Aggregator

A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\main\java\io\github\mariazevedo88\travelsjavaapi\filters\JwtAuthenticationTokenFilter.java of the component JWT Secret Handler. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is handled as CVE-2024-10920. The attack may be launched remotely. Furthermore, there is an exploit available.

Внутри вашего компьютера может быть скрыта полноценная ОС, которая крадет вашу личность.

ИИ-модель способна удивить и насторожить игроков.

Submit #433458 / VDB-283316

Действия города Колумбус раскрывают подводные камни этичного хакинга.

专业团队支持，网安人兼职做项目的首选，从0到1运营全程无忧！  

A man suspected of breaching hundreds of Snowflake accounts has been arrested

INTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation. Dubbed Operation Synergia II, the coordinated effort ran from April 1 to August 31, 2024, targeting phishing, ransomware, and information stealer infrastructure. "Of the approximately 30,000 suspicious IP addresses identified, 76 per cent were taken down and 59

Конец эпохи Anonymous Sudan раскрыл суданский след в глобальной паутине.

A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. This vulnerability is known as CVE-2024-10919. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #432689 / VDB-283315

A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2023-3847. The attack can be initiated remotely. Furthermore, there is an exploit available. We tried to contact the vendor early about the disclosure but the official mail address was not working properly. We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

Check Point

Recent discoveries by Binary Security have revealed critical vulnerabilities in Azure API Management (APIM) that could allow attackers with minimal privileges to escalate their access and take full control over the APIM service. These vulnerabilities were reported to Microsoft, leading to some fixes. However, certain issues remain unresolved, exposing many users unless they manually disable legacy API […]

The post Azure API Management Vulnerabilities Let Attackers Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

用于自动化工业系统实时分布式控制的 Fieldbus 子系统于 2019 年合并到 Linux 主线，但五年之后由于无人维护它面临从内核移除。目前不清楚 Fieldbus 的实际使用情况，该子系统维护者上一次评估代码是在 2021 年 5 月，维护者显然已经失去了兴趣。移除该子系统的补丁已进入 staging-next 队列，预计将在 Linux 6.13 合并窗口中合并将其删除。