#git

Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.

SwiftyEdit Content Management System prior to v1.2.0 is vulnerable to Cross Site Request Forgery (CSRF).

Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.

Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file.

An issue was discovered in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server.

A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php.

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret.

Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).

By Deeba Ahmed The culprit behind these callback phishing attacks, known as Silent Ransom Group (SRG), is also identified as Luna Moth. This is a post from HackRead.com Read the original post: FBI Alert: Silent Ransom Group Utilizes Callback Phishing for Network Hacks

A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws were discovered by researchers at hardware and software product security and offensive research firm Blackwing Intelligence, who found the weaknesses in the fingerprint sensors from Goodix,