>> AUTHOR: deepcore

vBulletin versions 5.5.2 and below suffers from an issue where user input passed through the “messageids” request parameter to /ajax/api/vb4_private/movepm is not properly sanitized before being used in a call…

XNU suffers from a dangling PTE entry due to integer truncation when collapsing vm_object shadow chains.

XNU suffers from a vm_object use-after-free vulnerability due to invalid error handling in vm_map_enter.

Chrome suffers from a heap use-after-free vulnerability in blink::LocalFrameView::PerformLayout due to an incomplete fix for CVE-2022-3199.

Sanitization Management System version 1.0 suffers from a remote SQL injection vulnerability.

Helmet Store Showroom version 1.0 suffers from an authenticated remote SQL injection vulnerability.

Trojan.Win32.DarkNeuron.gen malware creates an IPC pipe with a NULL DACL allowing RW for the Everyone user.

Win32.Ransom.Conti ransomware fails to encrypt non PE files that have a “.exe” in the filename. Creating specially crafted file names successfully evaded encryption for this malware sample.

Backdoor.Win32.Autocrat.b malware suffers from a weak hardcoded credential vulnerability.