INC Ransomware Hits NHS Scotland, Threatens Leak of 3TB Patient Data
CyberArk Secure Browser helps prevent breaches resulting from cookie theft
Google: Spyware vendors behind 50% of zero-days exploited in 2023
Zero Days Surged by Over 50% Annually, Says Google
Extensive APT31 targeting detailed
Finland parliament breach attributed to APT31
Industrial systems targeted by suspicious NuGet package
Separate breaches impact California state, local agencies
The DDR Advantage: Real-Time Data Defense
3 Strategies to overcome data security challenges in 2024
Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions
CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability
Chinese APTs Targeted ASEAN During Summit with Espionage Malware
GoMining Review: This Platform Makes Bitcoin Mining Possible Through NFTs
AU10TIX's Digital ID suite identifies potentially fraudulent activities
Getting Security Remediation on the Boardroom Agenda
'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide
Chinese Hackers Target ASEAN Entities in Espionage Campaign
Only 3% of Businesses Resilient Against Modern Cyber Threats
SASE Solutions Fall Short Without Enterprise Browser Extensions, New Report Reveals
Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining
AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)
Malwarebytes adds AI functionality to ThreatDown Security Advisor
Attackers leverage weaponized iMessages, new phishing-as-a-service platform
UK Law Enforcers Arrest 400 in Major Fraud Crackdown
Bedrock Security protects sensitive data within one unified platform
Finnish police linked APT31 to the 2021 parliament attack
Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice
Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries
Cybersecurity jobs available right now: March 27, 2024
Drozer: Open-source Android security assessment framework
How security leaders can ease healthcare workers' EHR-related burnout
Cybersecurity essentials during M&A surge
Essential elements of a strong data protection strategy
A CISO Perspective on Identity Threats 
Australian Government Doubles Down On Cybersecurity in Wake of Major Attacks
Windows 11 KB5035942 update enables Moment 5 features for everyone
Windows 10 KB5035941 update released with lock screen widgets
What Can Assemblyline Learn From Other Malware Analysis Projects? | by Kevin Hardy-Cooper, P.Eng | Mar, 2024 | Medium
AI Generated Fake Obituary Websites Target Grieving Users
Finland confirms APT31 hackers behind 2021 parliament breach
$700 cybercrime software turns Raspberry Pi into an evasive fraud tool
Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers
Apple Security Bug Opens iPhone, iPad to RCE
Fortinet FortiClient EMS SQL injection flaw exploited in the wild
TheMoon bot infected 40,000 devices in January and February
Germany warns of 17K vulnerable Microsoft Exchange servers exposed online
Hackers exploit Ray framework flaw to breach servers, hijack resources
How to get continuous IT/OT visibility
Active adversary dwell time: The good (and bad) news
New ShadowRay Campaign Targets Ray AI Framework in Global Attack
Free VPN apps on Google Play turned Android phones into proxies
Only 5% of Boards Have Cybersecurity Expertise
The Rise and Rise of Cybersecurity: The Edge Considerably Moves From Defensive To Offensive | by Prof Bill Buchanan OBE | ASecuritySite: When Bob Met Alice | Mar, 2024 | Medium
Security Champions unite to keep McDonald’s safe from cyber threats | by Global Technology | McDonald’s Technical Blog | Mar, 2024 | Medium
ICS/OT Penetration Testing of Beckhoff CX9001: A Beginner’s Guide | by Marcel Rick-Cen | Mar, 2024 | Medium
Malicious NuGet Package Linked to Industrial Espionage Targets Developers
BackBox platform update enhances CVE mitigation and risk scoring
Legit Security launches enterprise secrets scanning solution
Vercara UltraAPI offers protection against malicious bots and fraudulent activity
TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service
Abstract Security Brings AI to Next-Gen SIEM
Patch Now: Critical Fortinet RCE Bug Under Active Attack
Third-Party Risk Management – BEC Compromises and the Cloud – Michael Swinarski – CSP #167
ICS CERT predictions for 2024: What you need to know
U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation
Top 3 Cybersecurity Tools to Protect Business Data
17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns
ArmorCode Risk Prioritization provides visibility into security findings with business context
GitGuardian SCA automates vulnerability detection and prioritization for enhanced code health
Swimlane partners with Dragos to automate threat detection across both IT and OT environments
It's Time to Stop Measuring Security in Absolutes
Database-Oriented OS Wants to Shake Up Cloud Security
How New-Age Hackers Are Ditching Old Ethics
Portugal Forces Worldcoin to Stop Collecting Biometric Data
Three flaws added to CISA’s known exploited vulnerabilities catalog
EPA collaborating with state, local governments in boosting water cybersecurity
Call for 2024 SC Awards nominations
UK, New Zealand against China-linked cyber operations
Best Practices for Kafka Management to Ensure High Availability
DataVisor’s AML solution helps combat sophisticated financial crimes
Apps secretly turning devices into proxy network nodes removed from Google Play
Dubious NuGet Package May Portend Chinese Industrial Espionage
US Targets Crypto Firms Aiding Russia Sanctions Evasion
Fintech organizations aiding Russian entities subjected to US sanctions
Novel MuddyWater phishing campaign hits Israel
Top.gg, others targeted by software supply chain attack
Chinese hackers face US, UK sanctions for cyberespionage
US Treasury Dep announced sanctions against members of China-linked APT31
Crafting Shields: Defending Minecraft Servers Against DDoS Attacks
The impact of compromised backups on ransomware outcomes
U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions
CISA and FBI Urge Renewed Effort to Eliminate SQLi Flaws
Strengthening critical infrastructure cybersecurity is a balancing act
How threat intelligence data maximizes business operations
Scammers exploit tax season anxiety with AI tools
Tech industry's focus on innovation leaves security behind
Africa Tackles Online Disinformation Campaigns During Major Election Year
CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products
Reinforcement learning is the path forward for AI integration into cybersecurity
Decoding Modern Insider Threat Trends & Risks
It's not just you: ChatGPT is down for many worldwide
Panera Bread experiencing nationwide IT outage since Saturday
US fines man $9.9 million for thousands of disturbing robocalls
UN Adopts Resolution for Secure AI
GoFetch: Apple chips vulnerable to encryption key stealing attack
US sanctions crypto exchanges used by Russian darknet market, banks
Chinese State-Sponsored Hackers Charged, Sanctions Levied by US
CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog
APT29 Russian Hackers Use WineLoader Malware To Target German Political Parties | Daily Security Review
POC Exploit Released For Fortinet RCE Bug, Patch Now! | Daily Security Review
International Sting Takes Down Major Dark Web Marketplace "Nemesis Market"
CISA urges software devs to weed out SQL injection vulnerabilities
Hackers poison source code from largest Discord bot platform
CISA Seeks to Curtail 'Unforgivable' SQL Injection Defects
Penetration Testing using AI. I had a dream last night about a… | by Prof Bill Buchanan OBE | Mar, 2024 | Medium
Introducing decay rules implementation for Indicators in OpenCTI | by Souad Hadjiat | Mar, 2024 | Filigran Blog
Zero Interaction Mass Account Password Reset Vulnerability🔄 | by Manan Sanghvi | Mar, 2024 | Medium
StrelaStealer malware hits more than 100 EU and US organizations
US sanctions APT31 hackers behind critical infrastructure attacks
Hackers poison source code for largest Discord bot platform
New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts
New Tycoon 2FA Phishing Kit Raises Cybersecurity Concerns
How I found Account Takeover by changing email address | by Mohd Danish | Mar, 2024 | Medium
ScreenConnect, BIG-IP bugs a bonanza for hackers conducting cyberespionage
Nemesis Market disrupted by German police
Ongoing Kimsuky attacks involve novel tactic
UN's North Korean crypto heist investigation underway
Updated federal DDoS defense guidance issued
New ZenHammer memory attack impacts AMD Zen CPUs
Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach
Fake Ozempic Deals on the Rise as Experts Warn of Phishing Scams
UK Blames China for 2021 Hack Targeting Millions of Voters' Data
Iran-Linked APT TA450 embeds malicious links in PDF attachments
New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location
Scammers steal millions from FTX, BlockFi claimants
Interos Resilience Watchtower enables companies to monitor vulnerabilities
Dangling DNS: Mitigating Impersonation Risks
Japan Runs Inaugural Cyber Defense Drills With Pacific Island Nations
Google's new AI search results promotes sites pushing malware, scams
GitHub Developers Hit in Complex Supply Chain Cyberattack
With AI hacks looming, don’t ignore security basics | by Taylor Armerding | Nerd For Tech | Mar, 2024 | Medium
Finding my First bug in Bug Bounty which was misconfigured google maps API key disclosure | OSINT TEAM
1500$: CR/LF Injection. Hi Everyone, How you all doing. In this… | by Abhi Sharma | Mar, 2024 | Medium
Beyond RAM and ROM: IDOR Leads to Unauthenticated File Upload Vulnerability in Indian Government Site | by Vedavyasan S (@ved4vyasan) | Mar, 2024 | Medium
Security awareness training meets a new obstacle: Generative AI
Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others
Key Lesson from Microsoft's Password Spray Hack: Secure Every Account
Step-by-Step Guide to Creating Your First Crypto Wallet
With AI hacks looming, don’t ignore security basics | by Taylor Armerding | Nerd For Tech | Mar, 2024 | Medium
GoFetch side-channel attack against Apple systems allows secret keys extraction
StrelaStealer targeted 100+ organizations across the EU and US
New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys
APT29 hit German political parties with bogus invites and malware
Police Bust Multimillion-Dollar Holiday Fraud Gang
Russian APT29 Group Targets German Politicians
How I Found Multiple XSS Vulnerabilities Using Unknown Techniques | by Khaledyassen | Mar, 2024 | InfoSec Write-ups
How A Wall of Lava Lamps Is Protecting The Internet | by Grant Piper | Mar, 2024 | Medium
Explore topics
Subdomain Fuzzing worth 35k bounty! | by HX007 | Mar, 2024 | Medium
Detecting Malware Installed on Android Devices | ITNEXT
Medium
Learning OT Security with Conpot: A Beginners Guide to IEC-104 | by Marcel Rick-Cen | Mar, 2024 | Medium
Headless HackTheBox Easy Machine Season IV 24/03/2024 | by Null0x0 | Mar, 2024 | Medium
Apple GoFetch: The Vulnerability Which is Not Easy To Fix | by Prof Bill Buchanan OBE | ASecuritySite: When Bob Met Alice | Mar, 2024 | Medium
How Facebook Intercepts Your Web Traffic - YouTube
Positive Technologies: Cyberattackers targeting telecommunications and the military-industrial complex in the Middle East
CISOasis - The Cybersecurity Meditation App
Crumbled Security: Unmasking the Cookie-Stealing Malware Threat
GitHub - skyler-ferrante/CVE-2024-28085: WallEscape vulnerability in util-linux
“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation | by Guardio | Mar, 2024 | Medium
Exclusive: A high-level election security group is back. NSA and Cyber Command want to keep it under the radar
Cybersecurity Challenges & Insights in India. - BlockAPT
886. Euro Cylinder raked open in seconds with a city rake, The 7 in 1 Lock Pick Tool in Action again - YouTube
Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word
31_round_sha256_poc.py · GitHub
Zero-days exploited in the wild jumped 50% in 2023, fueled by spyware vendors
Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign
Cloud Security Maturity Model, How mature are you?
