Aller au contenu
Skip to CUSTOM_HTML-19
Skip to RECENT-POSTS-2
Skip to SEARCH-2
Skip to CUSTOM_HTML-2
Skip to RSS-5
Skip to RSS-4
Skip to BLOCK-2
Skip to META-2
Skip to LISTPACKAGES-2
Skip to CUSTOM_HTML-6
Skip to CUSTOM_HTML-17
Skip to CUSTOM_HTML-16
Skip to CUSTOM_HTML-11
Skip to CUSTOM_HTML-5
Skip to CUSTOM_HTML-7
Skip to CUSTOM_HTML-8
Skip to AKISMET_WIDGET-2
Skip to CUSTOM_HTML-9
Skip to TAG_CLOUD-2
Skip to ARCHIVES-2
Skip to CUSTOM_HTML-13
Skip to CUSTOM_HTML-18
Skip to CUSTOM_HTML-15
Attention à vos informations.
TNT Sécurité
Attention à vos informations.
Shrunk
Expand
Navigation Principale
Open
Contactez-moi
Page de maintenance
Section Privée
Open
Archives du Mois
décembre »
novembre
2013
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Hacker Facebook
2013-11-18 19:58:14
TNT Sécurité
19
20
21
22
23
24
25
26
27
28
29
Vulnérablité UPnP
2013-11-29 21:14:44
TNT Sécurité
30
Est-ce que votre navigateur est sécuritaire ?
2013-11-30 10:16:40
TNT Sécurité
TNT Hacking World
Articles récents
Comment installer SilverBullet Pro 1.5.8
Comment les Hackers utilisent OpenBullet 2 pour accéder vos comptes.
Comment installer/configurer OpenBullet 2
Comment les hackers créent des combo lists
Burp Suite Pro 2025
Microsoft Office Pro 2024 LTSC
Evil Portal pour envoyer un payload à un client.
Comment contourner Microsoft Defender et établir une session Meterpreter avec persistence.
Téléchargez le ISO de Windows 11
Office 2021 Pro LTSC
Search for:
Exploit Database
Common Vulnerability Database
CVE-2026-62387
17 juillet 2026
High Severity Description The Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 shipped Access-Control-Allow-Origin: * as its default CORS configuration on all responses, including authenticated endpoints and preflight (OPTIONS) responses. Because the plugin accepts credentials via the Authorization and X-API-Token headers (set programmatically by JavaScript rather than via cookies), an attacker who obtains a valid access token […]
CVE-2026-62235
17 juillet 2026
Medium Severity Description Grav Flex-Objects before version 1.4.3 contains a broken access control vulnerability in the admin-next REST API that allows authenticated users with only api.access permission to perform unauthorized CRUD operations on permission-less directories. Attackers with api.access credentials can create, read, update, delete, and export objects from any directory lacking an explicit permissions configuration, […]
CVE-2026-62236
17 juillet 2026
Medium Severity Description grav-plugin-login before 3.8.11 contains a cross-site request forgery (CSRF) vulnerability in the login.regenerate2FASecret frontend task, which regenerates and persists a new TOTP secret for the authenticated session user without any anti-CSRF nonce or Origin/Referer check. Because Grav core dispatches the task from the GET 'task:' URI parameter and the default session cookie […]
CVE-2026-62237
17 juillet 2026
Medium Severity Description Grav before 2.0.4 contains a regular expression denial of service (ReDoS) vulnerability in the regex_replace filter and function, which are allowlisted in the Twig content sandbox. When Twig processing in page content is enabled (security.twig_content.process_enabled: true, disabled by default), an authenticated page editor can supply a catastrophically backtracking PCRE pattern that is […]
CVE-2026-62238
17 juillet 2026
High Severity Description OpenRemote before 1.26.0 contain an authenticated SQL injection vulnerability in the datapoint crosstab export endpoint that constructs PostgreSQL queries by concatenating asset display names into raw SQL. An authenticated attacker with asset creation or rename permissions can inject SQL through the asset name parameter and receive query results in the exported CSV […]
Bugtraq
[NotCVE-2026-0001] Cloudflare Universal SSL CAA augmentation weakens RFC 8657 account binding — CVE-2026-14440 assigned 163 days after public no-CVE disclosure
16 juillet 2026
Posted by NotCVE Advisories on Jul 15---------------------------------------------------------------------------- NotCVE Disclosure Update — NotCVE-2026-0001 / CVE-2026-14440 ---------------------------------------------------------------------------- [-] Summary: On 2026-01-19 the issue described below was published as NotCVE-2026-0001 after no CVE identifier was assigned for it. On 2026-07-01 — 163 days later — Cloudflare assigned CVE-2026-14440 to the same issue, now...
Subject: Advisory Submission: EZ Game Booster - Cleartext Storage of Sensitive Credentials (CWE-312)
16 juillet 2026
Posted by AliReza on Jul 15# Exploit Title: EZ Game Booster v1.0.0 - Cleartext Credentials in user.config # Date: 2026-07-16 # Exploit Author: Alireza Chegini # Vendor Homepage: https://ezsystemrepairs.com # Software Link: https://ezsystemrepairs.com (Free version available) # Version: 1.0.0 (v2.0 exists but not tested - paid license required) # Tested on: Windows 10 / Windows […]
CVE-2026-56877 - Skillable SCORM userId authorisation bypass
16 juillet 2026
Posted by Greg via Fulldisclosure on Jul 15Skillable's SCORM lab launch endpoint validates a launch token but enforces per-user allocation limits using a browser-supplied userId that is not bound to the validated token. An authenticated learner can modify this identifier to bypass configured limits, launch concurrent lab instances, and consume another learner's allocation. Skillable states […]
[REVIVE-SA-2026-003] Revive Adserver Vulnerabilities
9 juillet 2026
Posted by Matteo Beccati on Jul 08======================================================================== Revive Adserver Security Advisory REVIVE-SA-2026-003 ------------------------------------------------------------------------ https://www.revive-adserver.com/security/revive-sa-2026-003 ------------------------------------------------------------------------ Date: 2026-06-25 Risk Level: Medium to High Applications affected: Revive Adserver Versions...
OPNsense XPATH Injection (CVE-2026-53582)
7 juillet 2026
Posted by evan on Jul 06SUMMARY: a stored XPATH injection allows any user with just ca manager/certificate manager perms to leak any secret key/any value in config.xml, thus achieving privilege escalation and potentially remote code execution. this can also likely be chained via csrf and some clever hiding. see https://github.com/opnsense/core/security/advisories/GHSA-xww7-76m6-mh2r == VULN == the primary […]