+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2025-04-17 (/Thread-HackerOne-Disclosed-Reports-2025-04-17)
HackerOne disclosed reports - 2025-04-17 - hashXploiter - 04-18-2025
High
resolved
resolved
sys_fsc2h_ctrl kernel stack free
Bug reported by Andy Nguyen was disclosed at April 18, 2025, 6:40 am | Use After Free
The sys_fsc2h_ctrl kernel function can lead to a kernel stack free vulnerability. The vulnerability is caused by a race condition involving multiple threads accessing a local stack buffer. This could potentially result in a privilege escalation.
Medium
resolved
resolved
Reflected XSS Vulnerability in SVG File at area-resources-stg.autodesk.com
Bug reported by Ahmed Nasr was disclosed at April 17, 2025, 1:45 pm | Cross-site Scripting (XSS) - Stored
A reflected cross-site scripting (XSS) vulnerability was found on files stored on an Autodesk AREA server. The vulnerability could have allowed an attacker to inject malicious JavaScript code when the files were viewed by users. Autodesk has fixed the vulnerability.