Zero day exploit for Nehelper Wifi Info on iOS 15.0. XPC endpoint com.apple.nehelper accepts user-supplied parameter sdk-version, and if its value is less than or equal to 524288, the com.apple.developer.networking.wifi-info entitlement check is skipped. This makes it possible for any qualifying application (e.g. possessing location access authorization) to gain access to Wifi information without the required entitlement. This happens in -[NEHelperWiFiInfoManager checkIfEntitled:] in /usr/libexec/nehelper.
0af5f880ff757d8f4ecf82631a976eb88cd98d6646578d823eeb66b9199ddf29
Zero day exploit for nehelper on iOS 15.0 that allows any user-installed application to determine whether any application is installed on the device given its bundle ID.
375980bf93ee070923c3bb357ef6f80b43ca064d6099d8de7d730edb2ea93c70
Zero day exploit for Gamed on iOS 15.0 that demonstrates information disclosure vulnerabilities.
064f75f646068bb009495ba2efc5724b31cd4cd7265da1713630bea9d23cab50
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
4590890ea9bb9ace4f71ae331785a3a5823232435161960ed5fc86588f331fe9
Red Hat Security Advisory 2021-3666-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, path sanitization, and use-after-free vulnerabilities.
c3e88fe61108ab45d44ef8e7ffedeed0ae53649beffdf3ca315f12cedd7d9b64
Simple Attendance System version 1.0 authentication bypass exploit that adds an administrator.
e4a056c4bf0781532ad19c5a4655a2089555c71ce7492598d7a21cf841394ff6
WordPress Wappointment plugin version 2.2.4 suffers from a persistent cross site scripting vulnerability.
0ec2de8d6b3e7c213f925b6bf7c1a9f7fa2dd529191d328cb5129e5f0ca43245
Backdoor.Win32.Hupigon.afjk malware suffers from a directory traversal vulnerability.
d43696509b1d079ab11a9230faf15e7121c44dabdb639bf4f8f247da5e678d97
CMS Made Simple version 2.1.3 details on how to achieve remote code execution.
7b3459513dec24564aa30a512ffef2b5d1b795047278d892848f4efdab0eb7cc
Library System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Aitor Herrero in January of 2021.
eb854621eb94dfe51e7c8783a6ace3f21838ab76409df3a060deec311572353c
Backdoor.Win32.Hupigon.afjk malware suffers from bypass and code execution vulnerabilities.
3789a2c7b0f6ca3d18975f82d38fd4946423b730c882367fe89c3532b522752b
XAMPP version 7.4.3 suffers from a local privilege escalation vulnerability.
0f5c7877625783cce13ce18ad512bfe8d734d9d56724b3d2d03dd5e65b70849a
Backdoor.Win32.Hupigon.fjcd malware suffers from an unauthenticated open proxy vulnerability.
7de0bdc194e9a195fd15f5c530731f710ddb394ce0942d22da142be4871e92c4
Backdoor.Win32.RmtSvc.l malware suffers from a denial of service vulnerability.
7d8120cf6e5bc376034abd303564b5f0fc177eff78ec31c21e5e6838e9ec741b
Backdoor.Win32.Agent.aer malware suffers from an insecure transit vulnerability that allows for password disclosure.
82907adb2d7ecb4c6e6ea602ffe8c252d98ed152468ed0e2f2d0c16894ca4ad2
Cisco Small Business RV130W version 1.0.3.44 exploit that injects counterfeit routers.
9ed47dde50d98da582e5d59d6001b33156cd31eb809f23d7ab77bd1c630c5a6a
Ether MP3 CD Burner version 1.3.8 suffers from a buffer overflow vulnerability.
38045f1e0ebf2d489d9eb899bc1be79fc0401a50f3e8f8e83b9685b5d8606206
Backdoor.Win32.Agent.aer malware suffers from a denial of service vulnerability.
6b8cd0c45d2977584957ed345ebad70c13f8edd94a144cc645cf10bf595862eb
Trojan-Downloader.Win32.VB.abb malware suffers from an insecure permissions vulnerability.
64e272a1e2097a25247ad10b5a8dcc3752c5438e31d03242bc1673fcdbc280e3
PASS-PHP version 1.0 suffers from remote SQL injection and cross site scripting vulnerabilities.
1145a2df44f5b9647b8ad4207215a93abb5fe637fa0a66c4b4596511a4b1e5f5