Recently, a bug bounty hunter discovered that an API key of Starbucks was exposed in a public GitHub repository, and reported the vulnerability through the HackerOne bug bounty platform. This flaw is Starbucks’ highest...
On January 3, 2020, we monitored that mongo-express officially released the CVE-2019-10758 vulnerability warning, with a high vulnerability level. At present, the number of users of mongo-express should be more in the MongoDB admin...
Security researchers have discovered three serious remote code execution vulnerabilities in the Ruckus wireless routers that can be used by hackers to bypass the router and remotely control. It is understood that these vulnerabilities...
Two security researchers, Miguel Mendez Z. — (s1kr10s) and Pablo Pollanco — (secenv) discovered a critical security flaw in the firmware of the D-Link DIR-859 router, unauthenticated RCE, which allows an attacker to take...
Nvidia has released an emergency security update for the GeForce Experience software to all users. The update aims to fix high-risk security vulnerabilities in GeForce Experience components. GeForce Experience is an auxiliary application of...
Recently, the Tencent Blade Team discovered a set of SQLite vulnerabilities called “Magellan 2.0”, allowing hackers to remotely run various malicious programs on the Chrome browser. There are 5 vulnerabilities in this group, numbered...
Hackers can use vulnerabilities (CVE-2019-19781) in Citrix’s Application Delivery Controller (NetScaler ADC) and Gateway (NetScaler Gateway) to sneak into the company’s intranet. The vulnerability was discovered by Mikhail Klyuchnikov of Positive Technologies. It is...
Twitter issued a new security alert. The company said that the security team found a serious security vulnerability in the Twitter app for Android. An attacker could directly access the user’s account information by...
For the jailbreak community, when someone finds a vulnerability that can jailbreak new devices and new versions of iOS, it often makes crackers and developers excited. Shared by @08Tc3wBB, and subsequently verified by security...
On December 17, Microsoft officially released the CVE-2019-1491 vulnerability warning and patch. Microsoft SharePoint is a set of corporate business collaboration platforms from Microsoft. The platform is used to integrate business information and enable...
Recently, Django officially released a security bulletin to fix a security vulnerability. The high-risk vulnerability is CVE-2019-19844. Django’s password-reset form uses a case-insensitive query to retrieve accounts matching the email address requesting the password...
360 Group cooperated with Mercedes-Benz and fixed 19 related potential vulnerabilities in Mercedes-Benz intelligent connected cars. It is reported that this is the first technology company partner selected by Mercedes-Benz worldwide. The Sky-Go Team...
Schneider Electric recently resolved DoS vulnerabilities in Modicon M580, M340, Quantum, and Premium controllers, and stated that all three defects were caused by improper inspections. The three vulnerabilities are: CVE-2019-6857: CVSS v3.0 is 7.5,...
Apple has enhanced parental controls in the latest official version of iOS 13.3, allowing parents to remotely load contact lists on their children ’s devices or restrict communication. Originally, these functions were to prevent...
Recently, researchers have discovered that undocumented features in Intel CPUs allow attackers to manipulate Intel CPU voltages in a controlled manner to trigger calculation errors. This can be used to undermine the security assurances...
Security company Rapid7 has disclosed security vulnerabilities in three children’s smartwatches sold on Amazon. These three children’s smartwatches are the GreaSmart, the Jsbaby, and the Smarturtle for less than$ 40. They are used as...
