BestHub
Sign in
Tag

Security Vulnerability

1 views collected around this technical thread.

IT Services Circle
IT Services Circle
May 15, 2025 · Information Security

Critical RDP Vulnerability Allows Persistent Access with Revoked Microsoft/Azure Passwords

A newly disclosed critical vulnerability in Windows Remote Desktop Protocol (RDP) lets attackers bypass cloud authentication and maintain permanent access using revoked Microsoft or Azure account passwords, even after password changes, while Microsoft treats the issue as a design decision rather than a bug.

AuthenticationAzureMicrosoft
0 likes · 5 min read
Critical RDP Vulnerability Allows Persistent Access with Revoked Microsoft/Azure Passwords
IT Services Circle
IT Services Circle
Nov 19, 2024 · Information Security

QQ and TIM Crash Caused by QQ NT Kernel Vulnerability and Recommended Mitigation Steps

A widespread crash affecting QQ and TIM on Windows, iOS, and Android was caused by a vulnerability in the QQ NT kernel that allowed malicious code in group file previews to trigger the failure, and users are advised to clean chat records or await server-side fixes.

QQQQ NT kernelSecurity Vulnerability
0 likes · 5 min read
QQ and TIM Crash Caused by QQ NT Kernel Vulnerability and Recommended Mitigation Steps
php中文网 Courses
php中文网 Courses
Dec 8, 2023 · Information Security

Critical Bluetooth Vulnerability CVE-2023-45866 Affects Android, iOS, Linux, and macOS

A high‑severity Bluetooth vulnerability (CVE‑2023‑45866) discovered by SkySafe researcher Marc Newlin allows attackers to bypass authentication, pair a fake keyboard, and execute code on Android, iOS, Linux, and macOS devices, with Google’s December Android security update already addressing the issue.

AndroidBluetoothCVE-2023-45866
0 likes · 2 min read
Critical Bluetooth Vulnerability CVE-2023-45866 Affects Android, iOS, Linux, and macOS
php中文网 Courses
php中文网 Courses
Nov 16, 2023 · Information Security

Security Risks of OpenAI's ChatGPT Code Interpreter Tool

OpenAI's new ChatGPT Code Interpreter, which can generate and run Python code in a sandbox, has been shown to allow malicious actors to exploit spreadsheet handling and command execution features, raising serious information‑security concerns among experts.

AIChatGPTCode Interpreter
0 likes · 2 min read
Security Risks of OpenAI's ChatGPT Code Interpreter Tool
IT Services Circle
IT Services Circle
Apr 25, 2023 · Information Security

WeChat Crash via Malformed QR Code: Technical Analysis and Reproduction

Researchers discovered that a specially crafted QR code triggers a memory leak in WeChat’s OCR engine, causing the app to crash on both mobile and desktop platforms; the article explains the underlying bug, provides detailed decoding analysis, and shares Python code to reproduce the malformed QR code.

PythonQR codeSecurity Vulnerability
0 likes · 8 min read
WeChat Crash via Malformed QR Code: Technical Analysis and Reproduction
Laravel Tech Community
Laravel Tech Community
Sep 26, 2022 · Information Security

Privilege Escalation Vulnerability in Visual Studio Code < 1.71.1 (CVE-2022-38020)

Visual Studio Code versions prior to 1.71.1 contain a privilege‑escalation flaw where a low‑privileged Windows attacker can place a malicious bash.exe in a special directory, causing the editor to load and execute the file, and the issue is fixed by upgrading to version 1.71.1 or later.

CVE-2022-38020PatchPrivilege Escalation
0 likes · 2 min read
Privilege Escalation Vulnerability in Visual Studio Code < 1.71.1 (CVE-2022-38020)
IT Services Circle
IT Services Circle
May 31, 2022 · Information Security

HarmonyOS 3.0 Internal Testing Delays, Elderly‑Friendly Rating, Crash Service Feature, and AppGallery Security Vulnerability Overview

The article reviews the postponed internal testing of HarmonyOS 3.0, highlights its top elderly‑friendly rating, introduces a new crash‑reporting service, and details a discovered AppGallery vulnerability that allows free downloading of paid apps, providing a concise security‑focused overview of recent Huawei developments.

