Aggregator

What can be done

不安全
1 month 1 week ago
这是一个开放的黑客社区,旨在帮助新手成长为资深人士。提供问答、学习资源,并邀请加入Discord交流。

CVE-2025-34142 | ETQ Reliance CG prior 2025.1.2/SE.2025.1 SAML Authentication /resources/sessions/sso xml external entity reference

Vuldb Updates
1 month 1 week ago
A vulnerability was found in ETQ Reliance CG and classified as problematic. This issue affects some unknown processing of the file /resources/sessions/sso of the component SAML Authentication. The manipulation leads to xml external entity reference. The identification of this vulnerability is CVE-2025-34142. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-34141 | ETQ Reliance CG 2025.1.2/MP-4583 SQLConverterServlet cross site scripting

Vuldb Updates
1 month 1 week ago
A vulnerability was found in ETQ Reliance CG 2025.1.2/MP-4583. It has been classified as problematic. Affected is an unknown function of the component SQLConverterServlet. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-34141. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-4295 | HotelRunner B2B up to 03.06.2025 Host certificate validation

Vuldb Updates
1 month 1 week ago
A vulnerability was found in HotelRunner B2B up to 03.06.2025. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Host leads to certificate with host mismatch. This vulnerability is known as CVE-2025-4295. The attack can be launched remotely. There is no exploit available. This product is available as a managed service. Users are not able to maintain vulnerability countermeasures themselves.
vuldb.com

CVE-2025-4294 | HotelRunner B2B up to 03.06.2025 cross site scripting

Vuldb Updates
1 month 1 week ago
A vulnerability was found in HotelRunner B2B up to 03.06.2025. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-4294. The attack may be launched remotely. There is no exploit available. This product is a managed service. It is not possible for users to maintain vulnerability countermeasures themselves.
vuldb.com

Clorox Sues Cognizant for $380M, Alleges Gross Negligence Led to Devastating Cyberattack

Penetration Testing Tools - Metepreter.org
1 month 1 week ago

Clorox has filed a lawsuit against the global IT services provider Cognizant, accusing the company of gross negligence that allegedly led to a devastating cyberattack in August 2023. According to the complaint, Cognizant—tasked with...

The post Clorox Sues Cognizant for $380M, Alleges Gross Negligence Led to Devastating Cyberattack appeared first on Penetration Testing Tools.

ddos

Amazon Q Pulled After Malicious Pull Request Instructs AI to Delete User Files and AWS Resources

Penetration Testing Tools - Metepreter.org
1 month 1 week ago

Amazon was forced to urgently withdraw a compromised version of its AI-powered programming assistant, Q, after a malicious instruction was covertly embedded into the system. This rogue directive prompted the assistant to exploit command-line...

The post Amazon Q Pulled After Malicious Pull Request Instructs AI to Delete User Files and AWS Resources appeared first on Penetration Testing Tools.

ddos

Managed ad