Serious security breach hits EU police agency – POLITICO
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
Abusing MiniFilter Altitude to blind EDR
How Does Zcash Work? | Zellic — Research
Turnstiles from a hacker perspective - Part 2
Somni - Risk Management Tool
Releasing Substation v1.0. Brex has released Substation v1.0, the… | by Josh Liburdi | Brex Tech Blog | Mar, 2024 | Medium
top 10 Little known scientific discoveries - YouTube
Blog: Preventing Cross-Service UDP Loops in QUIC
GitHub - Notselwyn/CVE-2024-1086: Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images
US sanctions alleged Chinese state hackers for attacks on critical infrastructure
Vulnerability Summary for the Week of March 18, 2024 | CISA
Detecting Malware Installed on Android Devices | ITNEXT
BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
ShadowRay: First Known Attack Campaign Targeting AI Workloads Exploited In The Wild
Russian-backed APT29 Group Targets German Political Parties with WINELOADER Malware
Frida on Java applications and applets in 2024 - hn security
AI: Inside the shadowy global battle to tame the world's most dangerous technology – POLITICO
What You Should Know About NIST CSF 2.0: Five Key Takeaways | NextLabs
GitHub - salah9003/Automated-Vulnerability-Scanning-with-Agentic-AI: The system consists of multiple AI agents that collaborate to strategize, generate commands, and execute scans based on the client's description, without the need for human intervention.
9 Social Conformity Elevator Video - YouTube
GitHub - TracecatHQ/tracecat: 😼 The AI-native, open source alternative to Tines / Splunk SOAR.
Russian Military Used Hacked Cameras in Missile Strike on Capital, Alleges Ukraine
ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms - Computer Security Group
Guidance for Developers to make it hard on attackers (DDoS) — Withstand Security
Utilizing GitHub Actions for gathering Subdomain & Exploit Intelligence | A.R.P. Syndicate
UK accuses China of cyberattacks on British democracy – POLITICO
Metasploit Framework 6.4 Released | Rapid7 Blog
Otta | The better way to find a job in tech
Architecture 1005 RISC-V Assembly Short URL Redirect
APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme
Building a Cybersecurity Culture: 7 Key Strategies for Your Organisation - BlockAPT
Webinar Registration - Zoom
NCSC
RustRedOps by joaoviictorti is a repository dedicated to gathering and sharing various tools, projects, advanced techniques and offensive malware related to Red Team operations, with a specific focus on the Rust programming language. It can help penetrati
Designed and built a proof of concept robot arm prosthetic for fun.
POC(Proof of Concept) for showing the usage of Global Data Catalogue
security-final
GuardianEye: Empowering Security with an Intrusion Detection System
.ini adalah untuk mengambil akun facebook📥
springboot_security
Developed a neural network model which can be used in enhancing home security by detecting potential threats.
Security-Projects
mota_security_oracle7
This is a project based on building an Bank App Using JDBC (Java Database Connectivity) which has features of Account Management ,Transaction history , Balance Inquiry , Database Integration , User-Friendly , Security Measures and Error Handling
Proof of concept that directory of pptx files can be converted to a full feature video training with voice and animations.
Proof-of-concept MVP blog built with MDX and Docusaurus, hosted for free on GitHub pages
Website to generate and download participation certificates of each team from all venues of Tink-Her-hack 2.0
Customized UDS stack for specific services such as (read, write, security levels, session control)
cyber_security
Basic Skeleton for Management Roles
Kanban board proof of concept
Sample repo to reproduce the lack of secrets detections in SonarLint
secure user authentication using Google OAuth
PiMageKit is a simple web tool built with Flask for quick image adjustments. Easily remove backgrounds, strip metadata, resize, and crop images. Built as a Python proof of concept for image processing.
Miniclip 8ball pool CHETO hack ( Finally back, works only on PC and EMULATORS, this is not ANDROID version )
Old and new, unfinished prohjects and proofs of concept
securityCheck
ethical-hacking-js-00
Dummy (sample) ServiceNow scoped app for troubleshooting/proof of concepts purposes
Blockchain_security
2024.03 기준 ecpro (springboot 3.2,1 security 6.2.2 적용)
Hacks, tips, tricks, enhancements to make daily usage of Qubes OS better!
Spring-MVC-Security
ac_security-app
Gambi is a VPL Grader for Jupyter Notebooks (It's a HACK)
cyber_security
This is a rural social security system for children
In the contemporary switching IT market, earning the Microsoft Azure Security Technologies certification is essential for certifying your skills and creating doors for your professional development.
chipSecuritySystem_Solution
Proof-Of-Concept in Test Production Environment
NIGERIAN-HUNTER-AND-FOREST-SECURITY-SERVICE-BACKEND
This repository contains sample code demonstrating various use cases leveraging Amazon Bedrock and Generative AI. Each sample is a separate project with its own directory, and includes a basic Streamlit frontend to help users quickly set up a proof of con
spring-security-in28min-01
Web-security
List of Windows scripts in various languages and with various tasks. Sometimes they are a bit of a hack :-)
Explore the Depths of Security Testing
Elevate your Red Teaming game with Rust 🦀! This repository is your gateway to cutting-edge tools and techniques for offensive security operations, all crafted with Rust's power and versatility.
Patches to upgrade the White 2 gameplay experience while making a ROM Hack
Hello-SpringSecurity-Oatuh2
A cyber security tool written in Python.
Freezbe is a Website for a cyber security school project.
TDA602-DIT101-Language-based-security
The project has the goal of realizing a proof of concept for evaluating the quality of collected information through social media for the configuration of data preparation pipelines.
Proof of Concept
Interchain Security Program
A small experimental hackable HTTP server.
DayZ Best External Hack 2024 Aimbot Esp Wallhack
OAuth2.0 코드인증, 세션 (Form Login) 방식 적용 예지 입니다.
spring boot 3 + spring securtiy 6
Google-cyber-security-course-resources
Best FREE Open Source Apex HACK
"MBTA_lite," is based as a proof of concept for the Massachusetts Bay Transportation Authority's (MBTA) Subway-Train system. Focused initially on implementing the 'Red,' 'Blue,' and 'Orange' lines due to their straightforward configurations before extend
This service is designed to work with security organizations. C# .NET | React
C++ proof of concept for pulling a list of commands from a Github raw link & running them.
A repository for offensive security related notes.
CompTIA-Security-CE
Proof of Concept project that enables users to easily interact with Generative AI to find out what events are on this weekend in their location
Spring-Security
security
A Proof of Concept to implement a endpoint that has dynamic payload using best practices of OOP, specially Builder Pattern and Inheritance
Presentation Project: To demonstrate the concepts of Internals of Spring Security
The Distributed Firewall System (DFS) enhances organizational security by managing internal traffic through agents installed on servers or virtual machines, offering a robust defense against cyber threats.
A demo project to show how DevSecOps can help for a more secure development.
A project for CSC109 that provides a proof of concept for Ebay for Quinnipiac University.
CS6035-API-Security
Proof of concept of the Komunitin model in the Stellar network
Proof-of-concept server to learn gRPC with Golang
💎 Delve into the World of Ethical Hacking with Ruby: Master System Hacking and Web Exploits
Miniclip 8ball pool Rubix hack ( Works only on PC version of the game )
NIGERIAN-HUNTER-AND-FOREST-SECURITY
Security-Privacy-Trust (SPT) A.G.E. Website.
curso-apiRestFul-orm-security
A proof of concept of the pipeline for the heatmap project.
I want to hack roblox pls give me hacks
Tarea sobre el análisis de archivos y su metadata mediante python para la materia Web Security con ALDAMA COAHUILA MARIO ALBERTO
spring-security
This repo based on Spring Security
NodejsServiceSecurity
spring-security
Cyber-security-
An 'artistic' naive implementation of Baffle Text Captcha. THIS IS NOT FOR REAL SECURITY PURPOSES. The project only aims at recreating the visual style produced by the Captcha.
spring_security
Hello, am an Entry-Level Cyber Security Analyst (CSA). I hope you find me worthy of handling your cyber-security challenge as you check out my repository. I appreciate your consideration. Look forward to working with you.
Proof Of Concept
learning spring security
A repo to containerize all those beautiful, probably safe, security tool repos that don't already have apt packages for kali
Watch Video 👉 https://17m.io/blooket-hack 👈
Henv, a collection of configs, scripts and hacks that make our desktop environments functional and nice.
🎮A large archive of writeups for the PicoCTF competition's Binary Exploitation category with the purpose of educating other CTF competitors about hacking techniques
A proof-of-concept custom backtester
Primer hack de SQL
Code for USENIX Security 2024 paper: Moderating Illicit Online Image Promotion for Unsafe User-Generated Content Games Using Large Vision-Language Models.
GBSW-hackingstudy-Blind-SQL-Injection
Rust Midnight Hack 2024 Aimbot Esp Wallhack
Proof of concept of my personal project
keylogger-security
Hacker Rabbit's blog
Volleyball Hack
Spring-Security-With-Frontend-Angular-UI
Scripts for the Game: Grey Hack
line-login-spring-security
CSA5132-Cryptograpgy-and-Network-Security-for-Modern-Cryptosystems
web-security-basics
Proof-of-concept MVP blog built with MDX and Docusaurus, hosted for free on GitHub pages
A minimalist, hackable GUI for multi-modal LLMs. Powered by OpenRouter (including free APIs)
A tool developed to encrypt and decrypt a .txt file using standard RSA encrypt / decrypt algorithms with a vigenere cypher for added security
A collection of projects from my ethical hacking courses and personal projects.
https://github.com/dotnet/efcore/issues/9630 - Proof of concept
spring-security6-test
a proof of concept for [game jam 2024](https://github.com/william-v4/flippyflippy)
This is a hacking tool by @Unknow-per. It use telegram to connect to hacker.
Apply security principles
Spring-Security-Practice
Opdracht 2 voor Netwerken en Security vervolg
SpringSecurity
CSC442/542-CYEN301 - Introduction To Cyber Security
PoC (Proof-of-Concept) for possible how-to convert legacy FoxPro 2.6 application to Microsoft's donet-core.
cyber-security-project
Proof Of Concept
security_auth
The privacy-preserving record linkage toolkit: a proof-of-concept public demo of next-gen data linkage techniques.
Proof of Concept for CVE-2024-20767. Arbitrary file read from Adobe ColdFusion
This step-by-step cyber home lab provides thorough instruction on how to configure a secure environment in Virtualbox to discover and practice various cyber security scenarios.
Learn from your favorite indie hackers as they share stories and tall tales from their data model journey!
Spring-Security-with-Jwt-and-Angular-Authorization
A proof of concept of the owobot written in python
Internal-security-audit
Proof of Concept using Evolu + Excalidraw
Proof of concept for Js library Apache Echart
A Secure Antique evaluation website, part of my Computer Security Coursework.
