Aller au contenu
Skip to CUSTOM_HTML-19
Skip to RECENT-POSTS-2
Skip to SEARCH-2
Skip to CUSTOM_HTML-2
Skip to RSS-5
Skip to RSS-4
Skip to BLOCK-2
Skip to META-2
Skip to LISTPACKAGES-2
Skip to CUSTOM_HTML-6
Skip to CUSTOM_HTML-17
Skip to CUSTOM_HTML-16
Skip to CUSTOM_HTML-11
Skip to CUSTOM_HTML-5
Skip to CUSTOM_HTML-7
Skip to CUSTOM_HTML-8
Skip to AKISMET_WIDGET-2
Skip to CUSTOM_HTML-9
Skip to TAG_CLOUD-2
Skip to ARCHIVES-2
Skip to CUSTOM_HTML-13
Skip to CUSTOM_HTML-18
Skip to CUSTOM_HTML-15
Attention à vos informations.
TNT Sécurité
Attention à vos informations.
Shrunk
Expand
Navigation Principale
Open
Contactez-moi
Page de maintenance
Section Privée
Open
Archives du Mois
« octobre
novembre »
octobre
2016
1
2
3
4
5
6
7
8
9
10
11
Comment se protéger contre Windows 10
2016-10-11 13:42:58
TNT Sécurité
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
TNT Hacking World
Articles récents
Comment installer SilverBullet Pro 1.5.8
Comment les Hackers utilisent OpenBullet 2 pour accéder vos comptes.
Comment installer/configurer OpenBullet 2
Comment les hackers créent des combo lists
Burp Suite Pro 2025
Microsoft Office Pro 2024 LTSC
Evil Portal pour envoyer un payload à un client.
Comment contourner Microsoft Defender et établir une session Meterpreter avec persistence.
Téléchargez le ISO de Windows 11
Office 2021 Pro LTSC
Search for:
Exploit Database
Common Vulnerability Database
CVE-2026-0385
13 mars 2026
Medium Severity Description Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability Read more at https://www.tenable.com/cve/CVE-2026-0385
CVE-2026-32732
13 mars 2026
Info Severity Description Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as unescaped HTML. The issue […]
CVE-2026-32729
13 mars 2026
High Severity Description Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials (via phishing, credential stuffing, or data breach) can brute-force the 6-digit TOTP code to completely bypass two-factor authentication. […]
CVE-2026-32724
13 mars 2026
Medium Severity Description PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available() function. The issue is caused by a race condition between the MAVLink receiver thread (which handles shell creation/destruction) and the telemetry sender thread (which polls the shell for available output). The issue is […]
CVE-2026-3227
13 mars 2026
High Severity Description A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root […]
Bugtraq
JSON Deserialiser Unconstrained Resource Consumption Quick Overview
12 mars 2026
Posted by Daniel Owens via Fulldisclosure on Mar 12As previously mentioned, via "Struts2 and Related Framework Array/Collection DoS" (26 October 2025), hundreds of JavaScript object notation (JSON) libraries are vulnerable to unconstrained resource consumption through large JSON arrays, which, when deserialised, create arbitrarily large collections/arrays/data structures. This work looks specifically at the Apache Struts2 JSON […]
Defense in depth -- the Microsoft way (part 96): yet another SAFER (SRPv1) and AppLocker (SRPv2) loophole
12 mars 2026
Posted by Stefan Kanthak via Fulldisclosure on Mar 12Hi @ll, about 2 months ago I posted "Defense in depth -- the Microsoft way (part 94): SAFER (SRPv1 and AppLocker alias SRPv2) bypass for dummies" Here's the continuation... About 23 years ago, 64-bit Windows introduced the WoW64 subsystem, which performs a transpatent redirection of file system […]
Alipay DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 17 Vulns, 6 CVEs (CVSS 9.3)
12 mars 2026
Posted by Feng Ning via Fulldisclosure on Mar 12Subject: Alipay DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 17 Vulns, 6 CVEs (CVSS 9.3) # Alipay DeepLink + JSBridge Attack Chain # Silent GPS Exfiltration via Crafted URL ## Overview Researcher: Jiqiang Feng / Innora AI Security Research Vendor: Ant Group (蚂蚁集团) / Alibaba Group Product: Alipay […]
Cohesity TranZman Migration Appliance - 5 CVEs (command injection, LPE, unsigned patches, weak crypto)
12 mars 2026
Posted by GregD via Fulldisclosure on Mar 12Hi, I'm disclosing five vulnerabilities discovered during an authorised security assessment of the Cohesity TranZman Migration Appliance (formerly Stone Ram TranZman), Release 4.0 Build 14614. CVE-2025-67840 - Web API Command Injection (CVSS 7.2 High) The /api/v1/scheduler/run and /api/v1/actions/run endpoints allow authenticated administrators to execute arbitrary commands as root […]
APPLE-SA-03-11-2026-2 iOS 15.8.7 and iPadOS 15.8.7
12 mars 2026
Posted by Apple Product Security via Fulldisclosure on Mar 12APPLE-SA-03-11-2026-2 iOS 15.8.7 and iPadOS 15.8.7 iOS 15.8.7 and iPadOS 15.8.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/126632. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Kernel Available for: iPhone 6s […]