SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=…`), versions of SignXML prior to 4.0.4 are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature algorithms using the `signxml.XMLVerifier.verify(expect_config=…)` setting, […]
A reflected cross-site scripting (XSS) vulnerability exists in multiple [Vendor Name] products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser to execute arbitrary JavaScript in the context of the vulnerable page. […]
The following table lists the changes that have been made to the CVE-2024-7074 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by ed10eef1-636d-4fbe-9993-6890dfa878f8 Jun. 02, 2025 Action […]
The following table lists the changes that have been made to the CVE-2024-7073 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by ed10eef1-636d-4fbe-9993-6890dfa878f8 Jun. 02, 2025 Action […]
A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative access to the Management Console. If successful, the actor could inject […]
The following table lists the changes that have been made to the CVE-2024-1440 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by ed10eef1-636d-4fbe-9993-6890dfa878f8 Jun. 02, 2025 Action […]
Attackers breached ConnectWise, compromised customer ScreenConnect instances A suspected “sophisticated nation state actor” has compromised ScreenConnect cloud instances of a “very small number” of ConnectWise customers, the company has revealed on Wednesday. “We have not obse … Read more Published Date: Jun 02, 2025 (1 hour, 48 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-3935 […]
Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users Mobile chipmaker Qualcomm has issued urgent security patches for three critical zero-day vulnerabilities in its Adreno GPU drivers that are actively being exploited in targeted attacks against Android … Read more Published Date: Jun 02, 2025 (24 minutes ago) Vulnerabilities has been mentioned in this article.
MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden (draft, unapproved, or soft-deleted) threads containing specified text in the title. The visibility state (`mybb_threads.visible` integer column) of threads is not validated in internal search queries, […]
The following table lists the changes that have been made to the CVE-2025-48940 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Jun. 02, 2025 Action […]