SpringBoot/mvc/Security/JPA - MyBatis/HIkari, php based current
Proof of concept about GraphQL
Proof of concept chat app for learning
Modern Warfare 3 External Hack 2024 Aimbot Esp Wallhack
Aviator hack
Bassicly, MayhemTool is a Roblox Multi-Tool which exploits the game's source code in many ways, providing the user hacks.
A multi-use Discord bot for Generation 3 Pokemon, including ROM hacks and Showdown.
Miniclip 8ball pool CHETO hack ( Finally back, works only on PC and EMULATORS, this is not ANDROID version )
This project aims to assist those who plan to visit London or those who live in London. With this app, you can walk in the least risky areas to ensure your safety, avoiding places with higher security risks.
This product is the final year project submission for my bachelor of Science degree in computer science and engineering with specialisation in cyber security for the 8th semester.
Skilled and experienced cybersecurity analyst in identifying and mitigating security threats, Penetration testing, and developing security protocols.Excellent problem-solving and analytical skills,with a commitment to staying current on industry trends an
A comprehensive collection of CyberSecurity PDFs. Guides, Research Papers, Education, Information Security, Network Security, Cryptography, Malware Analysis, Penetration Testing, Ethical Hacking, Data Protection, Privacy, Threat Intelligence, Incident Res
Network-Security
Backend for online learning center using java , spring boot 3, Hibernate, Security and OAuth2
Using LED, Buzzer, LCD, Keypad and Servo Create Login system: That ask user to enter the password comparing it to predefined one If compare match will open the door and print welcome message on screen Else allow up to 3 trials after that security system
SecurityImplementation
This is a repository to play around with Copilot for security platform capabilities
Hacker News - Dracula Theme Boost for the Arc Browser
Network-Security
initial-commit
example I use for proof of concept/ work
API Rest desenvolvida para Ecommerce, utiliza de recursos como linguagem Java, Spring Boot, JPA, Web e Security!!
Welcome to the WatchShop Blazor app repository! This app is a proof of concept (POC) developed to learn and demonstrate the capabilities of Blazor for building web applications. The WatchShop app is designed to showcase a catalog of watches, allowing user
This BurpSuite extension facilitates the generation of Proof-of-Concept (PoC) code for Clickjacking vulnerabilities.
Code hacks in Data Science and Machine Learning from BH-PCMLAI
Proof of concept: Load and parse text content from file for display in Unity
Abstractions and base logic for handling a variety of cryptographic algorithms and keys in a flexible, easy way
Proof of concept: Server-driven UI using React + Golang
My Notes, Script and Solution for Portswigger Labs
Rust Best External Hack 2024 Aimbot Esp Wallhack
Proof of concept réalisé dans le cadre d'une candidature en tant que stagiaire.
In this repo, I'm gonna write the How to's of my Journey.
shopifyWithJwtSecurity
tf-azurerm-module_primitive-network_security_rule
tf-azurerm-module_primitive-network_security_group
🔭This will be my first long-term update project, and vAlerainArk is committed to helping security personnel with testing.
CyberSecurity
Spring Boot 3 + Spring Security 6: JWT Authentication & Authorization
Ce projet est une application Spring Boot qui fournit une API REST pour la gestion des utilisateurs, en utilisant Spring Security avec JWT pour l'authentification et la bibliothèque Faker pour générer des données d'utilisateurs aléatoires.
This is the security template for the Azure Landing Zone
FIG (Fortran Intuitive Graphics) FIG is a proof-of-concept library for Fortran that aims to provide intuitive graphics capabilities
Hoang Phuc Huy Nguyen _ Bachelor in Networking and Security at Federation University (2023)
securitytoolkit.github.io
All academic projects
CharlesWilkenson-nd035-c4-Security-and-DevOps
WBS https://learn.wbscodingschool.com/courses/full-stack-web-app/lessons/%f0%9f%94%a8-hacker-news/
SpringBoot Security, Lombok 강의
FirstSecurityApp
Test your AI model's security through CLI alone
Spring-Security---oauth2
Implemented a Secure Password Management System using Python, leveraging encryption techniques for data security and robust authentication mechanisms for user access control. The system ensures confidentiality of stored passwords, user-friendly interface
The Residential Security Aid ShiftStreamline Application enhances residential security with real-time coordination and robust, scalable design. It simplifies complex tasks, ensuring safety with advanced object-oriented features.
Proof of Concept Implementation of the Safe Smart Account in Pure Yul
Conduct-a-security-audit
proof of concept of html, css only product configurator
Work in progress - A project with Maven, J unit testing, Spring 6, Aspect-oriented programming, Spring MVC, Spring Boot 3, Thymeleaf, Spring Security 6, Spring Java Database Connectivity (JDBC), Java Persistence API, REST (representational state transfer)
A proof-of-concept project demonstrating the power and flexibility of MVEL2 for dynamic expression evaluation in various scenarios.
Tempozi-security-policy
EnumSecurity
The Bank Management System project aims to develop a comprehensive software application to facilitate efficient management of day-to-day operations in banks and financial institutions. The system encompasses various functionalities, including customer m
A "proof of concept" GraphQL client for GitHub's Repository Deployments API
MITs Math bootcamp for engineering, but tailored for cyber security.
Fundamentals of Cybersecurity (3 ECTS) LTAT.05.033. The objective of this course is to create more general technical background knowledge for people with a non-technical background; for instance, an overview of today's (and potentially near future) possib
A small Tidyverse comparison Proof-of-Concept
An open telegram userbot build for security and automate your task.
Nugget Team #7's Tamagotchi, Digimon, and Vpet Hacking Repo
Farlight 84 External Hack 2024 Aimbot Esp Wallhack
This Hack will make you see the person
This Repository is maintained to keep a track of the my personal and course works for this paper, System security management in Semester 4.
Repositorio dedicado aos estudos do Spring Security e JWT
Wireless keystroke injection attack platform # WifiDuck
Utilizing Greenbone Security Assistant, nmap, nikto and wapiti to perform vulnerability scans.
Metamask-and-Cryptocurrency-Wallets---Password-Brute-Forcer
network-security-issues
springboot + spring security (inflearn spring security lecture)
A microservice which is a part of the Project Management application. This service handles user authentication and authorization leveraging spring security and jwt.
SpringBoot3_SpringSecurity6_Basic_JdbcAuthentication
Castlevania 3 Revision rebalance mechanics overhaul hack.
This Python script enables ARP spoofing attacks on local networks, allowing for various security testing and network reconnaissance purposes. Use responsibly and with caution, ensuring proper authorization and safeguards are in place.
cyber-security
The platform is designed for convenient and intuitive shopping. Users can freely browse a wide selection of products, add their chosen items to the cart, and easily finalize their orders. The project prioritizes both ease of use and data security.
Simple Flask application containing both attacker and vulnerable's website. Cross-Site Request Forgery assignment for Web Security course
Bittensor Subtensor for Docker with enhanced security runtime.
Formula Hacks Hackathon Project
spring-security
PP_3_1_2_Boot_Security_Vernov312
Ethical Hacking Course Note!
Proof of concept Cypress e2e test to verify my understanding of the fundamentals of test automation.
spring-security-with-jwt
CSC 196P - Proof of Concept - Project 01 - NFC
mansoura-security-inquiries
LendingClub is a pioneering peer-to-peer lending company in the United States. Renowned for its innovative approach, it was the first to register its offerings as securities with the Securities and Exchange Commission (SEC) and introduce loan trading on a
Hotel booking app using Java, Spring Boot, and ReactJS for the frontend, and we will be using JWT Authentication with Spring Security.
A demo/proof of concept of using Rive backed by an OffScreenCanvas.
date: 3/21/2024 working | please star to see more hacks! | I am still working on this repository so please wait for it to look better.
security
Spring-Security-Template
QUẢN LÝ KHOA CÔNG NGHỆ THÔNG TIN (VAI TRÒ: NGƯỜI QUẢN LÝ HỆ THỐNG)
Simple previewer for nekoweb siteboxes intended for easy hacking.
security
Gather ASVS security requirements for you software features
Auto repair service. Security microservice
Spring-Security6
COSE451_Software_Security
security
Automation scripts to help customer to do some actions automatically instead manual operations.
A portfolio repository for Egis Security's past audits
CYBER-SECURITY-WITH-IBM-QRADAR
Massively Improving Cryptocurrency Storage Security
A very basic bus sniffer and communicator (UART, SPI, I2C)
RPM package of OpenIKED for openSUSE and SUSE Linux Enterprise
This Python project is a customizable password generator, enabling users to specify password length and inclusion of numbers/symbols. It generates strong and random passwords, offering a command-line interface for ease of use. It promotes reusability and
Hackpro Info Solutions. Learn Cyber Security tools and concepts and get Certifications.
spring_security
A tool to help track hosts and directories while conducting security assessments
documentation of work undertaken as part of the 2024 bio-Hack Academy at Waag
https://THEBIGTOMMY13DEV.github.io/THEBIGTOMMY13s-CyberSecurity-Decision-game
VisageGuard – Intelligent Facial Recognition for Enhanced PC Security
MINOTAUR: The STRONGEST Secure Prompt EVER! Prompt Security Challenge, Impossible GPT Security, Prompts Cybersecurity, Prompting Vulnerabilities, FlowGPT, Secure Prompting, Secure LLMs, Prompt Hacker, Cutting-edge Ai Security, Unbreakable GPT Agent, Anti
Comp-Security-
The easiest LLM security and privacy guardrails for GenAI apps.
Design and Formal Verification of a Sequence Detector FSM for Enhanced Security Applications
MISP galaxy of voice assistant security vulnerabilites (based on research articles)
MIPAY is a digital payment mobile application that simplifies financial transactions for users, ensuring convenience, security and comfort. With MIPAY, users easily handle various financial tasks, including bill payments, money transfers.
LEVEL-UP é um exercício diário de desenvolvimento constante em Hacking
A Docker-based tool designed to simplify the deployment and maintenance of web services, including HTTP servers and WordPress sites. It features automated setup, robust security, SFTP support, and custom templates for hassle-free server administration.
Learn and hands-on exercise through write some basic project based on Spring Boot, Spring Security, Spring Data, Spring Cloud
OnlineShop-SpringSecurity-Java12
Zunder community discord bot systems
Repository for Pokémon YAEEH. A ROM hack based on pokeemerald-expansion!
JWT Authentication and Authorisation
Security-Controls-Inventory
Proof of concept d'un site centré sur le gaming
Regional Office ensures security through coordination and collaboration efforts. my workspace
isss-spring-boot-security
A-security-related-code-flow-extraction-system-based-on-knowledge-graphs
This is my personal k8s security learning - all in scripts
WARNING: This is a proof-of-concept idea - it might be removed again
A website for a baby products store that provides a server side and a client side including information security for an administrator and users on all sides and a visual display.
