Aggregator

Комиксы помогли создать важнейший телескоп в истории.

doZKey is Allegedly Selling RDWeb Access to Eight Unidentified Companies

特斯拉的光环正在逐渐褪去。

LottieFiles confirmed a supply chain attack on Lottie-Player, and threat actors targeted cryptocurrency wallets to steal funds. LottieFiles confirmed that threat actors have hacked the Lottie-Player software in a supply chain attack. Lottie-Player is a web component from LottieFiles designed to render Lottie animations, which are lightweight, vector-based animations in JSON format. These animations are […]

A Threat Actor Has Allegedly Leaked Data of President of the Republic of Indonesia and Candidate Data

Apache Solr官方发布了一个安全漏洞公告（CVE-2024-45216），使用PKIAuthenticationPlugin的Solr服务会受到身份验证绕过的影响。该漏洞的利用已被公开到互联网。

谁说这代码审计老啊？这代码审计新界面可太棒了！

Factory automation software from Mitsubishi Electric and Rockwell Automation could be subject to remote code execution (RCE), denial-of-service (DoS), and more.

A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. This vulnerability is traded as CVE-2024-10702. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Car Rental Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /search.php. The manipulation of the argument searchdata leads to cross site scripting. The identification of this vulnerability is CVE-2024-10701. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/todate/people leads to sql injection. This vulnerability was named CVE-2024-10700. The attack can be initiated remotely. Furthermore, there is an exploit available. The initial researcher advisory only mentions the parameter "name" to be affected. But it must be assumed that a variety of other parameters is affected too.

Submit #435233 / VDB-282870

A vulnerability was found in code-projects Wazifa System 1.0. It has been classified as critical. This affects an unknown part of the file /controllers/logincontrol.php. The manipulation of the argument username leads to sql injection. This vulnerability is uniquely identified as CVE-2024-10699. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #435179 / VDB-282869

A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-10698. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument The leads to command injection. This vulnerability is known as CVE-2024-10697. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #435051 / VDB-282868

已修复但无CVE编号

盯紧钱包

Submit #435048 / VDB-282867