Skip to main content

Security Advisories

A collection of security advisories disclosed by Evolved Threat researchers.

Apple Music Arbitrary JavaScript Execution

MEDIUM CVE-2024-23829
By Dominik Penner

DESCRIPTION

A vulnerability in Apple Music for Windows allows arbitrary JavaScript execution through maliciously crafted content.

AFFECTING

  • Apple Music • TBD for Windows

Pexip Infinity Connect Arbitrary JavaScript Execution

MEDIUM CVE-2024-25973
By Dominik Penner & Jake Bolam

DESCRIPTION

A vulnerability in Pexip Infinity Connect allows arbitrary JavaScript execution through the application's interface.

AFFECTING

  • Pexip Infinity Connect • 1.13.0 for Windows, macOS, Linux, Android, iOS

Maltego XML External Entity Injection

MEDIUM CVE-2020-35707
By Dominik Penner

DESCRIPTION

A vulnerability in Maltego allows XML external entity injection attacks through malformed input.

AFFECTING

  • Maltego • 4.2.12

KDE Ark Directory Traversal Command Execution

MEDIUM CVE-2019-14743
By Dominik Penner

DESCRIPTION

A vulnerability in KDE Ark allows directory traversal and command execution through malicious archive files.

AFFECTING

  • KDE Ark • 20.08.0