Security Advisories

The Apple Music application for Windows is vulnerable to arbitrary JavaScript execution through the manipulation of content displayed in the application. This could allow an attacker to execute arbitrary code in the context of the application.

A critical vulnerability in BYOB (Bring Your Own Botnet) allows unauthenticated attackers to execute arbitrary code remotely on the system. This vulnerability could allow attackers to take complete control of the affected system.

A high severity vulnerability in the Havoc C2 Team Server allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks. This vulnerability could enable attackers to make arbitrary HTTP requests from the server, potentially leading to internal network enumeration or data exfiltration.

The Pexip Infinity Connect client contains a vulnerability that allows arbitrary JavaScript execution through the application’s interface. This could potentially allow an attacker to execute malicious code in the context of the application.

Multiple critical vulnerabilities in CHAOS RAT allow attackers to execute arbitrary code remotely on affected systems. These vulnerabilities (CVE-2024-30850 and CVE-2024-31839) could allow attackers to gain complete control over systems running CHAOS RAT, potentially leading to unauthorized access, data theft, or system compromise.

Maltego contains an XML external entity (XXE) injection vulnerability that could allow an attacker to read arbitrary files on the system, conduct server-side request forgery (SSRF) attacks, or cause denial of service.