Contact DMCA Privacy

Robuta

Sponsor of the Day: Jerkmate
https://matrix.org/blog/2024/10/security-disclosure-matrix-js-sdk-and-matrix-react-sdk/ Matrix.org - Security disclosure for matrix-js-sdk (CVE-2024-47080) and matrix-react-sdk... Matrix, the open protocol for secure decentralised communications security disclosurejs sdkcve 2024matrixreact https://www.herodevs.com/vulnerability-directory/cve-2024-35264 Vulnerability Directory | CVE-2024-35264 | .NET | HeroDevs Patch CVE-2024-35264 immediately to secure your systems from critical vulnerabilities. Protect your applications and prevent exploits with the latest updates... vulnerability directory cve2024herodevs https://www.osgeo.kr/307 GeoServer 보안 패치 안내(CVE-2024-36401) :: OSGeo(Open Source GeoSpatial) 한국어 지부 Jul 25, 2024 - ** GeoServer 보안 패치 안내 **GeoServer에서 발생하는 인증되지 않은 원격 코드 실행 취약점(CVE-2024-36401) https://knvd.krcert.or.kr/detailSecNo.do?IDX=6233 관련한 보안 패치... osgeo open sourcecve 2024geoservergeospatial https://explore.alas.aws.amazon.com/CVE-2024-53870.html CVE-2024-53870 cve 2024 https://securityonline.info/cve-2024-38816-spring-framework-path-traversal-vulnerability-threatens-millions/ CVE-2024-38816: Spring Framework Path Traversal Vulnerability Threatens Millions Stay informed about the serious security vulnerability (CVE-2024-38816) in the Spring Framework. Learn how it can potentially affect millions of Java... path traversal vulnerabilitycve 2024spring frameworkthreatens millions38816 https://curl.se/docs/CVE-2024-7264.html curl - ASN.1 date parser overread - CVE-2024-7264 asn 1cve 2024curldateparser https://detection.fyi/sigmahq/sigma/emerging-threats/2024/exploits/cve-2024-1708/file_event_win_exploit_cve_2024_1708_screenconnect/ CVE-2024-1708 - ScreenConnect Path Traversal Exploitation | Detection.FYI This detects file modifications to ASPX and ASHX files within the root of the App_Extensions directory, which is allowed by a ZipSlip vulnerability in versions... cve 2024path traversaldetection fyi1708screenconnect https://blog.rust-lang.org/2024/09/04/cve-2024-43402/ Security advisory for the standard library (CVE-2024-43402) | Rust Blog Empowering everyone to build reliable and efficient software. security advisorystandard librarycve 2024rust blog https://nvd.nist.gov/vuln/detail/CVE-2024-2904 NVD - CVE-2024-2904 nvd cve 20242904 https://www.ipa.go.jp/security/security-alert/2024/alert20240619.html VMware 製品の脆弱性対策について(CVE-2024-37079 等) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構 情報処理推進機構(IPA)の「VMware 製品の脆弱性対策について(CVE-2024-37079 等)」に関する情報です。 cve 2024vmwareipa https://www.conquer-your-risk.com/2024/04/03/xz-attack-and-cve-2024-3094-a-mental-health-exploitation-of-the-open-source-community/ XZ Attack and CVE-2024-3094: a Mental Health Exploitation of the Open Source Community - Conquer... Apr 12, 2024 - The CVE-2024-3094 incident, also referred as XZ Attack, marks a significant event in the cybersecurity landscape, highlighting a sophisticated attack cve 2024 3094open source communitymental healthxzattack https://thehackernews.com/2026/04/mirai-variant-nexcorium-exploits-cve.html Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet CVE-2024-3721 and CVE-2023-33538 exploited in TBK DVRs and EoL TP-Link routers, enabling Mirai variants and DDoS risk. mirai variant nexcoriumcve 2024 3721exploitshijacktbk https://mailman.nginx.org/pipermail/nginx-announce/2024/NW6MNW34VZ6HDIHH5YFBIJYZJN7FGNAV.html [nginx-announce] nginx security advisory (CVE-2024-24989, CVE-2024-24990) nginx announce securityadvisory cve2024 https://curl.se/docs/CVE-2024-9681.html curl - HSTS subdomain overwrites parent cache entry - CVE-2024-9681 curl hstscache entrycve 2024subdomainoverwrites https://www.endorlabs.com/vulnerability/cve-2024-47413 Endor Patches | CVE-2024-47413, Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use... endor patches cve23 07 242024animate https://mikrotik.com/supportsec/cve-2024-54772/ MikroTik · CVE-2024-54772 MikroTik makes networking hardware and software, which is used in