Latest News

Exploit Title: Reflected XSS in Elaine's Realtime CRM Automation v6.18.17 CVE-2024-42831

A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser

Read More

CVE-2024-36401 (GeoServer RCE)

CVE-2024-36401 is a critical Remote Code Execution vulnerability in GeoServer, specifically targeting the Web Feature Service (WFS) endpoint. By sending a specially crafted GET request, an attacker can execute arbitrary Java code via the valueReference parameter of a WFS request. This allows attackers to run system-level commands remotely on the server.

Read More