Aggregator

A vulnerability identified as problematic has been detected in Red Hat Keycloak and Single Sign-On. Affected by this vulnerability is an unknown functionality of the component HTTP Response Handler. Performing manipulation of the argument KC_RESTART results in information disclosure. This vulnerability is reported as CVE-2024-4540. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as problematic was found in Red Hat Keycloak, JBoss Enterprise Application Platform and Single Sign-On. Affected is an unknown function of the component Bruteforce protection. Executing manipulation can lead to improper enforcement of a single, unique action. This vulnerability appears as CVE-2024-4629. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as critical was found in Red Hat Keycloak and Single Sign-On 7. Impacted is an unknown function of the component Connection URL Handler. The manipulation results in incorrect default permissions. This vulnerability was named CVE-2024-5967. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in itsourcecode POS Point of Sale System 1.0 and classified as problematic. Impacted is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dom_data_th.php. This manipulation of the argument scripts causes cross site scripting. This vulnerability is tracked as CVE-2025-10065. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in itsourcecode POS Point of Sale System 1.0 and classified as problematic. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php. Such manipulation of the argument scripts leads to cross site scripting. This vulnerability is listed as CVE-2025-10066. The attack may be performed from remote. In addition, an exploit is available.

Minino is an original multiprotocol, and multiband board made for sniffing, communicating, and attacking IoT (Internet of Things)

The post Minino: The “Mini Swiss Army Knife” for IoT Hacking appeared first on Penetration Testing Tools.

人工智能公司Anthropic因使用数百万本盗版书籍训练模型被起诉，并同意支付15亿美元赔偿金。高管明知违规仍允许员工下载盗版内容将被单独起诉，案件将于12月审理。

Kaspersky Lab has published its first comprehensive technical analysis of cyber groups most actively targeting Russian organizations. The

The post Kaspersky Details 14 Cyber Groups Actively Attacking Russian Organizations appeared first on Penetration Testing Tools.

Microsoft has officially released the source code of its very first version of BASIC for the MOS 6502

The post Microsoft Open-Sources Its Historic BASIC for the 6502 Processor appeared first on Penetration Testing Tools.

Google has unveiled the new stable release of Chrome 140, accompanied by the open-source Chromium, which serves as

The post Chrome 140’s New Features Are All About Privacy appeared first on Penetration Testing Tools.

The Rust Foundation has announced the launch of the Rust Innovation Lab—a new initiative designed as a neutral

The post Rust Foundation Launches a New Lab to Support Key Projects appeared first on Penetration Testing Tools.

On underground forums, cybercriminals have claimed they have begun deploying HexStrike AI—a new open-source penetration testing tool—against Citrix

The post AI Hacking Is Here: The Tool That Weaponized a Zero-Day in Hours appeared first on Penetration Testing Tools.

Android has released its most extensive patch bundle of the year, outpacing the traditional “Patch Tuesday” cycle. In

The post Android Issues Its Largest Patch of the Year, Fixing 2 Zero-Day Flaws appeared first on Penetration Testing Tools.

Most people remain unaware that their Wi-Fi and Bluetooth devices have quietly become part of a vast, global

The post Your Wi-Fi and Bluetooth Devices Are a Global Tracking Network appeared first on Penetration Testing Tools.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 141. This affects an unknown function of the component GMP. The manipulation results in memory corruption. This vulnerability was named CVE-2025-9179. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in Mozilla Thunderbird up to 141. This impacts an unknown function of the component GMP. This manipulation causes memory corruption. The identification of this vulnerability is CVE-2025-9179. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Mozilla Firefox up to 141. It has been classified as problematic. Affected by this issue is some unknown functionality of the component Canvas2D. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. This vulnerability is tracked as CVE-2025-9180. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability marked as problematic has been reported in Mozilla Focus up to 141 on iOS. This impacts an unknown function of the component Header Handler. The manipulation of the argument Content-Disposition leads to cross site scripting. This vulnerability is documented as CVE-2025-55032. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability described as problematic has been identified in Mozilla Focus up to 141 on iOS. Affected is an unknown function of the component Javascript Link Handler. The manipulation results in clickjacking. This vulnerability is reported as CVE-2025-55033. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability has been found in Mozilla Firefox up to 141 on iOS and classified as critical. This vulnerability affects unknown code of the component Popup Blocker. Executing manipulation can lead to improper access controls. This vulnerability is handled as CVE-2025-55029. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.