InformationalSecurity
SecureFace: A facial recognition solution using Azure Cognitive Services. Enhances security, streamlines access control & attendance tracking. Seamlessly integrates with existing systems. Trusted choice for safeguarding premises & optimizing workflows
security-master
Free, entirely open source, and secure data management system. Designed for; organizations, companies, and individuals to securely save and manage sensitive information.
sec
Ai000-Rostam (Codename: Ritchie Blackmoore) is a penetration testing tool for windows infrastructure that has been developing by Ai000 Cybernetic QLab as an offensive research project. It can be used in the red-teaming projects and penetration testing of
Bu repo, 18/09/2023 tarihinde başlayan Techcareer Cyber Security Bootcamp projesindeki isterleri içermektedir.
Cyber security team
Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.
AI for Smart RealTime Video Security System
A Portfolio with all the project related to cyber-security I have worked on
The primary goal of this project is to develop a comprehensive fraud detection system that enhances the security and trustworthiness of financial transactions.
Portafolio de evidencias para la materia de Seguridad de Datos.
Our security models course groupwork where we will create our own Antivirus
Network & Security Controls
Explore various tutorials around exploiting different services, the vulnerabilities around those services and best security measures for protecting your organization.
Discord 2FA is a powerful Minecraft plugin designed to enhance the security of your Minecraft server by integrating two-factor authentication (2FA) with Discord accounts.
Deep Learning Project
Proof of concept async RPC macro.
Generate wordlists for dictionary attacks
The DNS Security Analysis Tool is a Python-based utility designed to conduct an in-depth security analysis of DNS configurations for multiple domains.
This is our documentation for the CyberPatriot Cyber Security competition. Please update the docs if you learn something new!!
Bluetooth Security Assessment Methodology
holbertonschool-cyber_security
EthicalHacking_ObtainWifiDetails
Proof-of-Concept tool for a Contracted Project to Assist those with learning disabilities in having the proper aid for online schooling.
🎉 基于SpringBoot,Spring Security,JWT,Vue & Element 的前后端分离权限管理系统,同时提供了 Vue3 的版本
A list of security checks for crypto software wallets. It's based on Coinspect's ongoing research on software wallets, which unveiled multiple vulnerabilities across various vendors.
Mooc Cyber Security Base course project 1
File-based database with security for GO.
Understanding industrial Cybersecurity.
CyberSecuritySummaries
The microsphere projects for security
Real-time number plate detection via YOLO V8: A swift, accurate system using advanced computer vision. Detects plates in live video feeds, aiding traffic control, law enforcement. Fast, precise, and pivotal for security, traffic management.
Executes Wi-Fi hacking operation using the ESP32
Android app that orchestrates Wi-Fi hacking operation using the ESP32
Hackable database environment for your file library.
HelpDesk Proof of concept
EduConnect prototype is a web-based platform where users can create accounts, submit projects, browse, rate, and review projects, engage in discussions, and personalize their profiles.
Scout is an extensible open-source tool intended to assist Stellar Soroban smart contract developers and auditors detect common security issues and deviations from best practices.
A driving hazard simulator 'proof of concept' that is built using the Unity 3D engine. Tailored for the VR experience using the Meta Quest.
es-proximity-search wp plugin (Proof of Concept)
Conflict detection in UN Security Council debates.
A set of security protocol functions for database, media upload and user handling in Clojure projects.
In the ever-evolving landscape of smart home technology, the Smart Door Lock App emerges as a beacon of innovation, bringing unparalleled control and security to users' fingertips. This comprehensive application is designed to empower users to manage thei
SecurityQAModel
📩 MTA-STS Policy for Ryan Jarvis Law®
Security Monitoring using Wazuh, published by Packt
Ansible role for Amazon2023 CIS Baseline
Project of secure user authorization/authentication flows with modern and latest tech using Java 21, Spring 3 and Customized Spring Security 6 with JWT.
Hacker rank
Cryptonite Chat is a secure Android messaging application that prioritizes user privacy and data security through robust end-to-end encryption algorithms.
Reports on Users/Group, Permission Sets, and Account Assignments
PhucVV-Security-and-DevOps
Uma comunidade focada em aprender e melhorar as habilidades de hacking
netmaker-helm with additional security fixes
Fallout terminal, including the "hacking" minigame
epic hacks
A curated list of awesome NLP, Computer Vision, Model Compression, XAI, Reinforcement Learning, Security etc Paper
Whispers in the Machine: Confidentiality in LLM-integrated Systems
Free, powerful, and versatile compute infrastructure for all high school hackers!
proof of concept for a star trek fabricator, other tests need to be performed. Must run octoprint on a raspberry pi on your local network. Must have an openai api key. Must modify the pip library octorest to not validate an ssl. Can speak things into exis
Fullstack website written in ReactJS, Spring Boot, Spring Security, PostgreSQL
Tässä repositoryssa on kaikki tekemäni tehtävät Tero Karvisen kurssille Ethical hacking course 2024
A dotnet representation of Protective Markings defined in the Australian Protective Security Policy Framework
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
service-security-posture-hardening
WebApplicationSecurity
secator - the pentester's swiss knife
This repository contains notes and resources related to ethical hacking. Here, you'll find a wealth of information on various aspects of hacking, including information gathering, scanning and enumeration, web hacking, exploitation, and windows/linux hacki
Fluere is a powerful and versatile tool designed for network monitoring and analysis. It is capable of capturing network packets in pcap format and converting them into NetFlow data, providing a comprehensive view of network traffic. It also Provides Term
teler-waf is a Go HTTP middleware that provides teler IDS functionality.
📚 Documentation repository for MSAL.NET
A CLI tool to analyze the behavior of your dependencies using listen.dev
Protect your Magento store from spam messages and spam user accounts with Cloudflare Turnstile
Proof-of-concept for a data portal using static pages.
🏴‍☠️ Find dead-links (broken links)
Hello, Hacker!
.NET7 web api starter with the vital implementations
[mirror] Impart Security's Helm Charts
A dos (denial of service) attack for local networks using dead router attack (IPv6) and ARP attack (IPv4) simultaneously
Base de connaissances en cybersécurité
Notebooks for the minimal LOS model advantage and distributed haloes analysis as presented in Hogg et al. 2022 (arXiv: 2210.07210).
Proof of concept UI for a data pipelining feature being prototyped for InterSystems IRIS
Hacking into Cyber Security is an open-source book for professionals and beginner's who want to crack into Information security field.
Proofs of Concept
Massive Mobile Security Framework
GUAC aggregates software security metadata into a high fidelity graph database.
automated-security-helper
Code-signing for npm packages
OpenFGA Client SDK Generator
A collection of useful batch scripts created by myself and community members during my security research of the Xbox One/Series, specifically for Dev Mode SystemOS.
security
Information Security and Data Privacy with some examples
easily add CSP and other security headers to your web application.
The ISRA security-risk-assessment-tool project is an Electron based application used to do security risk assessments at a technical level
security-bundle
Caddy server with security plugin
Simple Web application for use in Fortify demonstrations
The hackable notebook
This project provides a CDK construct to create an EC2 SecurityGroup, which property `securityGroupName` returns the GroupName.
A utility to fight against malicious hackers on Bedrock Edition.
Config files for my GitHub profile.
The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines
security-notifier
Official GitHub Action for OpenSSF Scorecard.
A demo project that shows how to secure an application using the new spring security oauth2 stack.
The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (mingw-w64)
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and res
tools for administration, security and automation
A proof-of-concept C++ program based on BetterJoy to get data from JoyCons using HIDAPI.
Here, I code the scripts used in Ethical Hacking
The AI VPN provides an security assessment of VPN clients' network traffic to identify cyber security threats.
A React fronted for Hacker News
Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
資安解壓縮的家 Website of Infosec Decompress
food_security.github.io
A Java Spring Project using Spring Boot DevTools / Spring Web / Thymeleaf / Spring Security / H2 Database / MyBatis Framework
This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
Go proof of concept projects
Two-factor authentication for Symfony applications 🔐
MyExpense is a vulnerable web application
A proof of concept plugin for gene coexpression network with the ability to add personalized modules.
yshop意象点餐(扫码点餐)系统,在线点餐(外卖与自取)小程序模式,支持多门店模式,基础技术Java,uniapp(vue3)(支持H5、微信小程序) 采用当前流行技术组合的前后端分离点餐系统: SpringBoot、Spring Security OAuth2、MybatisPlus、SpringSecurity、jwt、redis、Vue3的前后端分离的系统
A collection of my public security advisories.
Ostracon, a consensus algorithm, is forked from Tendermint Core. We have added VRF to Tendermint BFT. It adds randomness to PoS Validator elections and improves security.
M2kar的个人主页
iOS platform security & anti-tampering Swift library
Akai MPC Live/X/Force/One technical explorations and hacks
Security Development Repository Tools
This package is a plugin for Terraform, and is designed to be used to auto-provision sites in Incapsula via Incapsula’s API from the terraform cli/yaml configurations.
Remote Repositories Head/Repositories Ready to Hack
Content Security Policy module for Silverstripe
A PKCS#11 interface for TPM2 hardware
Analisis automatico de vulnerabilidades API / WEB ( hackingyseguridad.com )
spring-security-oauth2-test
Proof of concept for infrastructure as code with Golang and Kubernetes
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Security oriented monitoring service
Proofs of concept (frameworks & java advanced)
Security risk analysis for Kubernetes resources
Proof-of-concept component providing snapshotting functionality to Broadway
appscan-plugin
Proof of concept - mobilPay integration in Node.js
A CNCF Project to Bootstrap & Maintain Trust on the Edge / Cloud and IoT
DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.
Go security checker
Dradis Framework: Collaboration and reporting for IT Security teams
miscellaneous hacks that don't have another home
:earth_asia: Buttercup browser extension
:key: Cross-Platform Passwords & Secrets Vault
ZAP Add-ons
Hardening Ubuntu. Systemd edition.
Hibernate, Hibernate Search, Hibernate Validator, Spring, Spring Data, Spring Security, Thymeleaf, Bootstrap
Manage your finances on-the-go, encrypted for security, sync via your own cloud
Platform Security Assessment Framework
Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), BPF, Ethereum VM, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.
CVE-2024-0980 -- The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code.
CVE-2024-1770 -- The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with cont
CVE-2024-2091 -- The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping on user supplied attributes. Th
CVE-2024-2110 -- The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes
CVE-2024-2111 -- The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output e
CVE-2024-28005 -- Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR81
CVE-2024-28008 -- Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300
CVE-2024-28010 -- Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600
CVE-2024-28011 -- Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200H
CVE-2024-28012 -- Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF12
CVE-2024-28013 -- Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1
CVE-2024-28014 -- Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2,
CVE-2024-28015 -- Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8
CVE-2024-28016 -- Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF120
CVE-2024-3009 -- A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The at
CVE-2024-3010 -- A vulnerability was found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this issue is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack ma
CVE-2024-3011 -- A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is
CVE-2024-3012 -- A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been declared as critical. This vulnerability affects the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buff
CVE-2024-3013 -- A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue affects some unknown processing of the file /tools/test_login.php?action=register of the component User Registration. The manipulation leads to improper authori
CVE-2024-3014 -- A vulnerability classified as critical has been found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file Actions.php. The manipulation of the argument title leads to sql injection. It is possible to launch the a
CVE-2024-3015 -- A vulnerability classified as critical was found in SourceCodester Simple Subscription Website 1.0. Affected by this vulnerability is an unknown functionality of the file manage_plan.php. The manipulation of the argument id leads to sql injection. The att
CVE-2024-3024 -- A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is
Vulners.com -- CVE-2024-29924
Vulners.com -- CVE-2024-29928
Vulners.com -- CVE-2024-29923
Vulners.com -- CVE-2024-29919
Vulners.com -- CVE-2024-29918
CVE-2017-20190 -- Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether the computational
CVE-2022-45847 -- Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting (XSS).This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1.
