#vulnerability

The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by calendarUpdate.php script.

The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'variant' HTTP POST parameter called by the clearProjectConfigurationAjax.php script.

The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by calendarUpdate.php script.

The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting "several dozen users" in 2024. "Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code," Kaspersky researcher Oleg

Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS versions. It has been addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS

Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN. "These botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings

The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and 2.2.X. "The ObjectSerializationDecoder in Apache MINA uses Java's

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.

A vulnerability was found in python-sql where unary operators do not escape non-Expression (like `And` and `Or`) which makes any system exposing those vulnerable to an SQL injection attack.