16.8 C


** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes:...

Genexis Platinum-4410 2.1 Authentication Bypass

Genexis Platinum-4410 version 2.1 suffers from an authentication bypass vulnerability. Read more


An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable...


Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter. Read more

CVE-2011-4094 (jara)

Jara 1.6 has a SQL injection vulnerability. Read more

Microsoft Zero-Day Actively Exploited, Patch Forthcoming

CVE-2020-0674 is a critical flaw for most Internet Explorer versions, allowing remote code execution and complete takeover. Read more


SMC D3G0804W devices allow XSS via the SSID field on the WiFi Network Configuration page (after a successful login to the admin account). Read more

Threatpost Poll: Are Published PoC Exploits a Good or Bad Idea?

Are publicly released proof-of-concept exploits more helpful for system defenders -- or bad actors? Read more

Trend Micro Security (Consumer) Arbitrary Code Execution

Trend Micro Security can potentially allow an attacker to use a malicious program to escalate privileges to SYSTEM integrity and obtain persistence on a vulnerable system. Read more


HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access...

Latest article

Framework Developer ‘Ragequits’ Open Source Community, Citing Negative Comments, ‘Very Few Provide Help’

The maintainer of the popular Rust web framework Actix has quit the project -- though he's backed off threats to make its code private...

EFF Defends Bruce Perens Victory Against ‘Open Source Security’ in Appeals Court

Bruce Perens (Slashdot reader #3872) co-founded the Open Source Initiative with Eric Raymond in 1998. (And then left it this January 2nd.) But in...

Realtek SDK Information Disclosure / Code Execution

Realtek SDK based routers suffer from information disclosure, incorrect access control, insecure password storage, code execution, and incorrectly implemented CAPTCHA vulnerabilities. Read more