Siemens Desigo PXM Devices Cross-Site Request Forgery (CVE-2022-40179)
A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-...
8.3AI Score
A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-...
8.2AI Score
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2...
7.2AI Score
Summary IBM Java is used by IBM Sterling Connect:Direct FTP+ in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ is impacted by vulnerabilities in IBM Java. IBM Sterling Connect:Direct FTP+ has upgraded IBM Java to versions to 17.0.9.0 for Linux, AIX, and Windows...
7AI Score
0.001EPSS
The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code. This plugin only works...
8.7AI Score
Siemens Desigo PXM Devices Cross-Site Request Forgery (CVE-2022-40180)
A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-...
6AI Score
Siemens Nucleus RTOS-based APOGEE and TALON Products Integer Underflow (CVE-2021-31889)
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2...
8.5AI Score
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the...
9AI Score
A denial-of-service vulnerability exists in the processing of multi- part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the...
8.8AI Score
AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)
IBM SECURITY ADVISORY First Issued: Wed May 8 16:18:28 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/libxml2_advisory6.asc Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)...
7.6AI Score
0.0005EPSS
A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. This...
7.9AI Score
Security Bulletin: AIX is vulnerable to email spoofing due to sendmail (CVE-2023-51765)
Summary Vulnerability in sendmail could allow a remote attacker to spoof an email (CVE-2023-51765). Vulnerability Details ** CVEID: CVE-2023-51765 DESCRIPTION: **Proofpoint sendmail is vulnerable to SMTP smuggling, caused by improper handling of line endings . in an email message. By sending a...
6.9AI Score
0.002EPSS
Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455 Use of Hard-Coded Credentials (CVE-2017-12709)
A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device. This plugin only...
6.2AI Score
Qualys Is Proud to Sign CISA’s Secure by Design Pledge
Cybersecurity leaders in the U.S. are very familiar with the Cybersecurity and Infrastructure Security Agency (CISA) and their important work to keep the internet, our country, and its citizens safe from cyber threats. As part of their efforts, CISA has identified secure by design software as a...
8.3AI Score
About the security content of iOS 17.5 and iPadOS 17.5
About the security content of iOS 17.5 and iPadOS 17.5 This document describes the security content of iOS 17.5 and iPadOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
7.5AI Score
0.001EPSS
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to...
7.5AI Score
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches...
7AI Score
0.0005EPSS
Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return...
7.1AI Score
0.0004EPSS
Rockwell Automation MicroLogix 1400 Buffer Copy Without Checking Size of Input (CVE-2021-22659)
Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer overflow resulting in a...
9AI Score
Exploit for Insertion of Sensitive Information into Log File in Milesight Ur5X Firmware
CVE-2023-43261 - PoC Critical Vulnerability Exposes...
7.9AI Score
0.005EPSS
Watch out for tech support scams lurking in sponsored search results
This blog post was written based on research carried out by Jérôme Segura. A campaign using sponsored search results is targeting home users and taking them to tech support scams. Sponsored search results are the ones that are listed at the top of search results and are labelled "Sponsored"....
7.2AI Score
In the ever-evolving landscape of cybersecurity threats, the battle against malicious bots is a critical concern for web applications. These bots, in addition to their ability to circumvent application security measures, are usually protected with advanced source code protection to prevent the...
7.2AI Score
CVE-2024-30265 Voilà Local file inclusion
Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the.....
6.4AI Score
0.0004EPSS
Microsoft AI “Recall” feature records everything, secures far less
Developing an AI-powered threat to security, privacy, and identity is certainly a choice, but it's one that Microsoft was willing to make this week at its “Build” developer conference. On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology.....
6.8AI Score
Siemens Web Server Login Page of Industrial Controllers Cross-Site Request Forgery (CVE-2022-30694)
The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross- site request forgery attack. This plugin only works with Tenable.ot. Please visit...
5.2AI Score
How implementing a trust fabric strengthens identity and network
The identity security landscape is transforming rapidly. Every digital experience and interaction is an opportunity for people to connect, share, and collaborate. But first, we need to know we can trust those digital experiences and interactions. Customers note a massive rise in the sheer number...
