ZDI-22-1116: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Read Time:12 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Business Logic Flaw: Price Manipulation – AlegroCartv1.2.9

Posted by Andrey Stoykov on Apr 23 # Exploit Title: Business Logic Flaw: Price Manipulation - alegrocartv1.2.9 # Date: 04/2025...

April 24, 2025

Stored XSS in “Message” Functionality – AlegroCartv1.2.9

Posted by Andrey Stoykov on Apr 23 # Exploit Title: Stored XSS in "Message" Functionality - alegrocartv1.2.9 # Date: 04/2025...

April 24, 2025

XSS via SVG Image Upload – AlegroCartv1.2.9

Posted by Andrey Stoykov on Apr 23 # Exploit Title: XSS via SVG Image Upload - alegrocartv1.2.9 # Date: 04/2025...

April 24, 2025

BBOT 2.1.0 – Local Privilege Escalation via Malicious Module Execution

Posted by Housma mardini on Apr 23 Hi Full Disclosure, I'd like to share a local privilege escalation technique involving...

April 24, 2025

USN-7454-1: libarchive vulnerabilities

It was discovered that the libarchive bsdunzip utility incorrectly handled certain ZIP archive files. If a user or automated system...

April 23, 2025

USN-7453-1: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

April 23, 2025

Smashing Security podcast #414: Zoom.. just one click and your data goes boom!

DOGE Worker’s Code Supports NLRB Whistleblower

Regulating AI Behavior with a Hypervisor

Verizon’s DBIR Reveals 34% Jump in Vulnerability Exploitation

FBI Reveals “Staggering” $16.6bn Lost to Cybercrime in 2024

Vulnerability Exploitation and Credential Theft Now Top Initial Access Vectors

US Data Breach Victim Count Surges 26% Annually

M&S Grapples with Cyber Incident Affecting In-Store Services

Dutch Warn of “Whole of Society” Russian Cyber-Threat

ZDI-22-1116: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Business Logic Flaw: Price Manipulation – AlegroCartv1.2.9

Stored XSS in “Message” Functionality – AlegroCartv1.2.9

XSS via SVG Image Upload – AlegroCartv1.2.9

BBOT 2.1.0 – Local Privilege Escalation via Malicious Module Execution

USN-7454-1: libarchive vulnerabilities

USN-7453-1: Linux kernel (Real-time) vulnerabilities