Aggregator

cPanel Perl注入|Android ADB零点击RCE|Grav CMS未认证RCE|PHP unserialize 21年UAF|共4条高危漏洞

A vulnerability marked as critical has been reported in Red Hat JBoss 1.0/6.0. This issue affects some unknown processing of the component Overlord Runtime Governance for JBossAS. Performing a manipulation as part of MVEL Expression results in code injection. This vulnerability is reported as CVE-2013-6469. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability has been found in Toshibacommerce 4690 Point Of Sale Operating System 6.2 and classified as problematic. Impacted is an unknown function of the component Default Configuration. This manipulation causes cryptographic issues. This vulnerability is registered as CVE-2014-0361. The attack needs to be launched locally. No exploit is available.

A vulnerability was found in IBM Sterling Selling and Fulfillment Foundation and classified as problematic. The affected element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2014-0932. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Pimcore 1.4.9/1.5.0/2.1.0/2.2.0. It has been classified as critical. The impacted element is the function getObjectByToken of the file Newsletter.php. Performing a manipulation results in code injection. This vulnerability is reported as CVE-2014-2921. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in Pimcore 1.4.9/1.5.0/2.1.0. It has been declared as critical. This affects the function getObjectByToken of the file Newsletter.php. Executing a manipulation can lead to improper input validation. This vulnerability appears as CVE-2014-2922. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in Asus RT-AC68U -/3.0.0.4.374.4755/3.0.0.4.374 4561/3.0.0.4.374 4887. It has been rated as critical. This impacts an unknown function of the file Main_Analysis_Content.asp of the component Firmware. The manipulation leads to os command injection. This vulnerability is traded as CVE-2013-5948. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in json-c up to 0.11. Affected is an unknown function. The manipulation results in memory corruption. This vulnerability is known as CVE-2013-6370. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in json-c up to 0.11. Affected by this vulnerability is an unknown functionality. This manipulation causes cryptographic issues. This vulnerability is handled as CVE-2013-6371. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Automattic Jetpack. Affected by this issue is some unknown functionality. Such manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2014-0173. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability marked as critical has been reported in FitNesse Wiki 20131110/20140201. This affects an unknown part. Performing a manipulation of the argument pageContent results in command injection. This vulnerability was named CVE-2014-1216. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in vTiger CRM 6.0.0. This vulnerability affects unknown code. Executing a manipulation can lead to improper input validation. The identification of this vulnerability is CVE-2014-2269. The attack may be launched remotely. Furthermore, there is an exploit available. Upgrading the affected component is recommended.

Scam attempts continue to reach consumers via email, text messages, social media, online advertising, and phone calls. The volume of exposure has remained stable over the past year, with more than half of consumers encountering scam attempts at least monthly, according to the F-Secure Scam Intelligence & Impacts Report 2026. Most common channels for scam attempts (Source: F-Secure) The United States recorded the highest exposure levels among surveyed markets. Younger consumers reported higher scam activity … More →

The post The scam economy has found its AI upgrade appeared first on Help Net Security.

Currently trending CVE - Hype Score: 1 - Bio.Entrez in Biopython through 186 allows doctype XXE.

Currently trending CVE - Hype Score: 1 - Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the ...

Чтобы украсть чужие секреты, теперь не требуется даже пароль.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in BerriAI LiteLLM, tracked as CVE-2026-42208 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. At the end of April, attackers rapidly exploited the critical […]

A new variant of the TrickMo Android banking malware, delivered in campaigns targeting users across Europe, introduces new commands and uses The Open Network (TON) for stealthy command-and-control communications. [...]

OpenAI придумала, как продать пентест корпорациям.