-
The State of Magecart: A Persistent Threat to E-Commerce Security
Trustwave SpiderLabs first blogged about Magecart back in 2019; fast forward five years and it is still here going strong. Go to Source
-
Looking at the Attack Surfaces of the Sony XAV-AX8500
For the upcoming Pwn2Own Automotive contest a total of 4 head units have been selected. One of these is the single DIN Sony XAV-AX8500 that offers a variety of functionality such as wired and wireless Android Auto and Apple CarPlay as well as USB media playback and more. This blog post presents internal photos of…
-
CVE-2025-22145 – Carbon PHP DateTime Remote File Include Vulnerability
CVE ID : CVE-2025-22145 Published : Jan. 8, 2025, 9:15 p.m. | 29 minutes ago Description : Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include…
-
CVE-2024-52869 – Teradata SUSE Enterprise Linux Server Elevated Privilege Group Misassignment
CVE ID : CVE-2024-52869 Published : Jan. 8, 2025, 9:15 p.m. | 29 minutes ago Description : Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2…
-
CVE-2024-53995 – SickChill Open Redirect Vulnerability
CVE ID : CVE-2024-53995 Published : Jan. 8, 2025, 9:15 p.m. | 29 minutes ago Description : SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint’s `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open…
-
CVE-2024-13190 – ZeroWdd Myblog Xml Injection
CVE ID : CVE-2024-13190 Published : Jan. 8, 2025, 9:15 p.m. | 29 minutes ago Description : A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. The attack can be initiated remotely. The exploit has…
-
CVE-2025-22143 – WeGIA Web Manager Reflected Cross-Site Scripting
CVE ID : CVE-2025-22143 Published : Jan. 8, 2025, 8:15 p.m. | 1 hour, 28 minutes ago Description : WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_permissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_e parameter. This vulnerability…
-
CVE-2025-0194 – GitLab Information Disclosure
CVE ID : CVE-2025-0194 Published : Jan. 8, 2025, 8:15 p.m. | 1 hour, 28 minutes ago Description : An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.1, starting from 17.6 prior to 17.6.1, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged…