|
You are here |
machevalia.blog | ||
| | | | |
www.thezdi.com
|
|
| | | | | [AI summary] This blog post discusses two critical vulnerabilities in the Logsign Unified SecOps Platform, CVE-2024-5716 (authentication bypass) and CVE-2024-5717 (command injection), which can be combined for remote, unauthenticated code execution. | |
| | | | |
artsploit.blogspot.com
|
|
| | | | | When I first encountered Kafka UI, I was thrilled that such a dangerous functionality is exposed without authentication. After some time I d... | |
| | | | |
www.gingerlime.com
|
|
| | | | | Summary A critical Remote Code Execution vulnerability in WooCommerce Delivery Notes <= 5.8.0 allowed attackers to inject PHP code into plugin settings. The malicious code executed when any admin or the backend printed an invoice via DomPDF, installing backdoors and creating unauthorized admin accounts. This vulnerability was publicly disclosed in December 2025 and is actively... | |
| | | | |
blog.ostorlab.co
|
|
| | | This release introduces CNIL standard support, SARIF export, and improved vulnerability insights with locations and advanced search. Copilot is more powerful, performance is faster, and asset and remediation workflows are smoother. | ||