CVE Alert: CVE-2024-12703
Vulnerability Summary: CVE-2024-12703 CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential...
Month: January 2025
CVE Alert: CVE-2024-13377
Vulnerability Summary: CVE-2024-13377 The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in...
CVE Alert: CVE-2024-12476
Vulnerability Summary: CVE-2024-12476 CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation...
CVE Alert: CVE-2024-10497
Vulnerability Summary: CVE-2024-10497 CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values...
CVE Alert: CVE-2024-10498
Vulnerability Summary: CVE-2024-10498 CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow...
CVE Alert: CVE-2025-0527
Vulnerability Summary: CVE-2025-0527 A vulnerability classified as critical was found in code-projects Admission Management System 1.0. Affected by this vulnerability...
CVE Alert: CVE-2025-0530
Vulnerability Summary: CVE-2025-0530 A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects...
CVE Alert: CVE-2025-0528
Vulnerability Summary: CVE-2025-0528 A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20....
CVE Alert: CVE-2025-0529
Vulnerability Summary: CVE-2025-0529 A vulnerability, which was classified as critical, was found in code-projects Train Ticket Reservation System 1.0. This...
HackerOne Bug Bounty Disclosure: cve-apache-airflow-format-string-vulnerability-leixiao
Company Name: Internet Bug Bounty Company HackerOne URL: https://hackerone.com/ibb Submitted By:leixiaoLink to Submitters Profile:https://hackerone.com/leixiao Report Title:CVE-2022-40604: Apache Airflow: Format String...
HackerOne Bug Bounty Disclosure: object-level-access-control-leads-to-reading-user-s-full-requests-sessions-and-error-messages-mester-x
Company Name: Yelp Company HackerOne URL: https://hackerone.com/yelp Submitted By:mester_xLink to Submitters Profile:https://hackerone.com/mester_x Report Title:Object Level access control leads to reading...
CVE Alert: CVE-2024-45832
Vulnerability Summary: CVE-2024-45832 Hard-coded credentials were included as part of the application binary. These credentials served as part of the...
CVE Alert: CVE-2024-26153
Vulnerability Summary: CVE-2024-26153 All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 are vulnerable to cross-site request...
CVE Alert: CVE-2024-26156
Vulnerability Summary: CVE-2024-26156 All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross...
CVE Alert: CVE-2024-26157
Vulnerability Summary: CVE-2024-26157 All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross...
CVE Alert: CVE-2025-0531
Vulnerability Summary: CVE-2025-0531 A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some...
CVE Alert: CVE-2024-12757
Vulnerability Summary: CVE-2024-12757 Nedap Librix Ecoreader is missing authentication for critical functions that could allow an unauthenticated attacker to potentially...
CVE Alert: CVE-2024-53683
Vulnerability Summary: CVE-2024-53683 A valid set of credentials in a .js file and a static token for communication were obtained...
CVE Alert: CVE-2024-26154
Vulnerability Summary: CVE-2024-26154 All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross...
CVE Alert: CVE-2024-26155
Vulnerability Summary: CVE-2024-26155 All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in...
CVE Alert: CVE-2024-54681
Vulnerability Summary: CVE-2024-54681 Multiple bash files were present in the application's private directory. Bash files can be used on their...
[QILIN] – Ransomware Victim: Refreshment Services Pepsi
Ransomware Group: QILIN VICTIM NAME: Refreshment Services Pepsi NOTE: No files or stolen information are by RedPacket Security. Any legal...
[CLOP] – Ransomware Victim: MERCURYGATE[.]COM
Ransomware Group: CLOP VICTIM NAME: MERCURYGATECOM NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
[QILIN] – Ransomware Victim: USE Federal Credit Union
Ransomware Group: QILIN VICTIM NAME: USE Federal Credit Union NOTE: No files or stolen information are by RedPacket Security. Any...
