Sources
Full Disclosure
- SEC Consult SA-20250604-0 :: Local Privilege Escalation and Default Credentials in INDAMED - MEDICAL OFFICE (Medical practice management) Demo version 1 day 3 hours old
- Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft 1 day 3 hours old
- Defense in depth -- the Microsoft way (part 89): user group policies don't deserve tamper protection 1 week 17 hours old
- CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 1 week 17 hours old
- ERPNext v15.53.1 Stored XSS in bio Field Allows Arbitrary Script Execution in Profile Page 1 week 17 hours old
- ERPNext v15.53.1 Stored XSS in user_image Field Allows Script Execution via Injected Image Path 1 week 17 hours old
- Local information disclosure in apport and systemd-coredump 1 week 17 hours old
- Stored XSS via File Upload - adaptcmsv3.0.3 1 week 17 hours old
- IDOR "Change Password" Functionality - adaptcmsv3.0.3 1 week 17 hours old
- Stored XSS "Send Message" Functionality - adaptcmsv3.0.3 1 week 17 hours old
- Authenticated File Upload to RCE - adaptcmsv3.0.3 1 week 17 hours old
- Stored XSS in "Description" Functionality - cubecartv6.5.9 1 week 17 hours old
- Multiple Vulnerabilities in SAP GuiXT Scripting 1 week 17 hours old
- CVE-2024-47081: Netrc credential leak in PSF requests library 1 week 17 hours old
- Exploit CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2) 1 week 17 hours old
- Youpot honeypot 1 week 17 hours old
- SEC Consult SA-20250521-0 :: Multiple Vulnerabilities in eCharge Hardy Barth cPH2 and cPP2 charging stations 2 weeks 3 hours old
- Structured Query Language Injection in frappe.desk.reportview.get_list Endpoint in Frappe Framework 2 weeks 3 hours old
- Unauthenticated Blind SQL Injection | RSI queue management system - V 3.0 | CVE-2025-26086 3 weeks 4 days old
- CVE-2025-30072 Tiiwee X1 Alarm System - Authentication Bypass by Capture-replay 3 weeks 4 days old
- SEC Consult SA-20250506-0 :: Honeywell MB Secure Authenticated Command Injection 3 weeks 4 days old
- SEC Consult SA-20250429-0 :: Multiple Vulnerabilities in HP Wolf Security Controller and more 3 weeks 4 days old
- SEC Consult SA-20250422-0:: Local Privilege Escalation via DLL Search Order Hijacking 3 weeks 4 days old
- Session Invalidation in Economizzer Allows Unauthorized Access After Logout 3 weeks 4 days old
- Persistent Cross-Site Scripting in Economizzer Category Entry 3 weeks 4 days old
Daily Dave
- Re: Typey typey 1 week 4 days old
- Typey typey 2 weeks 10 hours old
- Announcing the Parity Release of Volatility 3 and the Deprecation of Volatility 2 2 weeks 11 hours old
- Re: Typey typey 2 weeks 11 hours old
