Salesforce Community sites can be exploited for data theft and reconnaissance activities by threat actors, due to a misconfiguration flaw.... Read More
It turns out, the American multimedia software giant Adobe that is known for its creative products including Photoshop, Illustrator, Premiere and Acrobat, has a free... Read More
This week, developers Marcus T. and Ammar Askar (llamasoft) have released an exploit called "RootMyRoku" which is capable of achieving persistent root jailbreak on select Roku devices.... Read More
This month, Samsung has fixed multiple high severity vulnerabilities across multiple Samsung apps including Samsung Email. By exploiting this vulnerability (CVE-2021-25375), a remote attacker could access email attachments from your Samsung Email app.... Read More
The Git project has released patches for a severe remote code execution (RCE) vulnerability, CVE-2021-21300 that can be exploited by attackers when their malicious repos are cloned.... Read More
A critical vulnerability CVE-2021-24171 in WooCommerce Upload Files plugin can be exploited through multiple routes like double extension and path traversal attacks.... Read More
This week Apache Flink has disclosed 2 path traversal vulnerabilities CVE-2020-17518 and CVE-2020-17519. Hackers have already posted Proof-of-Concept (PoC) exploits for these bugs.... Read More
A Cross-Site Scripting (XSS) protection bypass technique has been revealed for Cloudflare Web Application Firewall (WAF). The exploit has been publicly known since 2019 but remains unpatched.... Read More
Thousands of Zyxel firewalls and access point controllers contain a secret, undocumented hardcoded password giving anyone admin access through this zero-day.... Read More