Aggregator

WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page

Garage Management System 1.0 (categoriesName) - Stored XSS

Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass

FLIR AX8 1.46.16 - Remote Command Injection

Ethercreative Logs 3.0.3 - Path Traversal

Ruckus IoT Controller 1.7.1.0 - Undocumented Backdoor Account

Car Rental Project 1.0 - Remote Code Execution

ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE)

KodExplorer 4.52 - Open Redirect

Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution (RCE)

Smart Manager 8.27.0 - Post-Authenticated SQL Injection

WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection

This blog entry details research on emerging ransomware group CrazyHunter, which has launched a sophisticated campaign aimed at Taiwan's essential services.

简化登录流程，提高安全性，便于统一用户管理。

Currently trending CVE - Hype Score: 13 - CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI.

Currently trending CVE - Hype Score: 15 - Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by ...

The EMEA region is a patchwork of diverse markets, industries, and regulatory environments, and it demands a partner-centric approach. That’s why I joined Cloudflare as VP of EMEA Partnerships.

基于DruidDataSourceFactory的一些jdbcAttack。基于BeanFactory。。。。。