Aggregator

CVE-2023-32990 | Azure VM Agents Plugin up to 852.v8d35f0960a_43 on Jenkins permission

10 months 3 weeks ago

A vulnerability was found in Azure VM Agents Plugin up to 852.v8d35f0960a_43 on Jenkins and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to permission issues. This vulnerability is handled as CVE-2023-32990. The attack needs to be approached within the local network. There is no exploit available.

vuldb.com

CVE-2023-32992 | SAML Single Sign On Plugin up to 2.0.2 on Jenkins HTTP Request permission

Vuldb Updates

10 months 3 weeks ago

A vulnerability has been found in SAML Single Sign On Plugin up to 2.0.2 on Jenkins and classified as critical. This vulnerability affects unknown code of the component HTTP Request Handler. The manipulation leads to permission issues. This vulnerability was named CVE-2023-32992. An attack has to be approached locally. There is no exploit available.

vuldb.com

科技爱好者周刊（第 335 期）：年底的未来已来

不安全

10 months 3 weeks ago

这里记录每周值得分享的科技内容，周五发布。

Kaiji恶意样本分析_v2

ChaMd5安全团队

10 months 3 weeks ago

Kaiji恶意样本分析_v2

ChaMd5安全团队

10 months 3 weeks ago

Kaiji恶意样本分析_v2

不安全

10 months 3 weeks ago

招新小广告CTF组诚招re、crypto、pwn、misc、合约方向的师傅,长期招新IOT+Car+工控+样本分析多个组招人有意向的师傅请联系邮箱[email protected](带上简历和想加入的

CVE-2024-26230: Windows Telephony Service - It's Got Some Call-ing Issues (Elevation of Privilege)

不安全

10 months 3 weeks ago

Executive SummaryCVE-2024-26230 is a critical vulnerability found in the Windows Telephony Service

Build It Yourself

不安全

10 months 3 weeks ago

written on Friday, January 24, 2025 Another day, another rantabout depende

从技术突破到行业标杆：威努特工业防火墙的卓越发展

威努特工控安全

10 months 3 weeks ago

全面覆盖OT到IT所有应用场景，朝智能化、场景化和可视化方向发展。

8 - CVE-2024-54887

CVE Trends

10 months 3 weeks ago

Currently trending CVE - hypeScore: 1 - TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the conte

Daily Dose of Dark Web Informer - January 23rd, 2025

Dark Web Informer - Cyber Threat Intelligence

10 months 3 weeks ago

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Dark Web Informer - Cyber Threat Intelligence

U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

10 months 3 weeks ago

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds JQuery vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a JQuery persistent cross-site scripting (XSS) vulnerability, tracked as CVE-2020-11023 (CVSS score: 6.9) to its Known Exploited Vulnerabilities (KEV) catalog. In jQuery 1.0.3 to 3.4.1, using DOM methods with untrusted HTML containing […]

Pierluigi Paganini