WordPress Plugin Modern Events Calendar 5.16.2 – Remote Code Execution (Authenticated)
Tags: 0day, remote exploitScratch Desktop 3.17 – Cross-Site Scripting/Remote Code Execution (XSS/RCE)
Tags: 0day, remote exploitphpAbook version 0.9i suffers from a remote SQL injection vulnerability.
Doctors Patients Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Securepoint SSL VPN Client version 2.0.30 suffers from a local privilege escalation vulnerability.
Apache Superset version 1.1.0 suffers from a time-based account enumeration vulnerability.
A KVM guest on AMD can launch a L2 guest without the Intercept VMRUN control bit by exploiting a TOCTOU vulnerability in nested_svm_vmrun. Executing vmrun from the L2 guest, will then trigger a second call to nested_svm_vmrun and corrupt svm->nested.hsave with data copied out of the L2 vmcb. For kernel versions that include the commit […]