nearly all countries of the world. Our mission is to make existing Internet technologies... cve 2024mikrotik https://www.anquanke.com/post/id/307736 Zimbra CVE-2024-27443 XSS漏洞袭击了129 K台服务器,Sednit疑似-安全KER - 安全资讯平台 cve 2024zimbra https://symfony.com/blog/cve-2024-51755-unguarded-calls-to-isset-and-to-array-accesses-in-a-sandbox Twig CVE-2024-51755: Unguarded calls to __isset() and to array-accesses in a sandbox (Symfony Blog) Nov 10, 2024 - Twig CVE-2024-51755: Unguarded calls to __isset() and to array-accesses in a sandbox cve 2024symfony blogtwigunguardedcalls https://www.herodevs.com/vulnerability-directory/cve-2024-38827 Vulnerability Directory | CVE-2024-38827 | Spring | HeroDevs Address CVE-2024-38827, a Spring Security vulnerability that bypasses authorization with case-sensitive string comparisons. Learn how HeroDevs' Never-Ending... vulnerability directory cvespring herodevs2024 https://explore.alas.aws.amazon.com/CVE-2024-11233.html CVE-2024-11233 cve 202411233 https://explore.alas.aws.amazon.com/CVE-2024-0775.html CVE-2024-0775 cve 20240775 https://support.withsecure.com/en/support/security-advisories/cve-2024-47193 CVE-2024-47193 Denial-of-Service (DoS) Vulnerability | WithSecure™ It is possible for a local user to deny an administrator from installing WithSecure Mac antivirus software or prevent automatic upgrade on macOS devices.... cve 2024service dosdenialvulnerability https://www.herodevs.com/vulnerability-directory/cve-2024-33665 Vulnerability Directory | CVE-2024-33665 | AngularJS | HeroDevs The vulnerability can be triggered by injecting malicious code into input fields that are then processed by the translate directive. A proof of concept... vulnerability directory cveangularjs herodevs2024 https://securelist.com/cve-2024-30051/112618/ QakBot attacks with CVE-2024-30051 Windows zero-day | Securelist May 17, 2024 - In April 2024, while researching CVE-2023-36033, we discovered another zero-day elevation-of-privilege vulnerability, which was assigned CVE-2024-30051... windows zero daycve 2024qakbotattackssecurelist https://www.ipa.go.jp/security/security-alert/2024/alert20250115.html Fortinet 製 FortiOS の脆弱性対策について(CVE-2024-55591) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構 情報処理推進機構(IPA)の「Fortinet 製 FortiOS の脆弱性対策について(CVE-2024-55591)」に関する情報です。 cve 2024fortinetfortiosipa https://www.postgresql.org/support/security/CVE-2024-10978/ PostgreSQL: CVE-2024-10978: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID postgresql cveuser id2024setrole https://www.ebryx.com/blogs/arbitrary-code-execution-in-zlog-cve-2024-22857 Arbitrary Code Execution in ZLOG (CVE-2024-22857) CVE-2024-22857 reveals a severe arbitrary code execution flaw in Zlog. Explore how this vulnerability works, its exploitation path, and how to protect affected... arbitrary code executioncve 2024 https://www.herodevs.com/vulnerability-directory/cve-2024-6531 Vulnerability Directory | CVE-2024-6531 | Bootstrap | HeroDevs A cross-site scripting (XSS) vulnerability has been identified within the Bootstrap 4 Carousel component. vulnerability directory cvebootstrap herodevs20246531 https://advisory-akbar.kustirama.id/cve-2024-37389/ CVE-2024-37389 — Apache NiFi Improper Neutralization of Input in Parameter Context Description -... Where I pretend to know things and spot for my brain dumps. cve 2024apache nifiimproper neutralizationinputparameter https://explore.alas.aws.amazon.com/CVE-2024-44934.html CVE-2024-44934 cve 2024 https://www.herodevs.com/vulnerability-directory/cve-2024-38816 Vulnerability Directory | CVE-2024-38816 | Spring | HeroDevs A significant path traversal vulnerability (CVE-2024-38816) has been discovered in the Spring Framework. This vulnerability allows attackers to exploit the way... vulnerability directory cvespring herodevs202438816 https://www.herodevs.com/vulnerability-directory/cve-2024-21490 Vulnerability Directory | CVE-2024-21490 | AngularJS | HeroDevs Starting with version 1.3.0 of Angular, it’s possible to conduct a Regular Expression Denial of Service (ReDoS) attack. Because the package uses a regular... vulnerability directory cveangularjs herodevs2024 https://www.ipa.go.jp/security/security-alert/2024/alert20241119.html Palo Alto Networks 製 PAN-OS の脆弱性対策について(CVE-2024-0012等) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構 情報処理推進機構(IPA)の「Palo Alto Networks 製 PAN-OS の脆弱性対策について(CVE-2024-0012等)」に関する情報です。 