Aggregator

A vulnerability classified as critical has been found in CodeAvalanche Directory. This affects an unknown part. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2008-5898. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Илон Маск меняет курс в конфликте с бразильским правосудием.

Google 向 Android Open Source Project(AOSP)释出了 Android 15 源代码。Android 15 将在未来几周内推送给 Pixel 手机，未来几个月推送给三星、摩托罗拉、一加和小米等厂商的兼容手机。Android 15 的新特性包括：简化 passkey 的登陆，防盗检测，改进大屏幕设备的多任务处理，应用访问限制，增强了屏幕阅读器 TalkBack，集成 Gemini AI 用于图像的音频描述，Circle to Search 支持歌曲识别，使用 Android 设备加速度计探测地震活动，等等。

A group of hacktivist known as Head Mare took advantage of the recent CVE-2023-38831 WinRAR flaw in attacks against organizations in Russia and Belarus. Kaspersky researchers reported that a hacktivist group known as Head Mare exploited recently disclosed WinRAR flaw CVE-2023-38831 in attacks against organizations in Russia and Belarus. Head Mare has been active since at least 2023 exclusively targeting companies in Russia […]

A vulnerability was found in NetBSD. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument pseudocode leads to improper access controls. This vulnerability is handled as CVE-2009-2793. The attack needs to be approached locally. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in InoutMailingListManager 3.1. Affected is an unknown function. The manipulation leads to Remote Code Execution. This vulnerability is traded as CVE-2007-2002. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Aardvark-dns 1.12.0/1.12.1 and classified as problematic. This issue affects some unknown processing of the component TCP Query Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-8418. The attack needs to be done within the local network. There is no exploit available.

Прокитайская манипулятивная кампания резко набрала обороты в преддверии выборов.

A vulnerability has been found in D-Link DI-8400 16.07.26A1 and classified as critical. This vulnerability affects the function upgrade_filter_asp. The manipulation leads to command injection. This vulnerability was named CVE-2024-44400. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in WAYOS FBM-291W 19.09.11. This affects the function msp_info_htm. The manipulation leads to Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-44383. The attack can only be done within the local network. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in OneWorldStore. Affected is an unknown function of the file owProductDetail.asp. The manipulation leads to basic cross site scripting. This vulnerability is traded as CVE-2005-1162. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Serilog up to 2.0.x. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper authorization. This vulnerability is known as CVE-2024-44930. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Propovoice Pro Plugin up to 1.7.0.3 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2024-43941. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Symphony Fintech XTS Web Trader 2.0.0.1_P160. It has been classified as very critical. Affected is an unknown function of the component Preference Module. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2024-45588. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Symphony Fintech XTS Web Trader and XTS Mobile Trader 2.0.0.1_P160. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Authentication Module. The manipulation leads to incorrect authorization. This vulnerability is known as CVE-2024-45586. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Symphony Fintech XTS Web Trader 2.0.0.1_P160. It has been rated as critical. Affected by this issue is some unknown functionality of the component Transaction Module. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2024-45587. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Vivavis High-Leit up to 4.25.01.01/5.08.01.03. It has been classified as critical. Affected is an unknown function of the component HL-InstallService-hlxw/HL-InstallService-hlnt. The manipulation leads to incorrect permission assignment. This vulnerability is traded as CVE-2024-38456. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.