Aller au contenu
Skip to CUSTOM_HTML-19
Skip to RECENT-POSTS-2
Skip to SEARCH-2
Skip to CUSTOM_HTML-2
Skip to RSS-5
Skip to RSS-4
Skip to BLOCK-2
Skip to META-2
Skip to LISTPACKAGES-2
Skip to CUSTOM_HTML-6
Skip to CUSTOM_HTML-17
Skip to CUSTOM_HTML-16
Skip to CUSTOM_HTML-11
Skip to CUSTOM_HTML-5
Skip to CUSTOM_HTML-7
Skip to CUSTOM_HTML-8
Skip to AKISMET_WIDGET-2
Skip to CUSTOM_HTML-9
Skip to TAG_CLOUD-2
Skip to ARCHIVES-2
Skip to CUSTOM_HTML-13
Skip to CUSTOM_HTML-18
Skip to CUSTOM_HTML-15
Attention à vos informations.
TNT Sécurité
Attention à vos informations.
Shrunk
Expand
Navigation Principale
Open
Contactez-moi
Page de maintenance
Section Privée
Open
Archives du Blog
blog
ApkToolM
Posté dans
17 janvier 2023 8:13 pm
par
TNT Sécurité
Android
CF-Auto-Root-SGHI337m
Posté dans
25 novembre 2014 2:50 pm
par
TNT Sécurité
Android
Triangleaway-3.26.apk
Posté dans
25 novembre 2014 2:50 pm
par
TNT Sécurité
Android
TNT Hacking World
Articles récents
Comment installer SilverBullet Pro 1.5.8
Comment les Hackers utilisent OpenBullet 2 pour accéder vos comptes.
Comment installer/configurer OpenBullet 2
Comment les hackers créent des combo lists
Burp Suite Pro 2025
Microsoft Office Pro 2024 LTSC
Evil Portal pour envoyer un payload à un client.
Comment contourner Microsoft Defender et établir une session Meterpreter avec persistence.
Téléchargez le ISO de Windows 11
Office 2021 Pro LTSC
Search for:
Exploit Database
Common Vulnerability Database
CVE-2025-47410
18 octobre 2025
High Severity Description Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This issue affects Apache […]
CVE-2025-11926
18 octobre 2025
Medium Severity Description The Related Posts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that […]
CVE-2025-9890
18 octobre 2025
High Severity Description The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on the 'theme_editor_theme' page. This makes it possible for unauthenticated attackers to achieve remote code execution via a forged request granted they can […]
CVE-2025-40001
18 octobre 2025
High Severity Description In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue During the detaching of Marvell's SAS/SATA controller, the original code calls cancel_delayed_work() in mvs_free() to cancel the delayed work item mwq->work_q. However, if mwq->work_q is already running, the cancel_delayed_work() may fail to cancel it. This […]
CVE-2025-40002
18 octobre 2025
High Severity Description In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix use-after-free in tb_dp_dprx_work The original code relies on cancel_delayed_work() in tb_dp_dprx_stop(), which does not ensure that the delayed work item tunnel->dprx_work has fully completed if it was already running. This leads to use-after-free scenarios where tb_tunnel is deallocated by tb_tunnel_put(), […]
Bugtraq
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
16 octobre 2025
Posted by Gynvael Coldwind on Oct 15Vendor Response Pattern Hi Christopher, Vendor is correct with this one. The problem isn't the vendor's site – it's that the browser is already pwned with the malicious browser extension (this is site-agnostic). You've mentioned "No user interaction required beyond normal application usage.", but having "Malicious browser extension" installed […]
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
14 octobre 2025
Posted by Christopher Dickinson via Fulldisclosure on Oct 13Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com CVE Identifiers * CVE-2025-[PENDING] - Excessive Data Exposure / JWT Token Leakage * CVE-2025-[PENDING] - Broken Object Level Authorization (IDOR) * CVE-2025-[PENDING] - Unrestricted Resource Consumption (DoS) Executive Summary This security advisory details three significant vulnerabilities discovered in the Suno.com […]
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
14 octobre 2025
Posted by SBA Research Security Advisory via Fulldisclosure on Oct 13# Checkmk Path Traversal # Link: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250730-01_Checkmk_Path_Traversal ## Vulnerability Overview ## Checkmk in versions before 2.4.0p13, 2.3.0p38 and 2.2.0p46, as well as since version 2.1.0b1 is prone to a path traversal vulnerability in the report scheduler. Due to an insufficient validation of a file name […]
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
14 octobre 2025
Posted by SBA Research Security Advisory via Fulldisclosure on Oct 13# Checkmk Agent Privilege Escalation via Insecure Temporary Files # Link: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250724-01_Checkmk_Agent_Privilege_Escalation_via_Insecure_Temporary_Files ## Vulnerability Overview ## The `win_license` plugin as included in Checkmk agent for Windows versions before 2.4.0p13, 2.3.0p38 and 2.2.0p46, as well as since version 2.1.0b2 and 2.0.0p28 allows low privileged users to […]
CVE-2025-59397 - Open Web Analytics SQL Injection
9 octobre 2025
Posted by Seralys Research Team via Fulldisclosure on Oct 08 Seralys Security Advisory | https://www.seralys.com/research ====================================================================== Title: SQL Injection Vulnerability Product: Open Web Analytics (OWA) Affected: Confirmed on 1.8.0 (older versions likely affected) Fixed in: 1.8.1 Vendor: Open Web Analytics (open-source) Discovered: August 2025 Severity: HIGH CWE: CWE-89: SQL Injection CVE: CVE-2025-59397...