CVE-2023-0582 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass.
CVE-2023-25364 -- Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks.
CVE-2023-29134 -- An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit.
CVE-2023-31634 -- In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations.
CVE-2023-31854 -- std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed because it should be categorized as a usability problem.
CVE-2023-34020 -- URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.
CVE-2023-39306 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through 3.11.1.
CVE-2023-39311 -- Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.
CVE-2023-39804 -- In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
CVE-2023-40288 -- An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.
CVE-2023-40289 -- A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.
CVE-2023-40290 -- An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows.
CVE-2023-43768 -- An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands.
CVE-2023-44999 -- Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0.
CVE-2023-45913 -- Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using D
CVE-2023-45919 -- Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.
CVE-2023-45920 -- Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or win
CVE-2023-45922 -- glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-control
CVE-2023-45924 -- libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an atta
CVE-2023-45925 -- GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently
CVE-2023-45927 -- S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().
CVE-2023-45929 -- S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().
CVE-2023-45931 -- Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.
CVE-2023-45935 -- Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous b
CVE-2023-46046 -- An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of
CVE-2023-46047 -- An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled co
CVE-2023-46048 -- Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem.
CVE-2023-46049 -- LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end
CVE-2023-46051 -- TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem.
CVE-2023-46052 -- Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuratio
CVE-2023-47438 -- SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers to obtain sensitive information or other system information via the project parameter.
CVE-2023-49815 -- Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.
CVE-2023-50961 -- IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess
CVE-2023-52228 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.24.
CVE-2023-6153 -- Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-6173 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeoSOFT Software TeoBASE allows SQL Injection.This issue affects TeoBASE: through 27032024. NOTE: The vendor was contacted early about this disclosure bu
CVE-2023-6400 -- Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and 23.4.
CVE-2024-0071 -- NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability may lead to code execution, denial of service, escalatio
CVE-2024-0073 -- NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is performing an operation at a privilege level that is higher than the minimum level required. A successful exploit of this vulnerability may lead to
CVE-2024-0074 -- NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering.
CVE-2024-0075 -- NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of this vulnerability may lead to de
CVE-2024-0077 -- NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, es
CVE-2024-0078 -- NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service.
CVE-2024-0079 -- NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest VM can cause a NULL-pointer dereference in the host. A successful exploit of this vulnerability may lead to denial of service.
CVE-2024-0400 -- SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and exec
CVE-2024-1023 -- A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be ac
CVE-2024-1364 -- The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes.
CVE-2024-1521 -- The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This
CVE-2024-1531 -- A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-lang
CVE-2024-1532 -- A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb
CVE-2024-1540 -- Previously, it was possible to exfiltrate secrets in Gradio's CI, but this is now fixed.
CVE-2024-2004 -- When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.s
CVE-2024-20259 -- A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
CVE-2024-20265 -- A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device.
CVE-2024-20271 -- A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
CVE-2024-20276 -- A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly.
CVE-2024-20278 -- A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device.
CVE-2024-20303 -- A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.
CVE-2024-20306 -- A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an at
CVE-2024-20307 -- A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading.
CVE-2024-20308 -- A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading.
CVE-2024-20309 -- A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding.
CVE-2024-20311 -- A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
CVE-2024-20312 -- A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
CVE-2024-20314 -- A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of servi
CVE-2024-20316 -- A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL).
CVE-2024-20324 -- A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords.
CVE-2024-20333 -- A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device.
CVE-2024-20354 -- A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device.
CVE-2024-2097 -- Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker oth
CVE-2024-2120 -- The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and
CVE-2024-2121 -- The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supp
CVE-2024-2139 -- The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in all versions up to, and including, 2.0.5.6 due to insufficient input sanitization and output escaping. This makes it possible
CVE-2024-2203 -- The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, t
CVE-2024-2206 -- The /proxy route allows a user to proxy arbitrary urls including potential internal endpoints.
CVE-2024-2209 -- A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to p
CVE-2024-2210 -- The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access
CVE-2024-22149 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5.
CVE-2024-22288 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, P
CVE-2024-22299 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through
CVE-2024-22300 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11.
CVE-2024-22311 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20.
CVE-2024-22413 -- Rejected reason: Further research determined the issue is not a vulnerability. The Creditcoin blockchain team takes the stance that there is no real bug or vulnerability here and that the creditcoin-cli command is working as it was designed to.
CVE-2024-2244 -- REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations.
CVE-2024-23450 -- A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.
CVE-2024-23451 -- Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured
CVE-2024-23510 -- Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin Don't Muck My Markup.This issue affects Don't Muck My Markup: from n/a through 1.8.
CVE-2024-23515 -- Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159.
CVE-2024-2379 -- libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certi
CVE-2024-2398 -- When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the
CVE-2024-24334 -- A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2.
CVE-2024-24335 -- A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2.
CVE-2024-2466 -- libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, ther
CVE-2024-24700 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.8.
CVE-2024-24800 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.2.5.
CVE-2024-24842 -- Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2.
CVE-2024-25354 -- RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function.
CVE-2024-25388 -- drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer signedness error and resultant buffer overflow.
CVE-2024-25389 -- RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;" in calc_random in drivers/misc/rt_random.c.
CVE-2024-25390 -- A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2.
CVE-2024-25391 -- A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2.
CVE-2024-25392 -- An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2.
CVE-2024-25393 -- A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2.
CVE-2024-25394 -- A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing '\0' character.
CVE-2024-25395 -- A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2.
CVE-2024-25580 -- An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
CVE-2024-25734 -- An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts.
CVE-2024-25735 -- An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.
CVE-2024-25736 -- An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request.
CVE-2024-25920 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4.
CVE-2024-25926 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1.
CVE-2024-25962 -- Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.
CVE-2024-27091 -- GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely,
CVE-2024-27188 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloudways Breeze allows Stored XSS.This issue affects Breeze: from n/a through 2.1.3.
CVE-2024-27270 -- IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576.
CVE-2024-2781 -- The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it pos
CVE-2024-28085 -- wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from ar
CVE-2024-28233 -- JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS c
CVE-2024-28247 -- The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbit
CVE-2024-28335 -- Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localh
CVE-2024-28784 -- IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. I
CVE-2024-28815 -- A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the syste
CVE-2024-28852 -- Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use `rule` as a variable are not secure. For example, when querying a song, when q
CVE-2024-28853 -- Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of
CVE-2024-28860 -- Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium
CVE-2024-2930 -- A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=save_music. The manipulation leads to unrestricted upload. Th
CVE-2024-2932 -- A vulnerability classified as critical has been found in SourceCodester Online Chatting System 1.0. Affected is an unknown function of the file admin/update_room.php. The manipulation of the argument id leads to sql injection. It is possible to launch the
CVE-2024-2934 -- A vulnerability classified as critical was found in SourceCodester Todo List in Kanban Board 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-todo.php. The manipulation of the argument list leads to sql injectio
CVE-2024-2935 -- A vulnerability, which was classified as problematic, has been found in SourceCodester Todo List in Kanban Board 1.0. Affected by this issue is some unknown functionality of the component Add ToDo. The manipulation of the argument Todo leads to cross site
CVE-2024-2938 -- A vulnerability was found in Campcodes Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /adminpanel/admin/facebox_modal/updateCourse.php. The manipulation of the argument id leads to sql
CVE-2024-2939 -- A vulnerability classified as problematic has been found in Campcodes Online Examination System 1.0. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to cross site sc
CVE-2024-2940 -- A vulnerability classified as problematic was found in Campcodes Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /adminpanel/admin/facebox_modal/updateCourse.php. The manipulation of the argument id le
CVE-2024-2941 -- A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /adminpanel/admin/query/loginExe.php. The manipulation of the argument pass lead
CVE-2024-2942 -- A vulnerability, which was classified as critical, was found in Campcodes Online Examination System 1.0. This affects an unknown part of the file /adminpanel/admin/query/deleteQuestionExe.php. The manipulation of the argument id leads to sql injection. It
CVE-2024-2943 -- A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/deleteExamExe.php. The manipulation of the argument id leads to sql injection
CVE-2024-2944 -- A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. This issue affects some unknown processing of the file /adminpanel/admin/query/deleteCourseExe.php. The manipulation of the argument id leads to sql injection
CVE-2024-2945 -- A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to sql inje
CVE-2024-2954 -- The Action Network plugin for WordPress is vulnerable to SQL Injection via the 'bulk-action' parameter in version 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i
CVE-2024-2956 -- The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20231101 due to insufficient input sanitization and output escaping. This makes i
CVE-2024-2962 -- The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This mak
CVE-2024-29758 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.72.
CVE-2024-29759 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.
CVE-2024-2976 -- A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer
CVE-2024-29760 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through 7.1.7.
CVE-2024-29761 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Krunal Prajapati WP Post Disclaimer allows Stored XSS.This issue affects WP Post Disclaimer: from n/a through 1.0.3.
CVE-2024-29762 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Stored XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.
CVE-2024-29763 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): fro
CVE-2024-29764 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui allows Stored XSS.This issue affects Molongui: from n/a through 4.7.7.
CVE-2024-29765 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alireza Sedghi Aparat for WordPress allows Stored XSS.This issue affects Aparat for WordPress: from n/a through 2.2.0.
CVE-2024-29766 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StreamWeasels StreamWeasels Twitch Integration allows Stored XSS.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.5.
CVE-2024-29767 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wobbie.Nl Doneren met Mollie allows Reflected XSS.This issue affects Doneren met Mollie: from n/a through 2.10.2.
CVE-2024-29768 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra allows Stored XSS.This issue affects Astra: from n/a through 4.6.4.
CVE-2024-29769 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portfolio Gallery – Image Gallery Plugin allows Stored XSS.This issue affects Portfolio Gallery – Image Gallery Plugin: from n/a through 1.5.6.
CVE-2024-2977 -- A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as critical. Affected by this issue is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The
CVE-2024-29770 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through 3.6.2.
CVE-2024-29771 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress allows Stored XSS.This issue affects Dracula Dark Mode - The Revolutionary D
CVE-2024-29772 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stormhill Media MyBookTable Bookstore allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through 3.3.7.
CVE-2024-29773 -- Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5.
CVE-2024-29774 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpDirectoryKit WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.2.9.
CVE-2024-29775 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vinoth06. Frontend Dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through 2.2.1.
CVE-2024-29776 -- Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.
CVE-2024-29777 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Reflected XSS.This issue affects Forminator: from n/a through 1.29.0.
