Aggregator

Submit #524734 / VDB-304579

Submit #521814 / VDB-304578

清明时节雨纷纷，路上行人欲断魂。我们在4月为大家准备了如下一些礼物，欢迎大家积极投稿哦~

本文转载自“华东师范大学密码学院”公众号，欢迎关注想象一下，你在家中安装了世界上最先进的安全系统——钛合金大

清明时节雨纷纷，路上行人欲断魂。我们在4月为大家准备了如下一些礼物，欢迎大家积极投稿哦~

本文转载自“华东师范大学密码学院”公众号，欢迎关注想象一下，你在家中安装了世界上最先进的安全系统——钛合金大

A vulnerability was found in Kadence Gutenberg Blocks Plugin up to 3.2.25 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Testimonial Widget. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-1999. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument ID leads to cross-site request forgery. This vulnerability is handled as CVE-2024-2821. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/vote_edit.php. The manipulation of the argument aid leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-2822. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. This vulnerability is known as CVE-2024-2820. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/mda_main.php. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-2823. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2024-2824. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Dassault Systèmes SOLIDWORKS Desktop 2024/2024 SP1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component File Handler. The manipulation leads to use after free. This vulnerability is known as CVE-2024-1848. It is possible to launch the attack on the local host. There is no exploit available.

Пока вы читаете этот заголовок, они шарятся в ваших файлах через символические ссылки.

A vulnerability, which was classified as problematic, was found in Netwin Surgemail up to 2.0a2. Affected is an unknown function of the component Error Message Handler. The manipulation leads to basic cross site scripting. This vulnerability is traded as CVE-2004-2548. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Mozilla Firefox up to 124.0.0. Affected is an unknown function of the component Javascript Object Handler. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2024-29943. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Ciges CIGESv2. This affects an unknown part of the component Confirmation Message Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-2727. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Ciges CIGESv2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-2726. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Progress LoadMaster up to 7.1.35.10/7.2.48.10/7.2.54.8/7.2.59.2. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-2449. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by China’s APT15 Used to Target Tibetans and Uyghurs   GOFFEE continues to attack organizations in Russia Atomic […]