CVE-2021-24382
The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it
Container Runtime Protection
Runtime Security in Kubernetes deployment might be policed based on a pod-by-pod. A pod is a group of containers that
Kubernetes Container Security – Deployment Phase
Kubernetes Container Security in Deployment Phase Kubernetes infrastructure ought to be designed firmly before workloads being deployed. From a security
Kubernetes Security – Introduction to Attack Vectors
Overview : Kubernetes helps the enterprises to automate their application deployment for the business benefits. Now-a-days Kubernetes security can be
Vulnerability Assessment and Penetration Testing (VAPT)
Why would your Business need VAPT? It is very necessary to conduct a network security audit periodically to ensure the
Jira – Open redirect vulnerability using os_destination
CVE-2019-20901 Proof of Concept : The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version
The Argo Project is an open source provider of Kubernetes CI/CD workflows, facilitating Infrastructure as Code.
Overview : In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to
Apache HTTP Server 2.4 vulnerabilities
Overview : In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might
LogicalDoc before 8.3.3 allows SQL Injection
Overview : LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This
LiveZilla blind Javascript Injection – Cross Site Scripting (XSS)
Overview : An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in
Multiple SQL injection vulnerabilities in D-Link DSR-Routers
Overview : Multiple SQL injection vulnerabilities in D-Link DSR Routers Affected Product(s) : D-Link DSR-150 (Firmware < v1.08B44) D-Link DSR-150N
Cisco Security issues released
Overview : Cisco Aironet Access Points Unauthorized Access Vulnerability CWE-284 / CVE-2019-15260 A vulnerability in Cisco Aironet Access Points (APs) Software could
XSS / SSRF hacks in SuiteCRM
Overview : SuiteCRM Lists Latest Updates of XSS / SSRF Vulnerabilities Affected Product(s) : SuiteCRM 7.11.x and 7.10.x before 7.11.8
Latest Security vulnerabilities in Cisco products
Overview : Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability CWE-399/ CVE-2019-12646 A
Vulnerability issues found in Forcepoint VPN Client
Overview : Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local
CVE-2024-39437 : UNISOC S8000 LINKTURBONATIVE SERVICE COMMAND INJECTION
Description In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local
CVE-2024-45179 : ZA-INTERNET C-MOR VIDEO SURVEILLANCE 5.2401/6.00PL01 WEB INTERFACE SETTIMEZONE.PML CITY OS COMMAND INJECTION
Description An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR
CVE-2024-0107 : NVIDIA GPU DISPLAY DRIVER/VGPU SOFTWARE/CLOUD GAMING ON WINDOWS USER MODE LAYER OUT-OF-BOUNDS
Description NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user
CVE-2024-37142 : DELL PERIPHERAL MANAGER UP TO 1.7.5 SYMBOLIC LINKS UNCONTROLLED SEARCH PATH
Description Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit
CVE-2024-34722 : GOOGLE ANDROID 12/12L/13/14 BLE SMP_ACT.CC SMP_PROC_RAND IMPROPER AUTHENTICATION
Description In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of
CVE-2024-31310 : GOOGLE ANDROID 12/12L/13/14 AUTOFILL SERVICE APP UTOFILLMANAGERSERVICEIMPL.JAVA NEWSERVICEINFOLOCKED INPUT VALIDATION
Description In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill
CVE-2024-39592 : SAP PDCE S4CORE 102 UP TO S4COREOP 107 AUTHORIZATION
Description Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This
CVE-2023-28380 : INTEL AI HACKATHON SOFTWARE UP TO 2.0.0 UNCONTROLLED SEARCH PATH
Description Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially
CVE-2023-39213 : ZOOM DESKTOP CLIENT/VDI CLIENT UP TO 5.15.1 ON WINDOWS INJECTION
Description Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow