Darktrace Enterprise Immune System versions 3.0.9 and 3.0.10 contain multiple cross site request forgery vulnerabilities. It is highly likely that older versions are affected as well, but this has not…
>> AUTHOR: deepcore
Visual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.
XNU suffers from a use-after-free vulnerability due to a stale pointer left by in6_pcbdetach.
This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in…
This Metasploit module exploits a race condition vulnerability in Mac’s Feedback Assistant. A successful attempt would result in remote code execution under the context of root.
This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to…
AUO Solar Data Recorder < 1.3.0 – 'addr' Cross-Site Scripting
Zoho ManageEngine ServiceDesk Plus 9.3 – Cross-Site Scripting
Carel pCOWeb < B1.2.1 – Credentials Disclosure
Carel pCOWeb < B1.2.1 – Cross-Site Scripting