Aggregator
AI 的加持下,不懂代码,也能完成 POC 编写!多种语言 POC 一键转换!
5 months 1 week ago
AI 的加持下,不懂代码,也能完成 POC 编写!多种语言 POC 一键转换!
5 months 1 week ago
AI 的加持下,不懂代码,也能完成 POC 编写!多种语言 POC 一键转换!
5 months 1 week ago
CVE-2009-3195 | JCE-Tech Auction RSS Content Script 3.0 rss.php id cross site scripting (EDB-34885 / SA36490)
5 months 1 week ago
A vulnerability was found in JCE-Tech Auction RSS Content Script 3.0. It has been classified as problematic. This affects an unknown part of the file rss.php. The manipulation of the argument id leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2009-3195. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
DeepSeek引发全球关注,恶意软件鱼目混珠趁机传播
5 months 1 week ago
Две 0Day позволили китайским хакерам взломать Минфин
5 months 1 week ago
Ошибка PostgreSQL открыла путь к правительственным системам при взломе BeyondTrust.
CVE-2024-55864 | gqevu6bsiz My WP Customize Admin Frontend Plugin up to 1.24.0 on WordPress cross site scripting
5 months 1 week ago
A vulnerability classified as problematic was found in gqevu6bsiz My WP Customize Admin Frontend Plugin up to 1.24.0 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2024-55864. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2020-12487 | Vivo ABE Versions earlier than 4.4.0.9 Command input validation
5 months 1 week ago
A vulnerability, which was classified as critical, was found in Vivo ABE Versions earlier than 4.4.0.9. This affects an unknown part of the component Command Handler. The manipulation leads to improper input validation.
This vulnerability is uniquely identified as CVE-2020-12487. It is possible to launch the attack on the physical device. There is no exploit available.
vuldb.com
CVE-2024-37774 | Sunbird DCIM dcTrack 9.1.2 cross-site request forgery
5 months 1 week ago
A vulnerability has been found in Sunbird DCIM dcTrack 9.1.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery.
This vulnerability was named CVE-2024-37774. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-37773 | Sunbird DCIM dcTrack 9.1.2 cross site scripting
5 months 1 week ago
A vulnerability was found in Sunbird DCIM dcTrack 9.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting.
This vulnerability is traded as CVE-2024-37773. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2021-26279 | Vivo Weather information disclosure
5 months 1 week ago
A vulnerability was found in Vivo Weather. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure.
This vulnerability is known as CVE-2021-26279. The attack can be launched remotely. There is no exploit available.
vuldb.com
Linux Kernel 6.14 rc3 Released – What’s New!
5 months 1 week ago
Linus Torvalds has released Linux Kernel 6.14-rc3, the latest release candidate for the upcoming Linux 6.14 stable version. Paolo Bonzini, the maintainer of the Kernel-based Virtual Machine (KVM), has also submitted a series of fixes for the Linux Kernel 6.14-rc3, which have now been merged by Linus Torvalds. These updates address critical issues across multiple […]
The post Linux Kernel 6.14 rc3 Released – What’s New! appeared first on Cyber Security News.
Balaji N
CVE-2021-26281 | Vivo Alarm Clock information disclosure
5 months 1 week ago
A vulnerability was found in Vivo Alarm Clock. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure.
This vulnerability is handled as CVE-2021-26281. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2021-26278 | Vivo Wifi Interface missing authentication
5 months 1 week ago
A vulnerability classified as critical has been found in Vivo Wifi. This affects an unknown part of the component Interface. The manipulation leads to missing authentication.
This vulnerability is uniquely identified as CVE-2021-26278. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-54125 | Shueisha Shonen Jump+ App up to 3.x on Android Custom URL Scheme improper authorization in handler for custom url scheme
5 months 1 week ago
A vulnerability, which was classified as problematic, was found in Shueisha Shonen Jump+ App up to 3.x on Android. Affected is an unknown function of the component Custom URL Scheme Handler. The manipulation leads to improper authorization in handler for custom url scheme.
This vulnerability is traded as CVE-2024-54125. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-37776 | Sunbird DCIM dcTrack 9.1.2 Admin Screens cross site scripting
5 months 1 week ago
A vulnerability was found in Sunbird DCIM dcTrack 9.1.2. It has been classified as problematic. This affects an unknown part of the component Admin Screens. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2024-37776. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-56017 | Tom Royal Stop Registration Spam Plugin up to 1.23 on WordPress cross-site request forgery
5 months 1 week ago
A vulnerability was found in Tom Royal Stop Registration Spam Plugin up to 1.23 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery.
This vulnerability was named CVE-2024-56017. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-12127 | Sikshya LMS Plugin up to 0.0.21 on WordPress page cross site scripting
5 months 1 week ago
A vulnerability classified as problematic was found in Sikshya LMS Plugin up to 0.0.21 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting.
This vulnerability is known as CVE-2024-12127. The attack can be launched remotely. There is no exploit available.
vuldb.com
假冒的 Adobe Drive X 应用程序通过微软登录窃取凭证
5 months 1 week ago
HackerNews 编译,转载请注明出处: Cofense 的网络钓鱼防御中心(PDC)发现了一起网络钓鱼活动,该活动利用合法的 Microsoft 登录页面诱骗用户授予对恶意 “Adobe Drive X” 应用的访问权限。该应用随后将受害者重定向到一个伪造的 Microsoft 登录页面,旨在窃取其凭据。 攻击从一封伪装成 Office 365 密码重置请求的网络钓鱼邮件开始。邮件中包含一个链接,指向一个真正的 Microsoft 认证页面,使攻击显得更具说服力。然而,一旦用户在该合法页面输入凭据,他们就会被提示授予对一个名为 “Adobe Drive X” 的自定义 Microsoft 365 应用的权限。 攻击者的狡猾策略在此处显现。通过请求通过一个看似无害的与 Adobe 相关的应用程序访问,他们利用了用户对 Microsoft 和 Adobe 的信任。该应用请求访问用户的电子邮件地址和基本个人资料信息,进一步增加了其合法性的伪装。 如果用户接受了这些权限,他们将被重定向到一个旨在模仿 Microsoft 登录页面的凭据网络钓鱼页面。该页面并未托管在 Microsoft 域名上,但不知情的用户可能会忽略这一关键细节,尤其是在之前通过合法的 Microsoft 页面成功登录后。 “攻击者很可能将此凭据网络钓鱼尝试放在一个合法的 Microsoft 365 登录页面之后,以出其不意地攻击用户,”Cofense 在其报告中解释道。“不太警惕的用户可能不会验证第二个登录页面的 URL,并成为凭据网络钓鱼攻击的受害者。” 用户应始终仔细检查 URL,警惕授予未知应用程序的权限,并报告任何可疑活动。 消息来源:Bleeping Computer; 本文由 HackerNews.cc 翻译整理,封面来源于网络; 转载请注明“转自 HackerNews.cc”并附上原文
hackernews