Aggregator

A vulnerability, which was classified as problematic, was found in bunkerity bunkerweb up to 1.5.10. Affected is an unknown function of the component URL Handler. The manipulation of the argument next leads to open redirect. This vulnerability is traded as CVE-2024-53264. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Google Android 7/7.1.1/7.1.2/8/8.1. This issue affects the function impeg2d_bit_stream_flush of the component libmpeg2dec. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2017-13320. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

anonmoose Has Allegedly Leaked the Data of BigSMM

​Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months. [...]

ESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit specifically designed for Linux systems, named Bootkitty. Cybersecurity researchers from ESET discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty. The bootkit allows attackers to disable the kernel’s signature verification feature and to preload two as yet unknown ELF […]

Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. [...]

CornDB is Allegedly Selling Credit Card Data of Hyp Payment Solutions

A vulnerability was found in ARM Trusted Firmware-M 1.4.0/1.4.1 and classified as critical. Affected by this issue is some unknown functionality of the component Firmware Update Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2021-43619. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic was found in Trusted Firmware-A up to 2.8. Affected by this vulnerability is an unknown functionality of the component X.509 Parser. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2022-47630. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability classified as critical has been found in Trusted Firmware-M up to 1.8.0. This affects an unknown part of the component CryptoCell PSA Driver software Interface. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2023-40271. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Roundcube Webmail up to 1.5.6/1.6.6. It has been classified as problematic. Affected is an unknown function of the component SVG Handler. The manipulation of the argument animate leads to cross site scripting. This vulnerability is traded as CVE-2024-37383. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. This vulnerability is traded as CVE-2023-4115. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A Threat Actor Claims to be Selling Data of Madame GS