NOTICE

Some features on this website won't work without JavaScript such as theme toggle, search bar, and copy article.

Security Advisories

A collection of security advisories disclosed by Evolved Threat researchers.

All High Medium Low

Apple Music Arbitrary JavaScript Execution

MEDIUM CVE-2024-23829

By Dominik Penner • December 10, 2024

MEDIUM CVE-2024-23829

Apple Music Arbitrary JavaScript Execution

By Dominik Penner • December 10, 2024

DESCRIPTION

A vulnerability in Apple Music for Windows allows arbitrary JavaScript execution through maliciously crafted content.

AFFECTING

Apple Music • TBD for Windows

Pexip Infinity Connect Arbitrary JavaScript Execution

MEDIUM CVE-2024-25973

By Dominik Penner & Jake Bolam • July 1, 2024

MEDIUM CVE-2024-25973

Pexip Infinity Connect Arbitrary JavaScript Execution

By Dominik Penner & Jake Bolam • July 1, 2024

DESCRIPTION

A vulnerability in Pexip Infinity Connect allows arbitrary JavaScript execution through the application's interface.

AFFECTING

Pexip Infinity Connect • 1.13.0 for Windows, macOS, Linux, Android, iOS

Maltego XML External Entity Injection

MEDIUM CVE-2020-35707

By Dominik Penner • August 27, 2020

MEDIUM CVE-2020-35707

Maltego XML External Entity Injection

By Dominik Penner • August 27, 2020

DESCRIPTION

A vulnerability in Maltego allows XML external entity injection attacks through malformed input.

AFFECTING

Maltego • 4.2.12

KDE Ark Directory Traversal Command Execution

MEDIUM CVE-2019-14743

By Dominik Penner • July 30, 2019

MEDIUM CVE-2019-14743

KDE Ark Directory Traversal Command Execution

By Dominik Penner • July 30, 2019

DESCRIPTION

A vulnerability in KDE Ark allows directory traversal and command execution through malicious archive files.

AFFECTING

KDE Ark • 20.08.0