AppGalleryCrash ReportingElderly-friendly
0 likes · 5 min read
HarmonyOS 3.0 Internal Testing Delays, Elderly‑Friendly Rating, Crash Service Feature, and AppGallery Security Vulnerability Overview
IT Services Circle
IT Services Circle
Feb 3, 2022 · Information Security

Linus Torvalds' GitHub README Prank and the Underlying Fake‑Commit Vulnerability

On January 25, Linus Torvalds posted a prank README on the Linux GitHub repository titled “delete linux because it sucks,” which exposed a “fake‑commit” vulnerability allowing arbitrary pages to be served via specially crafted URLs, highlighting ongoing security issues in GitHub’s handling of commits and email‑based impersonation.

GitHubLinus TorvaldsSecurity Vulnerability
0 likes · 4 min read
Linus Torvalds' GitHub README Prank and the Underlying Fake‑Commit Vulnerability
Java Architect Essentials
Java Architect Essentials
Dec 30, 2021 · Information Security

Log4j2 Vulnerability and Logback Security: Remediation Recommendations

This article outlines the Log4j2 security vulnerability, notes that Logback shares the same flaw, and provides comprehensive remediation advice—including upgrading to Log4j2 2.17, coordinating development and security teams, testing environments, JDK updates, and consulting professional security services.

LogbackPatch UpgradeSecurity Vulnerability
0 likes · 5 min read
Log4j2 Vulnerability and Logback Security: Remediation Recommendations
Architecture Digest
Architecture Digest
Dec 21, 2021 · Information Security

Apache Log4j2 Remote Code Execution Vulnerability Exploitation Guide

This article introduces Apache Log4j2, explains the remote code execution vulnerability caused by unsafe JNDI lookups, provides step‑by‑step environment setup, PoC code, exploitation instructions, and outlines official patches and temporary mitigation measures for developers and security engineers.

JavaMitigationRemote Code Execution
0 likes · 5 min read
Apache Log4j2 Remote Code Execution Vulnerability Exploitation Guide
Architecture Digest
Architecture Digest
Jan 18, 2021 · Information Security

Authentication Bypass Vulnerability in Nacos 1.4.1 (User‑Agent and Server Identity)

The article analyzes a bypass flaw in Nacos 1.4.1 where the serverIdentity key‑value authentication can be evaded by crafting URLs with a trailing slash, allowing attackers to list, create, and log in as users despite the intended security checks.

Authentication BypassNacosSecurity Vulnerability
0 likes · 8 min read
Authentication Bypass Vulnerability in Nacos 1.4.1 (User‑Agent and Server Identity)
Java Architecture Diary
Java Architecture Diary
Jan 15, 2021 · Information Security

How to Exploit and Patch the Nacos Authentication Bypass Vulnerability (v1.2‑v1.4)

This article explains the Nacos authentication bypass vulnerability affecting versions 1.2‑1.4, how attackers can exploit whitelist headers to gain unauthorized access, the widespread exposure revealed by Zoomeye scans, and the official remediation steps including upgrading to v1.4.1 and disabling the UA whitelist.

Authentication BypassNacosPatch
0 likes · 3 min read
How to Exploit and Patch the Nacos Authentication Bypass Vulnerability (v1.2‑v1.4)
FunTester
FunTester
Jun 1, 2020 · Information Security

Fastjson <=1.2.68 Remote Code Execution Vulnerability and Mitigation Recommendations

Tencent Cloud Security reports that Fastjson versions up to 1.2.68 contain a high‑risk remote code execution vulnerability exploitable via the autotype feature, allowing attackers to gain server system privileges, and recommends immediate updates, enabling SafeMode, or replacing the library with alternatives such as Jackson‑databind or Gson.

JavaPatchRemote Code Execution
0 likes · 3 min read
Fastjson <=1.2.68 Remote Code Execution Vulnerability and Mitigation Recommendations
360 Quality & Efficiency
360 Quality & Efficiency
Jan 22, 2018 · Information Security

High‑Risk Android WebView Cross‑Origin Access Vulnerability – Description, Impact, Detection, and Mitigation

A security bulletin released on January 9 2018 details a critical Android WebView cross‑origin vulnerability that can expose user privacy data and credentials, outlines its widespread impact on many apps, and provides detection tools and concrete remediation steps for developers.

AndroidCross-OriginMitigation
0 likes · 4 min read
High‑Risk Android WebView Cross‑Origin Access Vulnerability – Description, Impact, Detection, and Mitigation