7AI Score
AIX is vulnerable to privilege escalation (CVE-2024-27273)
IBM SECURITY ADVISORY First Issued: Mon May 6 08:12:16 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/kernel_advisory7.asc Security Bulletin: AIX is vulnerable to privilege escalation (CVE-2024-27273)...
6.5AI Score
0.0004EPSS
Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team
Meet Derrick, a Senior Program Manager on the Operational Threat Intelligence team at Microsoft. Derrick’s role involves understanding and roadmapping the complete set of tools that Threat Intel analysts use to collect, analyze, process, and disseminate threat intelligence across Microsoft....
7.2AI Score
Empowering Small Businesses in the Digital Age: A Must-Read Guide to Web Application & API Security
Small and medium-sized businesses have increasingly become reliant on web applications - whether they are developed or procured, to drive their operations, engage customers, and scale their businesses. The increasing reliance on online operations is underscored by 84% of businesses using digital...
7.4AI Score
Exploit for Insufficient Session Expiration in Eclipse Jetty
Eclipse Jetty Canonical Repository...
4.5AI Score
0.002EPSS
New Windows 11 features strengthen security to address evolving cyberthreat landscape
Ahead of the Microsoft Build 2024 conference, we announced a new class of Windows computers, Copilot+ PC. Alongside this exciting new class of PCs, we are introducing important security features and updates that make Windows 11 more secure for users and organizations and give developers the tools.....
7AI Score
US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack
The US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior US government officials. From the executive summary: The Board finds that this intrusion was preventable...
7.2AI Score
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Eclipse Jetty
Eclipse Jetty Canonical Repository...
7.2AI Score
0.001EPSS
EulerOS Virtualization for ARM 64 3.0.2.0 : sssd (EulerOS-SA-2020-1209)
According to the version of the sssd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too...
5.7AI Score
5.7AI Score
0.006EPSS
6.9AI Score
0.004EPSS
SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids...
8AI Score
0.0004EPSS
DedeCMS is the most well-known PHP open source website management system, but also the use of the most users of the PHP class CMS system. Shanghai Zhuozhuo Network Technology Co., Ltd. DedeCMS SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive...
7.9AI Score
Siemens SCALANCE X Switch Devices Buffer Copy Without Checking Size of Input (CVE-2022-26649)
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All...
9.4AI Score
Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. A SQL injection vulnerability exists in the Data Leakage Protection (DLP) system of Beijing Yisetong, which can be exploited by attackers to...
7.8AI Score
Siemens SCALANCE X Switch Devices Buffer Copy Without Checking Size of Input (CVE-2022-26648)
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All...
8.3AI Score
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks
My wife (no stranger to weird types of scams) recently received a fake text message from someone claiming to be New Jersey's E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There....
7.4AI Score
6.8AI Score
0.1EPSS
About the security content of iOS 17.5 and iPadOS 17.5
About the security content of iOS 17.5 and iPadOS 17.5 This document describes the security content of iOS 17.5 and iPadOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
7AI Score
0.001EPSS
A vulnerability in the Web Audio component of Microsoft Edge and Google Chrome browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code A vulnerability in the Skia graphics library of Google...
8.7AI Score
0.001EPSS
Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return...
6.4AI Score
0.0004EPSS
Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. A SQL injection vulnerability exists in the Data Leakage Protection (DLP) system of Beijing Yisetong, which can be exploited by attackers to...
7.8AI Score
‘Operation Endgame’ Hits Malware Delivery Platforms
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort.....
7.1AI Score
On October 30, 2020, I started a article with the words: “Hell is too nice a place for these people.” The subject of this outrage focused on the cybercriminals behind an attack on Finnish psychotherapy practice Vastaamo. Because it was a psychotherapy practice, the records contained extremely...
6.9AI Score
KyLinFortress is an all-in-one Fortress, SSL VPN, Dynamic Password and CA Certificate. COSCO KyLin Technology Company Limited KyLin Barrier Machine suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the...
7.4AI Score