Skip to content Skip to sidebar Skip to footer

Show HN: Eliminating Vulnerability False Positives Through Code Analysis by abhisek

vet can identify dependency usage in your code using static code analysis. It is useful when dealing with vulnerabilities so that you can prioritise only those dependencies you’ve actually used in your code. Demo Usage Create a code analysis database with code context including dependency usage evidences (enabled by default) for source code in src/

ByHackTechMarch 4, 20250Comments

News

KeePassXC Vulnerability CVE-2023-35866 by donutshop

KeePassXC, a modern and secure password manager, is the bulwark of choice for many who demand the utmost security in managing their personal data. However, every fortress has its weakness. A recent vulnerability was discovered in KeePassXC: CVE-2023-35866.Before we examine the fault lines, let’s understand the fortress itself. KeePassXC is an open-source password manager compatible

ByHackTechJune 19, 20230Comments

News

Critical vulnerability in progress MoveIt Transfer by anigbrowl

June 1, 2023 On May 31, 2023, Progress Software released a security bulletin concerning a critical vulnerability within MOVEit Transfer, a widely used secure file transfer system. According to Shodan, over 2500 servers running this software are on the Internet. TrustedSec has performed analysis on the vulnerability and post-exploitation activities. At the time of publication

ByHackTechJune 1, 20230Comments

News

What if we had the SockPuppet vulnerability in iOS 16? by interpol_p

Posted by Apple Security Engineering and Architecture (SEAR)Our initial post about memory safety enhancements in the XNU kernel focused on kalloc_type — our new allocation API which provides randomized, bucketed type isolation to mitigate the exploitability of most use-after-free (UAF) vulnerabilities. In this post, we examine the practical effectiveness of kalloc_type against an illustrative vulnerability

ByHackTechMay 24, 20230Comments

News

Critical Nexx Vulnerability Allows Hackers to Remotely Open Garage Doors by TCT2022

A security researcher recently disclosed several vulnerabilities in Nexx smart devices that could allow an attacker to control garage doors, disable home alarms, and access sensitive information. The five security issues range in severity from medium to critical, and the vendor has yet to acknowledge and fix them. The most significant vulnerability discovered is the

ByHackTechApril 5, 20230Comments

News

Rails – XSS Vulnerability in Action View by oriettaxx

tenderlove (Aaron Patterson) April 26, 2022, 7:42pm #1 There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash keys can lead to a possible XSS vulnerability. This vulnerability has been assigned the CVE identifier CVE-2022-27777. Versions Affected: ALL Not affected: NONE Fixed Versions: 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1 Impact If…

ByHackTechMay 1, 20220Comments

Sign Up to Our Newsletter