palo alto networkspan oscve 2024ipa https://dovecot.org/mailman3/hyperkitty/list/dovecot@dovecot.org/thread/TEVOFHCKWZW62C6NAM25S3K7CL6KUL2J/ Dovecot CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message -... cve 2024resource exhaustiondovecotlargeheaders https://www.anquanke.com/post/id/308245 新的 Mirai 僵尸网络变种通过 CVE-2024-3721 瞄准 DVR 系统-安全KER - 安全资讯平台 cve 2024 3721miraidvr https://nvd.nist.gov/vuln/detail/CVE-2024-21485 NVD - CVE-2024-21485 nvd cve 202421485 https://curl.se/docs/CVE-2024-8096.html curl - OCSP stapling bypass with GnuTLS - CVE-2024-8096 ocsp staplingcve 2024curlbypassgnutls https://nvd.nist.gov/vuln/detail/CVE-2024-24510 NVD - CVE-2024-24510 nvd cve 2024 https://www.openwall.com/lists/oss-security/2026/03/31/8 oss-security - CVE-2024-14031: Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is... oss security cve4 0002024encoderversions https://snikket.org/blog/xz-backdoor-cve-2024-3094/ Snikket Blog | Security notice: Snikket not affected by CVE-2024-3094 A backdoor was recently found in xz, a widely used package. The vulnerability does not affect Snikket, but make sure your host systems are up to date. cve 2024 3094blog securitysnikketnoticeaffected https://www.clever.cloud/developers/changelog/2024/07-10-cve-2024-6387/ regreSSHion (CVE-2024-6387): our response – Clever Cloud Documentation All our systems are up-to-date cve 2024 6387clever cloud documentationresponse https://gbhackers.com/tbk-dvr-vulnerability/ TBK DVR Vulnerability CVE-2024-3721 Exploited to Spread Nexcorium DDoS Malware Apr 20, 2026 - Hackers are actively exploiting a critical vulnerability in TBK digital video recorder (DVR) devices to deploy a new Mirai-based botnet called Nexcorium. cve 2024 3721tbkdvrvulnerabilityexploited https://www.crowdstrike.com/en-us/blog/cve-2024-3094-xz-upstream-supply-chain-attack/ CVE-2024-3094 and XZ Upstream Supply Chain Attack | CrowdStrike Feb 3, 2025 - Learn about the CVE-2024-3094 and XZ Upstream Supply Chain Attack and how CrowdStrike is protecting its customers from exploitation. cve 2024 3094supply chain attackxzupstreamcrowdstrike https://blog.r-project.org/2024/05/10/statement-on-cve-2024-27322/index.html Statement on CVE-2024-27322 - The R Blog cve 2024r blogstatement https://curl.se/docs/CVE-2024-2398.html curl - HTTP/2 push headers memory-leak - CVE-2024-2398 curl httpmemory leakcve 2024pushheaders https://symfony.com/blog/cve-2024-51754-unguarded-calls-to-tostring-in-a-sandbox-when-an-object-is-in-an-array-or-an-argument-list Twig CVE-2024-51754: Unguarded calls to __toString() in a sandbox when an object is in an array or... Nov 10, 2024 - Twig CVE-2024-51754: Unguarded calls to __toString() in a sandbox when an object is in an array or an argument list cve 2024twigunguardedcallstostring https://www.openwall.com/lists/oss-security/2024/03/13/3 oss-security - CVE-2024-24549: Apache Tomcat: HTTP/2 header handling DoS oss security cveapache tomcathttp 22024 https://projectzero.google/2026/01/sound-barrier-2.html Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529 - Project Zero In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-... sound barrierpart iiexploiting cveproject zerobreaking https://modsecurity.org/20241011/about-cve-2024-46292-2024-october/ About CVE-2024-46292 - 2024 October | Modsecurity Project We would like to share our take on CVE-2024-46292, which was published on October 9 2024. cve 2024modsecurity projectoctober https://symfony.com/blog/cve-2024-51736-command-execution-hijack-on-windows-with-process-class CVE-2024-51736: Command execution hijack on Windows with Process class (Symfony Blog) Nov 6, 2024 - CVE-2024-51736: Command execution hijack on Windows with Process class cve 2024command executionsymfony bloghijackwindows https://www.herodevs.com/vulnerability-directory/cve-2024-22259 Vulnerability Directory | CVE-2024-22259 | Spring | HeroDevs This vulnerability (CVE-20240-22259) is in spring-web when the UriComponentsBuilder class is used to parse externally provided URLs. The vulnerability arises... vulnerability directory cvespring herodevs2024 https://explore.alas.aws.amazon.com/CVE-2024-53875.html CVE-2024-53875 cve 2024 https://symfony.com/blog/cve-2024-50345-open-redirect-via-browser-sanitized-urls CVE-2024-50345: Open redirect via browser-sanitized URLs (Symfony Blog) Nov 6, 2024 - CVE-2024-50345: Open redirect via browser-sanitized URLs cve 2024open redirectvia browsersymfony blog50345 https://stackblitz.com/edit/express-3x-43796-xss-reproduction?file=pages%2Findex.html Express 3.x CVE-2024-43796 Reproduction - StackBlitz An Express project based on cors and express express 3 xcve 2024reproductionstackblitz https://www.herodevs.com/vulnerability-directory/cve-2024-53677 Vulnerability Directory | CVE-2024-53677 | Struts | HeroDevs Act now to secure your applications from CVE-2024-53677 in Apache Struts. Choose HeroDevs' long-term support to keep your systems secure, compliant, and... vulnerability directory cvestruts herodevs2024 https://guardsix.com/blog/emerging-threats/xz-utils-backdoor XZ Utils Backdoor: Supply Chain Vulnerability (CVE-2024-3094) - guardsix xz utils backdoorcve 2024 3094supply chainvulnerabilityguardsix https://explore.alas.aws.amazon.com/CVE-2024-46744.html CVE-2024-46744 cve 2024 https://aws.amazon.com/jp/security/security-bulletins/AWS-2024-001/ CVE-2024-21626 - runC コンテナに関する問題 cve 2024runc https://curl.se/docs/CVE-2024-2004.html curl - Usage of disabled protocol - CVE-2024-2004 cve 2024curlusagedisabledprotocol https://www.herodevs.com/vulnerability-directory/cve-2024-27983 Vulnerability Directory | CVE-2024-27983 | Node.js | HeroDevs vulnerability directory cvenode js herodevs2024 https://www.ipa.go.jp/security/security-alert/2024/alert20241224.html Adobe ColdFusionの脆弱性対策について(CVE-2024-53961) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構 情報処理推進機構(IPA)の「Adobe ColdFusionの脆弱性対策について(CVE-2024-53961)」に関する情報です。 cve 2024adobeipa https://explore.alas.aws.amazon.com/CVE-2024-8927.html CVE-2024-8927 cve 2024 https://xiamp.net/archives/openssh-is-vulnerable-cve20246387-please-manually-update-the-openssh-tutorial.html OpenSSH 爆漏洞了(CVE-2024-6387),手动更新OpenSSH教程 - 虾米皮皮乐 - Typecho 原创主题站 cve 2024 6387opensshtypecho https://explore.alas.aws.amazon.com/CVE-2024-10979.html CVE-2024-10979 cve 2024 https://grokstar.dev/security/2024/11/v7-1-4-released-fixes-cve-2024-52301/ v7.1.4 Released – Fixes CVE-2024-52301 – Grokstar.Dev 1 4 releasedcve 2024grokstar devv7fixes https://www.zend.com/php-security-center/CVE-2024-11235 CVE-2024-11235 | Zend cve 202411235zend https://gitlab.isc.org/isc-projects/bind9/-/issues/4480 [CVE-2024-1975] SIG(0) can be used to exhaust CPU resources (#4480) · Issues · ISC Open Source... Quick Links 🔗 Incident Manager: issues isc opencve 20241975sigused https://curl.se/docs/CVE-2024-6874.html curl - macidn punycode buffer overread - CVE-2024-6874 cve 2024curlpunycodebufferoverread https://www.herodevs.com/vulnerability-directory/cve-2024-8372 Vulnerability Directory | CVE-2024-8372 | AngularJS | HeroDevs An improper sanitization vulnerability (CVE-2024-8372) has been identified in AngularJS, which allows attackers to bypass common image source restrictions... vulnerability directory cveangularjs herodevs20248372 https://nvd.nist.gov/vuln/detail/CVE-2024-45217 NVD - CVE-2024-45217 nvd cve 2024 https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html [nginx-announce] nginx security advisory (CVE-2024-31079, CVE-2024-32760, CVE-2024-34161,... nginx announce securityadvisory cve2024 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 NVD - CVE-2024-8176 nvd cve 20248176 https://explore.alas.aws.amazon.com/CVE-2024-41092.html