Vulnerability Disclosure — FreeIntelHub

Exploit Database Vulnerability Disclosure Dec 3

[webapps] MobileDetect 2.8.31 - Cross-Site Scripting (XSS)

MobileDetect 2.8.

Exploit Database →

Exploit Database Vulnerability Disclosure Dec 3

[webapps] phpMyAdmin 5.0.0 - SQL Injection

phpMyAdmin 5.0.

Exploit Database →

Exploit Database Vulnerability Disclosure Apple Dec 3

[webapps] RosarioSIS 6.7.2 - Cross Site Scripting (XSS)

RosarioSIS 6.7.

Exploit Database →

Exploit Database Vulnerability Disclosure Apple Dec 3

[webapps] RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)

RosarioSIS 6.7.

Exploit Database →

Exploit Database Vulnerability Disclosure Dec 3

[webapps] openSIS Community Edition 8.0 - SQL Injection

openSIS Community Edition 8.

Exploit Database →

Exploit Database Vulnerability Disclosure Dec 2

[webapps] phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)

phpMyFAQ 3.1.

Exploit Database →

Exploit Database Vulnerability Disclosure Dec 2

[webapps] phpIPAM 1.5.1 - SQL Injection

phpIPAM 1.5.

Exploit Database →

Exploit Database Vulnerability Disclosure Dec 2

[webapps] Piwigo 13.6.0 - SQL Injection

Piwigo 13.6.

Exploit Database →

Exploit Database Vulnerability Disclosure Dec 2

[webapps] phpIPAM 1.6 - Reflected-Cross-Site Scripting (XSS)

phpIPAM 1.

Exploit Database →

Exploit Database Vulnerability Disclosure Dec 2

[webapps] phpIPAM 1.6 - Reflected Cross-Site Scripting (XSS)

phpIPAM 1.

Exploit Database →

Recorded Future Vulnerability Disclosure Intel Nov 26

Integrating Threat Intelligence and Vulnerability Management: A Modern Approach

Learn how combining threat intelligence and vulnerability management creates a modern approach to risk reduction and how Recorded Future integrates both.

Recorded Future →

Trail of Bits Vulnerability Disclosure Oracle Nov 18

We found cryptography bugs in the elliptic library using Wycheproof

Trail of Bits is publicly disclosing two vulnerabilities in elliptic, a widely used JavaScript library for elliptic curve cryptography that is downloaded ove...

Trail of Bits →

Google Security Blog Vulnerability Disclosure Google Nov 13

Rust in Android: move fast and fix things

Posted by Jeff Vander Stoep, Android Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in new code quickly yiel...

Google Security Blog →

Trail of Bits Vulnerability Disclosure Nov 13

Building checksec without boundaries with Checksec Anywhere

Since its original release in 2009, checksec has become widely used in the software security community, proving useful in CTF challenges, security posturing,...

T1598

Trail of Bits →

WeLiveSecurity Vulnerability Disclosure Nov 4

How social engineering works | Unlocked 403 cybersecurity podcast (S2E6)

Think you could never fall for an online scam? Think again.

T1204

WeLiveSecurity →

Exploit Database Vulnerability Disclosure Oct 31

[webapps] Flowise 3.0.4 - Remote Code Execution (RCE)

Flowise 3.0.

T1190

Exploit Database →

Google Security Blog Vulnerability Disclosure Sep 15

Supporting Rowhammer research to protect the DRAM ecosystem

Posted by Daniel Moghimi Rowhammer is a complex class of vulnerabilities across the industry. It is a hardware vulnerability in DRAM where repeatedly accessi...

T1498

Google Security Blog →

PortSwigger Research Vulnerability Disclosure Aug 26

Inline Style Exfiltration: leaking data with chained CSS conditionals

I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes!

T1041

PortSwigger Research →

PortSwigger Research Vulnerability Disclosure Apr 30

Drag and Pwnd: Leverage ASCII characters to exploit VS Code

Control characters like SOH, STX, EOT and ETX were never meant to run your code - but in the world of modern terminal emulators, they sometimes do.

PortSwigger Research →

Google Security Blog Vulnerability Disclosure Google Apr 4

Google announces Sec-Gemini v1, a new experimental cybersecurity model

Posted by Elie Burzstein and Marianna Tishchenko, Sec-Gemini team Today, we’re announcing Sec-Gemini v1, a new experimental AI model focused on advancing cyb...

Google Security Blog →