Backdoor in XZ Utils That Almost Happened
Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it...
Threat Actors Game GitHub Search to Spread Malware
Checkmarx warns of GitHub search result manipulation designed to promote malicious repositories Read More
US Data Breach Reports Surge 90% Annually in Q1
The number of publicly reported data breaches and leaks grew 90% in the first three months of the year Read More
[KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability
Posted by Egidio Romano on Apr 10 ------------------------------------------------------------------------------ Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability ------------------------------------------------------------------------------ [-] Software Link: https://invisioncommunity.com [-] Affected Versions:...
[KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability
Posted by Egidio Romano on Apr 10 -------------------------------------------------------------------- Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability -------------------------------------------------------------------- [-] Software Link: https://invisioncommunity.com [-] Affected Versions: All...
Multiple Issues in concretecmsv9.2.7
Posted by Andrey Stoykov on Apr 10 # Exploit Title: Multiple Web Flaws in concretecmsv9.2.7 # Date: 4/2024 # Exploit Author: Andrey Stoykov # Version:...
OXAS-ADV-2024-0001: OX App Suite Security Advisory
Posted by Martin Heiland via Fulldisclosure on Apr 10 Dear subscribers, We're sharing our latest advisory with you and like to thank everyone who contributed...
Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC)
Posted by malvuln on Apr 10 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/0eb4a9089d3f7cf431d6547db3b9484d.txt Contact: malvuln13 () gmail com Media:...
CVE-2023-27195: Broken Access Control – Registration Code in TM4Web v22.2.0
Posted by Clément Cruchet on Apr 10 CVE ID: CVE-2023-27195 Description: An access control issue in Trimble TM4Web v22.2.0 allows unauthenticated attackers to access a...
python-django3-3.2.25-1.el9
FEDORA-EPEL-2024-76d6941f10 Packages in this update: python-django3-3.2.25-1.el9 Update description: Security fixes for CVE-2024-27351 Potential regular expression DOS in django.utils.text.Truncator.words() CVE-2023-41164 Potential DOS vulnerability in django.utils.encoding.uri_to_iri() Read...