CVE-2024-41092 cve 2024 https://www.herodevs.com/vulnerability-directory/cve-2024-52317 Vulnerability Directory | CVE-2024-52317 | Apache Tomcat | HeroDevs Patch CVE-2024-52317 immediately to secure your systems from critical vulnerabilities. Protect your applications and prevent exploits with the latest updates... vulnerability directory cveapache tomcat herodevs2024 https://www.herodevs.com/blog-posts/cve-2024-38819-high-severity-path-traversal-vulnerability-in-spring-framework HeroDevs Blog | CVE-2024-38819: High-Severity Path Traversal Vulnerability in Spring Framework CVE-2024-38819 is a high-severity path traversal vulnerability in the Spring Framework. Learn about its impact on applications and how HeroDevs’ NES for Spring... herodevs blog cvepath traversal vulnerabilityhigh severityspring framework2024 https://explore.alas.aws.amazon.com/CVE-2024-8929.html CVE-2024-8929 cve 20248929 https://www.herodevs.com/vulnerability-directory/cve-2024-22236 Vulnerability Directory | CVE-2024-22236 | Spring | HeroDevs Spring Cloud Contract vulnerability (CVE-2024-22236) exposes local information via insecure temporary directory permissions during test execution, affecting... vulnerability directory cvespring herodevs2024 https://www.ipa.go.jp/security/security-alert/2024/alert20240415.html Palo Alto Networks 製 PAN-OS の脆弱性対策について(CVE-2024-3400) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構 情報処理推進機構(IPA)の「Palo Alto Networks 製 PAN-OS の脆弱性対策について(CVE-2024-3400)」に関する情報です。 palo alto networkspan oscve 20243400ipa https://www.upwind.io/feed/regresshion-rce-in-opensshs-server-on-glibc-based-linux-systems-cve-2024-6387 regreSSHion: RCE in OpenSSH's Server on glibc-based Linux Systems (CVE-2024-6387) - Upwind Nov 7, 2024 - OpenSSH is widely known for managing secure shell connections (SSH). However, a recently discovered vulnerability in OpenSSH's server (sshd), known as cve 2024 6387based linuxrceopensshserver https://explore.alas.aws.amazon.com/CVE-2024-56658.html CVE-2024-56658 cve 2024 https://nvd.nist.gov/vuln/detail/CVE-2024-20154 NVD - CVE-2024-20154 nvd cve 2024 https://nvd.nist.gov/vuln/detail/cve-2024-20433 NVD - cve-2024-20433 nvd cve 2024 https://explore.alas.aws.amazon.com/CVE-2024-29038.html CVE-2024-29038 cve 2024 https://www.herodevs.com/vulnerability-directory/cve-2024-6484 Vulnerability Directory | CVE-2024-6484 | Bootstrap | HeroDevs A cross-site scripting (XSS) vulnerability has been identified within the Bootstrap 3 Carousel component. vulnerability directory cvebootstrap herodevs20246484 https://securityonline.info/cve-2024-8353-critical-givewp-flaw-100k-wordpress-sites-at-risk/ CVE-2024-8353 (CVSS 10): Critical GiveWP Flaw, 100k WordPress Sites at Risk Discover the details of the critical vulnerability CVE-2024-8353 in GiveWP donation plugin for WordPress and the potential impact on your website. cve 2024cvss 10wordpress sites8353critical https://nvd.nist.gov/vuln/detail/CVE-2024-2365 NVD - CVE-2024-2365 nvd cve 20242365 https://explore.alas.aws.amazon.com/CVE-2024-21147.html CVE-2024-21147 cve 2024 https://www.assetnote.io/resources/research/why-nested-deserialization-is-harmful-magento-xxe-cve-2024-34102 Why nested deserialization is harmful: Magento XXE (CVE-2024-34102) A critical, pre-authentication XML entity injection issue in Magento / Adobe Commerce (CVE-2024-34102), which Adobe rated as CVSS 9.8. cve 2024nesteddeserializationharmfulmagento https://explore.alas.aws.amazon.com/CVE-2024-56582.html CVE-2024-56582 cve 2024 https://www.herodevs.com/vulnerability-directory/cve-2024-22257 Vulnerability Directory | CVE-2024-22257 | Spring | HeroDevs Patch CVE-2024-22257 immediately to secure your systems from critical vulnerabilities. Protect your applications and prevent exploits with the latest updates... vulnerability directory cvespring herodevs2024 https://www.postgresql.org/support/security/CVE-2024-7348/ PostgreSQL: CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL postgresql cvepg dumpexecutes arbitrary20247348