:: Deepquest ::

https://nampirejo-temanggung.temanggungkab.go.id notified by Indonesia Attacker

Chitor CMS version 1.1.2 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to msd0pe in April of 2023.

Multi-Vendor Online Groceries Management System version 1.0 suffers from a remote code execution vulnerability.

This is an extension of research on the original findings of CVE-2020-15858 in Telit Cinterion IoT devices. Numerous issues have been discovered including path traversal, Java privilege elevation, AT commands whitelist / blacklist bypass, a heap overflow in fragmented SMS, and more.

http://www.namkrai.go.th notified by Ajoyy

http://www.koisoong.go.th notified by Ajoyy

KodExplorer 4.49 – CSRF to Arbitrary File Upload

Chrome suffers from an issue where the traits for media::mojom::VideoFrame do not perform any validation on the stride and offset parameters when deserializing untrusted message data.

Chrome has an issue where the GL_ShaderBinary is exposed to untrusted processes.

Chrome has an issue where there is an out-of-bounds string copy that can occur when parsing a uniform sampler name in SpvGetMappedSamplerName.