Mohanraj Rbinarysouljour.me·Dec 5, 2024CVE-2024-46455 : XML eXternal Entity vulnerability in unstructured.io <= 0.14.2Before proceeding I would like to give a shoutout to my awesome friend and colleagueMohit Kwho tagged along in this journey and played a pivotal role. Summary This blog is a result of the applied vulnerability research that we did against open-webui...DiscussCVE
Rivanorthblog.rivanorth.com·Dec 5, 2024Vulnerability Report: December 2024Welcome to the monthly Vulnerability Report. In this report, we provide an overview of the most significant security vulnerabilities identified in the past month. Our focus is on vulnerabilities that are being actively exploited, which pose the bigge...DiscussSecurity AdvisorySecurity
Hitesh Patrablogs.hiteshpatra.in·Dec 4, 2024CVE-2024-54134 - Solana Web3.js Supply Chain AttackA supply chain attack was detected in version 1.95.6 and 1.95.7 of the @solana/web3.js npm library. This compromised version contain injected malicious code that can steal keys from developers and users, potentially enabling attackers to drain crypto...Discuss·12 likes·87 readsCVE Analysissupplychainattack
Le Quoc Cuongnospaceavailable.hashnode.dev·Nov 26, 2024Reproduce CVE-2024–23897Đây là một post cũ, mình chuyển từ github repo sang để github đỡ bị tạp nham hơn :p Jenkins là một Java opensource dùng để thực hiện chức năng tích hợp liên tục, triển khai liên tục (CI/CD – Continuous Integration/Continuous Delivery) và xây dựng các...Discuss#Reproduce
Rivanorthblog.rivanorth.com·Nov 5, 2024Vulnerability Report: November 2024Welcome to the monthly Vulnerability Report. In this report, we provide an overview of the most significant security vulnerabilities identified in the past month. Our focus is on vulnerabilities that are being actively exploited, which pose the bigge...DiscussSecurity AdvisoryCVE
Rao Waqas Akramraowaqasakram.hashnode.dev·Oct 24, 2024🌐 Celebrating 25 Years of CVEs! 🌐🌐 Celebrating 25 Years of CVEs! 🌐 Tenable has released an insightful article on the evolution of vulnerabilities, marking 25 years of CVE. From the first 321 records in 1999 to over 240,000 today, this milestone highlights the critical impact of ...Discuss·36 readsvulnerabilities
doppahuydoppa.hashnode.dev·Oct 10, 2024Analyst CVE-2024-8698 on KeyCloakSummary : A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of t...LaGon HackTrick and 1 other are discussing this2 people are discussing thisDiscuss·6 likes·1.9K readskeycloak
Rivanorthblog.rivanorth.com·Oct 8, 2024Vulnerability Report: October 2024Welcome to the monthly Vulnerability Report. In this report, we provide an overview of the most significant security vulnerabilities identified in the past month. Our focus is on vulnerabilities that are being actively exploited, which pose the bigge...DiscussSecurity AdvisoryCVE
Rosecurifylog.rosecurify.com·Oct 5, 2024Seclog - #94📚 SecMisc Tools Index | Hackers of India - A comprehensive index of hacking tools. Read More Unleash the Power of Censys Search - A guide for using Censys search effectively. Read More Lambda Watchdog - A monitoring tool for AWS Lambda functions....DiscussseclogCVE-2024-45409
Tran Hoang PhongforFIS Securityblog.fiscybersec.com·Sep 29, 2024Lỗ hổng nghiêm trọng trên GitLab khiến kẻ tấn công bỏ qua xác thực SAMLLỗ hổng CVE-2023-7028 là một lỗ hổng bảo mật nghiêm trọng trong GitLab, ảnh hưởng đến cả phiên bản Enterprise Edition (EE) và Community Edition (CE). Nếu khai thác thành công, kẻ tấn công có thể chiếm quyền kiểm soát tài khoản quản trị của hệ thống G...Discuss·45 readsNewslettersGitLab