Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

ViciDial 2.0.5 Cross Site Request Forgery

ViciDial version 2.0.5 suffers from a cross site request forgery vulnerability.

Packet Storm
Open in Source
#csrf#vulnerability#windows#google#git#php#auth#firefox
Vehicle Service Management System 1.0 Cross Site Request Forgery

Vehicle Service Management System version 1.0 suffers from a cross site request forgery vulnerability.

Transport Management System 1.0 Insecure Direct Object Reference

Transport Management System version 1.0 suffers from an insecure direct object reference vulnerability.

Printing Business Records Management System 1.0 Insecure Settings

Printing Business Records Management System version 1.0 suffers from an ignored default credential vulnerability.

Online Eyewear Shop 1.0 Insecure Settings

Online Eyewear Shop version 1.0 suffers from an ignored default credential vulnerability.

AVideo 12.4 Code Injection

AVideo version 12.4 suffers from a PHP code injection vulnerability.

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.

GHSA-78wr-2p64-hpwj: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The `org.apache.commons.io.input.XmlStreamReader` class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

GHSA-r7pg-v2c8-mfg3: Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.

TEM Opera Plus FM Family Transmitter

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: TEM Equipment: Opera Plus FM Family Transmitter Vulnerabilities: Missing Authentication for Critical Function, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of TEM Opera Plus FM Family Transmitter, a FM Transmitter, are affected: Opera Plus FM Family Transmitter: Version 35.45 3.2 Vulnerability Overview 3.2.1 Missing Authentication for Critical Function CWE-306 TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-on...