CVE-2024-2978 -- A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the
CVE-2024-29788 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1.
CVE-2024-29789 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5.
CVE-2024-2979 -- A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overf
CVE-2024-29790 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.16.
CVE-2024-29791 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.01.
CVE-2024-29792 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elem
CVE-2024-29793 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2.
CVE-2024-29794 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through 6.9.1.
CVE-2024-29795 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more allows Stored XSS.This issue affects Media Cloud for Am
CVE-2024-29796 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hot Themes Hot Random Image allows Stored XSS.This issue affects Hot Random Image: from n/a through 1.8.1.
CVE-2024-29797 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Darko Grid Shortcodes allows Stored XSS.This issue affects Grid Shortcodes: from n/a through 1.1.
CVE-2024-29798 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Appsmav Gratisfaction allows Stored XSS.This issue affects Gratisfaction: from n/a through 4.3.4.
CVE-2024-29799 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Epsiloncool WP Fast Total Search allows Stored XSS.This issue affects WP Fast Total Search: from n/a through 1.59.211.
CVE-2024-2980 -- A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow
CVE-2024-29801 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Petri Damstén Fullscreen Galleria allows Stored XSS.This issue affects Fullscreen Galleria: from n/a through 1.6.11.
CVE-2024-29802 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3.
CVE-2024-29803 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mehanoid.Pro FlatPM allows Stored XSS.This issue affects FlatPM: from n/a before 3.1.05.
CVE-2024-29804 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14.
CVE-2024-29805 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShopUp Shipping with Venipak for WooCommerce allows Reflected XSS.This issue affects Shipping with Venipak for WooCommerce: from n/a through 1.19.5.
CVE-2024-29806 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.
CVE-2024-29807 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26.
CVE-2024-2981 -- A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer ov
CVE-2024-29811 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73.
CVE-2024-29812 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22.
CVE-2024-29813 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CartFlows Inc. Funnel Builder by CartFlows allows Stored XSS.This issue affects Funnel Builder by CartFlows: from n/a through 2.0.1.
CVE-2024-29814 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Exchange Rates Widget allows Stored XSS.This issue affects Exchange Rates Widget: from n/a through 1.4.0.
CVE-2024-29815 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aminur Islam WP Change Email Sender allows Stored XSS.This issue affects WP Change Email Sender: from n/a before 1.3.0.
CVE-2024-29816 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in htdat Woo Viet allows Stored XSS.This issue affects Woo Viet: from n/a through 1.5.2.
CVE-2024-29817 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit allows Stored XSS.This issue affects affiliate-toolkit: from n/a through 3.4.5.
CVE-2024-29818 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker allows Stored XSS.This issue affects WP Poll Maker: from n/a through 3.1.
CVE-2024-29819 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syam Mohan WPFront Notification Bar allows Stored XSS.This issue affects WPFront Notification Bar: from n/a through 3.3.2.
CVE-2024-2982 -- A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The e
CVE-2024-29820 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedNao PDF Builder for WPForms allows Stored XSS.This issue affects PDF Builder for WPForms: from n/a through 1.2.88.
CVE-2024-2983 -- A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this issue is the function formSetClientState of the file /goform/SetClientState. The manipulation of the argument deviceId/limitSpeed/limitSpeedUp leads to st
CVE-2024-2984 -- A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been classified as critical. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible t
CVE-2024-2985 -- A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer ov
CVE-2024-2986 -- A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The a
CVE-2024-2987 -- A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is p
CVE-2024-2988 -- A vulnerability classified as critical was found in Tenda FH1203 2.0.1.6. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument entrys leads to stack-based buffer overflow.
CVE-2024-29886 -- Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6.
CVE-2024-29887 -- Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack agains
CVE-2024-29888 -- Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its addr
CVE-2024-2989 -- A vulnerability, which was classified as critical, has been found in Tenda FH1203 2.0.1.6. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer
CVE-2024-29891 -- ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need
CVE-2024-29892 -- ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim `urn:zitadel:iam:user:
CVE-2024-2990 -- A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. This affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible
CVE-2024-29906 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n
CVE-2024-29907 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Active Websight SEO Backlink Monitor allows Reflected XSS.This issue affects SEO Backlink Monitor: from n/a through 1.5.0.
CVE-2024-29908 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.71.
CVE-2024-29909 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Camille Verrier Travelers' Map allows Stored XSS.This issue affects Travelers' Map: from n/a through 2.2.0.
CVE-2024-2991 -- A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be
CVE-2024-29910 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through 0.9.2.
CVE-2024-29911 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.
CVE-2024-29912 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Baptiste Placé iCalendrier allows Stored XSS.This issue affects iCalendrier: from n/a through 1.80.
CVE-2024-29913 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS Elementor Addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.3.
CVE-2024-29914 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MotoPress Stratum allows Stored XSS.This issue affects Stratum: from n/a through 1.3.15.
CVE-2024-29915 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9.
CVE-2024-29917 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Compact WP Audio Player allows Stored XSS.This issue affects Compact WP Audio Player: from n/a through 1.9.9.
CVE-2024-29918 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Reflected XSS.This issue affects Survey Maker: from n/a through 4.0.6.
CVE-2024-29919 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Reflected XSS.This issue affects Photo Gallery by Ays: from n/a through 5.5.2.
CVE-2024-2992 -- A vulnerability was found in Tenda FH1203 2.0.1.6 and classified as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be initiat
CVE-2024-29920 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.2.9.
CVE-2024-29921 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic Photo Gallery by Supsystic allows Stored XSS.This issue affects Photo Gallery by Supsystic: from n/a through 1.15.16.
CVE-2024-29922 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Quantum Cloud Slider Hero allows Stored XSS.This issue affects Slider Hero: from n/a through 8.6.1.
CVE-2024-29923 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Reflected XSS.This issue affects PropertyHive: from n/a through 2.0.8.
CVE-2024-29924 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Premium Packages allows Reflected XSS.This issue affects Premium Packages: from n/a through 5.8.2.
CVE-2024-29925 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6.
CVE-2024-29926 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WC Builder allows Stored XSS.This issue affects WC Builder: from n/a through 1.0.18.
CVE-2024-29927 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTheme WishSuite allows Stored XSS.This issue affects WishSuite: from n/a through 1.3.7.
CVE-2024-29928 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.This issue affects Advanced Sermons: from n/a through 3.1.
CVE-2024-29929 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce allows Stored XSS.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through 6.7.8.
CVE-2024-2993 -- A vulnerability was found in Tenda FH1203 2.0.1.6. It has been classified as critical. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possi
CVE-2024-29930 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.4.
CVE-2024-29931 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Go Maps (formerly WP Google Maps) WP Google Maps allows Reflected XSS.This issue affects WP Google Maps: from n/a through 9.0.29.
CVE-2024-29933 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10.
CVE-2024-29934 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.25.
CVE-2024-29935 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.0.
CVE-2024-29936 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Stored XSS.This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4.
CVE-2024-2994 -- A vulnerability was found in Tenda FH1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based bu
CVE-2024-29945 -- In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component h
CVE-2024-29946 -- In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub in the Splunk Dashboard Studio app lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerab
CVE-2024-2995 -- A vulnerability was found in NUUO Camera up to 20240319 and classified as problematic. This issue affects some unknown processing of the file /deletefile.php. The manipulation of the argument filename leads to denial of service. The attack may be initiate
CVE-2024-2996 -- A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is p
CVE-2024-2997 -- A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Na
CVE-2024-2998 -- A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument Store N
CVE-2024-2999 -- A vulnerability classified as critical has been found in Campcodes Online Art Gallery Management System 1.0. This affects an unknown part of the file /admin/adminHome.php. The manipulation of the argument uname leads to sql injection. It is possible to in
CVE-2024-3000 -- A vulnerability classified as critical was found in code-projects Online Book System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument username/password/login_username/login_password leads to sql injecti
CVE-2024-3001 -- A vulnerability, which was classified as critical, has been found in code-projects Online Book System 1.0. This issue affects some unknown processing of the file /Product.php. The manipulation of the argument value leads to sql injection. The attack may b
CVE-2024-3002 -- A vulnerability, which was classified as critical, was found in code-projects Online Book System 1.0. Affected is an unknown function of the file /description.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the at
CVE-2024-3003 -- A vulnerability has been found in code-projects Online Book System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cart.php. The manipulation of the argument quantity/remove leads to sql injection. T
CVE-2024-3004 -- A vulnerability was found in code-projects Online Book System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Product.php. The manipulation of the argument value leads to cross site scripting. The attac
CVE-2024-3006 -- A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7(775). This vulnerability affects the function fromSetRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument entrys leads to stack-based buffer overflow. Th
CVE-2024-3007 -- A vulnerability, which was classified as critical, has been found in Tenda FH1205 2.0.0.7(775). This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer ov
CVE-2024-3008 -- A vulnerability, which was classified as critical, was found in Tenda FH1205 2.0.0.7(775). Affected is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possi
CVE-2024-30177 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.8.
CVE-2024-30178 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Patrick Posner Simply Static allows Stored XSS.This issue affects Simply Static: from n/a through 3.1.3.
CVE-2024-30179 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.7.6.
CVE-2024-30180 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Social Feed allows Stored XSS.This issue affects Easy Social Feed: from n/a through 6.5.3.
CVE-2024-30181 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.30.
CVE-2024-30182 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega allows Stored XSS.This issue affects HT Mega: from n/a through 2.4.3.
CVE-2024-30183 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.7.
CVE-2024-30184 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Looking Forward Software Incorporated. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 4.2.6.
CVE-2024-30185 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3.
CVE-2024-30186 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Prime Slider – Addons For Elementor allows Stored XSS.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.1.
CVE-2024-30192 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from n/a through 1.8.2.
CVE-2024-30193 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17.
CVE-2024-30194 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.1.1.
CVE-2024-30195 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Semenov New RoyalSlider allows Reflected XSS.This issue affects New RoyalSlider: from n/a through 3.4.2.
CVE-2024-30196 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Appscreo Easy Social Share Buttons allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through 9.4.
CVE-2024-30197 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26.
CVE-2024-30198 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through 2.8.5.
CVE-2024-30199 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon allows Reflected XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.8.
CVE-2024-30201 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4.
CVE-2024-30238 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.2.
CVE-2021-36759 -- Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-35342. Reason: This candidate is a reservation duplicate of CVE-2021-35342. Notes: All CVE users should reference CVE-2021-35342 instead of this candidate. All references and descript
CVE-2023-23656 -- Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1.
CVE-2023-23991 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3.
CVE-2023-25965 -- Exposure of Sensitive Information to an Unauthorized Actor vulnerability in mbbhatti Upload Resume.This issue affects Upload Resume: from n/a through 1.2.0.
CVE-2023-27440 -- Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17.
CVE-2023-27459 -- Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1.
CVE-2023-27630 -- Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.0.9.0.
CVE-2023-28687 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog L
CVE-2023-28787 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.
CVE-2023-29386 -- Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0.
CVE-2023-32237 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery) allows Stored XSS.This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (W
CVE-2023-33322 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25.
