Security Advisories
Spending each day immersed in penetration tests and research into the latest threats, our SpiderLabs® experts occasionally discover new vulnerabilities as a part of their work. When that happens, we follow our established disclosure policy which results in published advisories such as these.
Latest Advisory
Advisory Archive
Title
Date
Advisory
Links
Vulnerabilities in Xiaomi Redmi Note 10S and ST54-android-packages-apps-Nfc library
December 22, 2023
TWSL2023-007
192
Default MSSQL Database Password in Natus NeuroWorks EEG Software
November 07, 2023
TWSL2023-006
191
Improper input validation in shadow-utils package utility chfn
April 12, 2023
TWSL2023-004
189
Information Disclosure Vulnerabilities in MoneyLover
February 07, 2023
TWSL2023-003
188
Capture-Replay Vulnerability in Sinilink Wifi Remote Thermostat
January 20, 2023
TWSL2023-001
186
Multiple Vulnerabilities in Oracle Communications Session Border Controller (SBC)
August 23, 2022
TWSL2022-002
184
Authentication Bypass by Capture-replay in DingTian 2 Channel Relay Board/Relay Card
July 12, 2022
TWSL2022-001
183
Privilege Escalation in CrypKey License Software Licensing System
November 04, 2021
TWSL2021-019
182
Authenticated Stored XSS in WordPress Plugin Age Gate
October 06, 2021
TWSL2021-018
181
Multiple Authenticated Stored XSS in WordPress Plugin Inline Related Posts
October 06, 2021
TWSL2021-017
180
Stored XSS in WordPress Plugin Timetable and Event Schedule by MotoPress
August 31, 2021
TWSL2021-016
179
CSRF Vulnerability in WordPress Plugin Comment Link Remove and Other Comment Tools
August 20, 2021
TWSL2021-015
178
Authenticated SQL Injection in WordPress Plugin WP Simple Booking Calendar
August 06, 2021
TWSL2021-014
177
Authenticated SQL Injection in WordPress Plugin Stop Bad Bots
August 06, 2021
TWSL2021-013
176
Vulnerabilities in WordPress Plugin Membership & Content Restriction - Paid Member Subscriptions
August 06, 2021
TWSL2021-012
175
Privacy Issues in Telegram Self-Destruct Feature on macOS
August 05, 2021
TWSL2021-011
174
Remote File Access Vulnerability in ON24 ScreenShare Plugin for macOS
July 21, 2021
TWSL2021-010
173
Persistent Cross-Site Scripting in SolarWinds Serv-U FTP Server
July 06, 2021
TWSL2021-009
172
Code Execution Vulnerability in Huawei Mobile Broadband HL Service
June 02, 2021
TWSL2021-008
171
Stored Authenticated XSS in WordPress Plugin Virtual Robots.txt
March 31, 2021
TWSL2021-004
167
Incorrect SSLv2 rollback protection Vulnerability in OpenSSL
February 18, 2021
TWSL2021-003
166
Weak ACLs Vulnerability in SolarWinds Serv-U FTP Server 15.2.1 on Windows
February 03, 2021
TWSL2021-002
165
Multiple Vulnerabilities in Magic Home Pro Mobile Application
December 15, 2020
TWSL2020-010
162
Multiple Cleartext Protocol Vulnerabilities in WinZip
December 10, 2020
TWSL2020-009
161
Multiple Vulnerabilities in Modicon M221 controllers and EcoStruxure Machine Expert - Basic Programming Software
November 12, 2020
TWSL2020-007
159
Multiple Vulnerabilities in SAP Adaptive Server Enterprise
September 24, 2020
TWSL2020-006
158
Information Disclosure and Denial of Service Vulnerability in IBM Db2
August 20, 2020
TWSL2020-005
157
Memory information leakage vulnerability in Cisco Webex Meetings Windows Client
June 18, 2020
TWSL2020-003
155
Related SpiderLabs Blogs
A Simple Guide to Getting CVEs Published
CrypKey License Service Allows Privilege Escalation
Telegram Self-Destruct? Not Always
SPIDERLABS BLOG
Solarwinds Serv-U 15.2.3 Share URL XSS (CVE-2021-32604)
SPIDERLABS BLOG
Elevate Yourself to Admin in Umbraco CMS 8.9.0 (CVE-2020-29454)
SPIDERLABS BLOG
Insecure Communication in WinZip 24 Could Lead to Malware
SPIDERLABS BLOG