CVE-2023-33855 -- Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack.
CVE-2023-38388 -- Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5.
CVE-2023-39307 -- Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
CVE-2023-41972 -- In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later.
CVE-2023-41973 -- ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later.
CVE-2023-44989 -- Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5.
CVE-2023-45771 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from n/a through 1.6.8.
CVE-2023-47150 -- IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.
CVE-2023-47842 -- Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.
CVE-2023-47846 -- Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2.
CVE-2023-47873 -- Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9.
CVE-2023-48275 -- Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2.
CVE-2023-48777 -- Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.
CVE-2023-49838 -- Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme, KlbTheme Machic theme.This issue affects Clotya theme: from n
CVE-2023-49839 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KlbTheme Cosmetsy theme (core plugin), KlbTheme Partdo theme (core plugin), KlbTheme Bacola theme (core plugin), KlbTheme Medibazar theme (core plugin),
CVE-2023-50702 -- Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%\SSCService). Consequently, low-privileged users can execute arbitrary code
CVE-2023-50894 -- In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials con
CVE-2023-50895 -- In Janitza GridVis through 9.0.66, exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality allow remote authenticated administrative users to execute arbitrary Groovy code.
CVE-2023-51146 -- Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_add_user action.
CVE-2023-51147 -- Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_mod_pwd action.
CVE-2023-51148 -- An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component.
CVE-2023-51416 -- Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple EnvíaloSimple.This issue affects EnvíaloSimple: from n/a through 2.3.
CVE-2023-52214 -- Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.3.
CVE-2023-6091 -- Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.This issue affects Theme Editor: from n/a through 2.7.1.
CVE-2023-6175 -- NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file
CVE-2023-7232 -- The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data
CVE-2023-7232 -- The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data
CVE-2023-7251 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901.
CVE-2024-0866 -- The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in Word
CVE-2024-1313 -- It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view key. This functionality is intended to only be available to
CVE-2024-1455 -- The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html
CVE-2024-1745 -- The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Au
CVE-2024-1933 -- Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink.
CVE-2024-2170 -- The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1 due to insufficient input sanitization and output escaping on user supplied a
CVE-2024-2212 -- In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet()
CVE-2024-2214 -- In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the
CVE-2024-22156 -- Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15.
CVE-2024-22356 -- IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID:
CVE-2024-22436 -- A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service.
CVE-2024-2303 -- The Easy Textillate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'textillate' shortcode in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping on user supplied attributes
CVE-2024-23482 -- The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later.
CVE-2024-23520 -- Missing Authorization vulnerability in AccessAlly PopupAlly.This issue affects PopupAlly: from n/a through 2.1.0.
CVE-2024-23722 -- In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.
CVE-2024-2452 -- In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control
CVE-2024-24711 -- Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.
CVE-2024-24718 -- Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6.
CVE-2024-24719 -- Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9.
CVE-2024-24799 -- Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2.
CVE-2024-24805 -- Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2.
CVE-2024-25420 -- An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.
CVE-2024-25421 -- An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.
CVE-2024-25956 -- Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information.
CVE-2024-25957 -- Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure tha
CVE-2024-25958 -- Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to appl
CVE-2024-26018 -- Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop usin
CVE-2024-26303 -- Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon
CVE-2024-26577 -- VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data.
CVE-2024-2732 -- The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplie
CVE-2024-27521 -- TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of th
CVE-2024-2802 -- Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1166. Reason: This candidate is a reservation duplicate of CVE-2024-1166. Notes: All CVE users should reference CVE-2024-1166 instead of this candidate. All references an
CVE-2024-28033 -- OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, u
CVE-2024-28034 -- Cross-site scripting vulnerability exists in Mini Thread Version 3.33ßi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consi
CVE-2024-28034 -- Cross-site scripting vulnerability exists in Mini Thread Version 3.33?i. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consi
CVE-2024-28048 -- OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users shou
CVE-2024-28093 -- The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account.
CVE-2024-28126 -- Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider
CVE-2024-28131 -- EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is e
CVE-2024-28442 -- Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component.
CVE-2024-28545 -- Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function.
CVE-2024-28551 -- Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function.
CVE-2024-2883 -- Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2024-2885 -- Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-2886 -- Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2024-2887 -- Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2024-2888 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual
CVE-2024-2889 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon allows Stored XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.11.
CVE-2024-2891 -- A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possi
CVE-2024-2892 -- A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The
CVE-2024-2893 -- A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. Th
CVE-2024-2894 -- A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. This affects the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possi
CVE-2024-2895 -- A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. This vulnerability affects the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The a
CVE-2024-2896 -- A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. This issue affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack m
CVE-2024-2897 -- A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to launch the atta
CVE-2024-2898 -- A vulnerability classified as critical was found in Tenda AC7 15.03.06.44. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow.
CVE-2024-2899 -- A vulnerability, which was classified as critical, has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based
CVE-2024-2900 -- A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buff
CVE-2024-2901 -- A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow.
CVE-2024-2902 -- A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to stack-based buffer overflow. The at
CVE-2024-2903 -- A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It i
CVE-2024-2904 -- Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33.
CVE-2024-2906 -- Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.
CVE-2024-2909 -- A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itbox_pi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the ar
CVE-2024-2910 -- A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itbox_pi/vpn_quickset_service.php?a=set_vpn of the component HTTP POST Request Handler. The
CVE-2024-2911 -- A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disc
CVE-2024-2915 -- Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request.
CVE-2024-2916 -- A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file ajax.php. The manipulation of the argument username leads to sql injection. It is possible to launch
CVE-2024-2917 -- A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. T
CVE-2024-29189 -- PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to per
CVE-2024-29195 -- The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allo
CVE-2024-29196 -- phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web r
CVE-2024-29197 -- Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged
CVE-2024-29199 -- Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticate
CVE-2024-29203 -- TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe`
CVE-2024-2921 -- Improper access control in PAM vault permissions in Devolutions Server 2024.1.6 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions.
CVE-2024-2927 -- A vulnerability was found in code-projects Mobile Shop 1.0. It has been classified as critical. Affected is an unknown function of the file Details.php of the component Login Page. The manipulation of the argument id leads to sql injection. It is possible
CVE-2024-29301 -- SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id=
CVE-2024-29302 -- SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-employee.php.
CVE-2024-29303 -- The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection
CVE-2024-29401 -- xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything.
CVE-2024-2951 -- Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.3.0.0.
CVE-2024-2955 -- T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file
CVE-2024-29644 -- Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.
CVE-2024-29684 -- DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code.
CVE-2024-2971 -- Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.
CVE-2024-29735 -- Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3.
CVE-2024-29808 -- The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary Jav
CVE-2024-29809 -- The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitrary J
CVE-2024-29810 -- The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary J
CVE-2024-29832 -- The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary
CVE-2024-29833 -- The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace withi
CVE-2024-29881 -- TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentia
CVE-2024-29883 -- CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a give
CVE-2024-30231 -- Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1.
CVE-2024-30232 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.
CVE-2024-30233 -- Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.
CVE-2024-30234 -- Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.
CVE-2024-30235 -- Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0.
The countdown is on! Our next webinar featuring @_wald0, @Jonas_B_K & @Thomas_Live kicks off in just a couple hours. You can still register to join: ghst.ly/3uMwTso -- specterops
Identify your customers' attack paths before attackers do. Through our partner program, security products and services — including BloodHound Enterprise — are available to our channel partners. Learn more: ghst.ly/3wHAnNC -- specterops
Check out the new and improved features in #BloodHound v5.8.0! ⬇️ -- specterops
DarkGate loader has the most sophisticated loader we've ever seen. It's over for the anti-virus industry. How would anyone defeat or detect this?! -- vxunderground
We would like to issue a special thanks to our wonderful friends @TorGuard, @_JohnHammond, and @GuidedHacking for being real ones and coming in clutch to help us out.It means the world. Love all of you. -- vxunderground
It should be noted that some of these accounts are also not cheaters. Some users impacted utilized gaming software for latency improvement (?), VPNs, and Controller Boosting software(we don't know what this means) -- vxunderground
Over the past couple of days we have become aware of malware targeting gamers! More specifically, a currently unidentified Threat Actor is utilizing an infostealer to target individuals who cheat (Pay-to-Cheat) in video games.A Call of Duty cheat provider -- vxunderground
pr department hahahahaha -- vxunderground
😂😂😂 -- vxunderground
Group: incransomApprox. Time: 22:41 27/03/24Title: Otolaryngology Associates -- RansomwareNews
Group: lockbit3Approx. Time: 22:41 27/03/24Title: anovahealth.com -- RansomwareNews
The project's origins, 100% coverage(???!), deception, a bit of advice on using ATT&CK, and more!ATT&CK's Lead @_whatshisface joined @audrastreetman and Madeleine Tauber for an episode of The Security Detail podcast out today.Check it out at thesecurityde -- MITREattack
Have you analysed a new malware campaign? Tracked an APT actor? Discovered a new vulnerability? Developed a new tool? The VB Conference is a great place to share your research with the security community - the #VB2024 call for papers is open until 5 April -- virusbtn
(h/t @cnoanalysis ) -- DrunkBinary
Group: playApprox. Time: 18:45 27/03/24Title: Pavilion Construction -- RansomwareNews
Group: blackbastaApprox. Time: 17:46 27/03/24Title: Bulwark Exterminating -- RansomwareNews
Group: qilinApprox. Time: 18:45 27/03/24Title: Summer Fresh -- RansomwareNews
Group: blackbastaApprox. Time: 17:46 27/03/24Title: Lagunitas Brewing Company -- RansomwareNews
Group: blackbastaApprox. Time: 18:45 27/03/24Title: CAROLINA FOODS INC. -- RansomwareNews
Group: akiraApprox. Time: 16:46 27/03/24Title: Mermet -- RansomwareNews
Group: blackbastaApprox. Time: 18:45 27/03/24Title: Amerlux -- RansomwareNews
Group: blackbastaApprox. Time: 18:45 27/03/24Title: Organized Living -- RansomwareNews
Group: blackbastaApprox. Time: 18:45 27/03/24Title: MJ Celco -- RansomwareNews
Group: blackbastaApprox. Time: 18:45 27/03/24Title: KMB -- RansomwareNews
Group: blackbastaApprox. Time: 18:45 27/03/24Title: PCT International Inc. -- RansomwareNews
Group: blackbastaApprox. Time: 18:45 27/03/24Title: Sports South -- RansomwareNews
Group: blackbastaApprox. Time: 17:46 27/03/24Title: Vili’s -- RansomwareNews
Group: blackbastaApprox. Time: 17:46 27/03/24Title: P&amp;S Transportation -- RansomwareNews
Group: blackbastaApprox. Time: 17:46 27/03/24Title: FPD Company -- RansomwareNews
Group: blackbastaApprox. Time: 17:46 27/03/24Title: North American Signs -- RansomwareNews
Group: blackbastaApprox. Time: 17:46 27/03/24Title: OTR’s -- RansomwareNews
Group: blackbastaApprox. Time: 17:46 27/03/24Title: Prodrive -- RansomwareNews
Group: blackbastaApprox. Time: 17:46 27/03/24Title: Dallas Gold &amp; Silver Exchange (DGSE) -- RansomwareNews
It's all about being creative, right? -- anyrun_app
Patching an exposed system isn't a cure-all. Once a vulnerability is public, with PoC code or reports of active exploitation, the risk skyrockets. If your system was vulnerable online, patching might be locking the door after the burglars are already insi -- cyb3rops
I smell AI when I read "in an ever evolving threat landscape" -- cyb3rops
Group: playApprox. Time: 13:49 27/03/24Title: Hartz -- RansomwareNews
Group: playApprox. Time: 13:49 27/03/24Title: Frawner -- RansomwareNews
Group: playApprox. Time: 13:49 27/03/24Title: Festspielhaus Baden-Baden -- RansomwareNews
Group: playApprox. Time: 13:49 27/03/24Title: Alber Law Group -- RansomwareNews
Group: cactusApprox. Time: 12:45 27/03/24Title: grupatopex.com\$66.5M\Poland\638GB\100%DISCLOSED\ -- RansomwareNews
Group: cactusApprox. Time: 12:45 27/03/24Title: qosina.com\$37.9M\USA\375GB\100%DISCLOSED\ -- RansomwareNews
Group: playApprox. Time: 12:45 27/03/24Title: Lambda Energy Resources -- RansomwareNews
Group: lockbit3Approx. Time: 10:45 27/03/24Title: lifelinedatacenters.com -- RansomwareNews
Group: lockbit3Approx. Time: 10:45 27/03/24Title: dkpvlaw.com -- RansomwareNews
Group: lockbit3Approx. Time: 10:45 27/03/24Title: countryvillahealthservices.c… -- RansomwareNews
The BunnyLoader execution chain is typically as follows: It's often delivered as a malicious attachment or link in a #phishing email. Upon execution, #BunnyLoader decompresses and decrypts itself in memory. Follow the link above for more information. -- anyrun_app
Take a look at this sample with the LNK file 🧐What other downloaders cases have you come across recently? -- anyrun_app
Group: playApprox. Time: 13:49 27/03/24Title: Tbr Kowalczyk -- RansomwareNews
Group: playApprox. Time: 13:49 27/03/24Title: Quality Enclosures -- RansomwareNews
Group: playApprox. Time: 13:49 27/03/24Title: Lawrence Semiconductor Research Laboratory -- RansomwareNews
Group: playApprox. Time: 13:49 27/03/24Title: JM Thompson -- RansomwareNews
Group: playApprox. Time: 13:50 27/03/24Title: West Monroe -- RansomwareNews
Group: playApprox. Time: 13:49 27/03/24Title: Weld Plus -- RansomwareNews
Congrats to @rayanlecat from @ecole2600 who won 1st place in our Glass Turnip CTF challenge at #SOCON2024! We hope you enjoy your prize. 🏆 -- specterops
Hear how BHE can be used to find and fix Active Directory misconfigurations that could allow attackers to easily own your entire enterprise. @JustinKohler10 recently joined @riskybusiness to share a demo of the platform: ghst.ly/3HQc3eB -- specterops
There's still time to register for our next webinar happening TOMORROW! Hear from @_wald0, @Jonas_B_K & @Thomas_Live as they explore EntraID's privileges and discuss what #TierZero and Privileged Access really mean.Register now ➡️ ghst.ly/3uMwTso -- specterops
K7's Vigneshwaran P. looks into a Remcos RAT case from a VHD (Virtual Hard Disk) file. labs.k7computing.com/index.p… -- virusbtn
Morphisec's Arnold Osipov analyses the Mispadu banking trojan (also known as URSA), now targeting diverse regions, including European countries, that were not previously targeted. blog.morphisec.com/mispadu-i… -- virusbtn
Trend Micro researchers show how the Agenda ransomware group (also known as Qilin) uses its latest Rust variant to propagate to VMWare vCenter and ESXi servers. trendmicro.com/en_us/researc… -- virusbtn
The #BunnyLoader malware advances with version 3.0, introducing new modular capabilities. The latest version separates data theft, keylogging, and #DoS modules into different binaries, decreasing payload size. Learn more 👇any.run/cybersecurity-blog/n… -- anyrun_app
By leveraging threat intelligence feeds, organizations can proactively detect and mitigate threats, strengthen #incidentresponse capabilities, and increase overall security awareness to optimize the allocation of cybersecurity resources. Dive in to learn -- anyrun_app
⏰ Just a few hours left until our webinar kicks off! Join us today at 02:00 PM GMT to explore cutting-edge malware analysis techniques with #ANYRUN. Don't miss this opportunity to get expert insights and strategies first-hand. Register now!event.webinarja -- anyrun_app
Ever wondered how #threatintelligence feeds keep our digital world safer? This article breaks it down, from its role in detecting #cyberthreats to strategies for effective implementation. Don't miss out! ↘️any.run/cybersecurity-blog/w… -- anyrun_app
Missed our recent YouTube video on #ANYRUN's top five S-tier features? No problem! 🎬 Catch up now and stay ahead in the world of malware analysis! Click the link below to watch and enhance your cybersecurity skills!invidious.no-logs.com/6C7-BVle-UM?si=Ytm -- anyrun_app
📌 A #phishing campaign involving Google AMP, TikTok, Shorteners, and IPFS🗨️ It seems there’s no limit to how many legitimate services can be abused to trick users into a single phishing page.Techniques used in this campaign:🔷 Multiple redirects through le -- anyrun_app
Group: abyssApprox. Time: 09:45 27/03/24Title: lindquistinsurance.com -- RansomwareNews
Group: lockbit3Approx. Time: 08:45 27/03/24Title: pcscivilinc.com -- RansomwareNews
Group: lockbit3Approx. Time: 08:45 27/03/24Title: krueth.de -- RansomwareNews
根拠が若干曖昧だけれど現場的には負荷的にこちらにしたい、みたいな相談の時に、こちらにしたいの思いだけが強くて説明が無理筋で論理矛盾があると立場上首肯できないそちらにしたいのは理解しているから論理だけは通してくれればうまく騙されたふりをするのに。。。(先人の判断の遺産) -- 58_158_177_102
0ee76a97449a20eed335b4db7327cb44fe5520783f715549cc3c4df9deaf89bfw.sarah0808@gmail.comsoftpower21cs@gmail.comsandozmessi@gmail.com -- cyberwar_15
#북한 #NorthKorea #APT37 #RoKRATgenians.co.kr/blog/threat_in…7bce02dc0026e271615d4d0e441ca397ad2761910997c801b3347bd3745dd2b9bdf18a2d9a94c348cac9efc51d59a75a81a7d6f88c0fb1705a16fc59ad261f35aff44804011d77e1050b912b6e6a62c5491947a5c5b97355989f674114e59a31 -- cyberwar_15
TDY Soldiers and Marines in an Air Force dining facility -- DrunkBinary
Dying at this part hahaha -- DrunkBinary
Group: qilinApprox. Time: 23:44 26/03/24Title: SummerFresh -- RansomwareNews
Group: lockbit3Approx. Time: 20:44 26/03/24Title: polycab.com -- RansomwareNews
Group: incransomApprox. Time: 19:44 26/03/24Title: Barrie and Community Family Health Team -- RansomwareNews
Group: bianlianApprox. Time: 17:41 26/03/24Title: Lieberman LLP -- RansomwareNews
Group: akiraApprox. Time: 15:48 26/03/24Title: Tanis Brush -- RansomwareNews
Group: akiraApprox. Time: 14:41 26/03/24Title: Koi Design -- RansomwareNews
Group: everestApprox. Time: 11:46 26/03/24Title: Crimsgroup -- RansomwareNews
and 😎 -- JAMESWT_MHT
Group: rhysidaApprox. Time: 23:44 26/03/24Title: El Debate -- RansomwareNews
Group: cactusApprox. Time: 07:43 27/03/24Title: contenderboats.com\$51.8M\USA\65GB\&lt;1% -- RansomwareNews
Group: lockbit3Approx. Time: 07:43 27/03/24Title: tmt-mc.jp -- RansomwareNews
Group: 8baseApprox. Time: 06:48 27/03/24Title: isophon glas GmbH -- RansomwareNews
Group: 8baseApprox. Time: 06:48 27/03/24Title: UNDP -- RansomwareNews
Group: 8baseApprox. Time: 06:48 27/03/24Title: Lindos Group Of Companies -- RansomwareNews
Group: 8baseApprox. Time: 06:48 27/03/24Title: HC Querétaro -- RansomwareNews
Group: lockbit3Approx. Time: 01:00 27/03/24Title: nampak.com -- RansomwareNews
Group: incransomApprox. Time: 23:44 26/03/24Title: NHS Scotland -- RansomwareNews
#APT37 LNK -> Pcloud -> Gmail -> APK--wwjaughalvncjwiajs--genians.co.kr/blog/threat_in… -- blackorbird
Nice introduction to Position Independent shellcodes (MinGW, GetProcAddress, GetModuleHandle) by @0xTribouletsteve-s.gitbook.io/0xtriboul…#shellcode #infosec -- 0xor0ne
Short interesting reading on learning the basics of FPGA programmingzeromips.org/posts/2024-01-0…#fpga #infosec -- 0xor0ne
"CVE North Stars" methodology: kickstart vulnerability research using CVEs informationCredits @clearbluejarcve-north-stars.github.io#cve #cybersecurity -- 0xor0ne
Suspicious domain msdn-live[.]com was registered through Njalla on 3/25 and resolves to 89.147.109[.]166. Domain is hosting a remote support portal. -- kyleehmke
Exploiting CVE-2023-3390 in Linux kernelNice presentation by Dongok Kim (@c0m0r1) & SeungHyun Lee (@0x10n) & Insu Yun (@insu_yun)"One shot, Triple kill"kaist-hacking.github.io/pubs…#Linux #cybersecurity -- 0xor0ne
Excellent writeup showing how to track down vulnerabilities in firmwares starting from CVEs through patch diffingCredits @suidpit and @Th3Zer0shielder.com/blog/2024/01/hu…#embedded #infosec #asus -- 0xor0ne
This is a few years old research by Gal Beniamini but still a very interesting series showing how to exploit Broadcom Wi-Fi stack.Part 1: googleprojectzero.blogspot.c…Part 2: googleprojectzero.blogspot.c…Part 3: googleprojectzero.blogspot.c…#80211 #cybers -- 0xor0ne
Interested in thoroughly investigating a website?FinalRecon, a #cli #python #tool, provides helpful information such as whois, DNS, HTTP headers, subdomains, etc.github.com/thewhiteh4t/Final…@thewhiteh4t#OSINT #Threatintel #investigation #infosec #intelli -- DailyOsint
日本語マルウェアメールの接到を確認しています。#malspam in Japanese #guloader件名 : 見積依頼先:(OU)OSAKA//2024100044-05JPMD5 : 294f6ab446b282176aa35550e0ff0819Payload(.asd) from : hxxps://drive.google[.]com/uc?export=download&id=1tnXrXchvMoxFTeW7Sl3FR0m9yw4O3x2XPayload(.bin) from hxxps -- 58_158_177_102