Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G Firmware
Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...
8.8CVSS
8.9AI Score
0.005EPSS
Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G Firmware
Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...
8.8CVSS
8.9AI Score
0.005EPSS
File Upload Vulnerability in Qixingchen Tianyue Network Security Audit System
Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A file upload vulnerability exists in Tianyue Network Security Audit System, which can be...
7.3AI Score
7.3AI Score
7.3AI Score
9.8CVSS
9.8AI Score
0.973EPSS
Shopify: IDOR on GraphQL queries BillingDocumentDownload and BillDetails
Summary: An IDOR on the BillingInvoice id on both BillingDocumentDownload and BillDetails graphql operations are leaking other merchants' ██████: email full address content of their invoice last 4 digits of credit card + type of credit card OR paypal email shop impacted Shops Used to Test:...
7AI Score
Exploit for Path Traversal in Fit2Cloud Jumpserver
CVE-2023-42819 CVE-2023-42819 漏洞说明 JumpServer 任意文件写入漏洞...
8.9CVSS
8.9AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.003EPSS
Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of network operation behaviors in business environments. A command execution vulnerability exists in the Tianyue Network Security Audit System of Qixing Information Technology Group Co., Ltd,.....
7.9AI Score
9.8CVSS
9.9AI Score
0.973EPSS
9.9AI Score
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Fit2Cloud Jumpserver
CVE-2023-42820 CVE-2023-42820 漏洞说明 JumpServer 密码重置漏洞...
8.2CVSS
8.3AI Score
0.0005EPSS
9.8CVSS
9.7AI Score
0.899EPSS
Exploit for Untrusted Pointer Dereference in Microsoft
产生原因:对比202209和202307的AFD.sys,在函数AfdNotifyRemoveIOCompletion中,202......
7.8CVSS
7.5AI Score
0.003EPSS
Electron_shell Developing a more covert Remote Access Trojan (RAT) tool by leveraging Electron's features for command injection and combining it with remote control methods. Read More: [AOH 024]探索将Shell寄生于Electron程序的自动化实现 Features Supports almost all operating systems mac linux windows ...
7.9AI Score
Exploit for Vulnerability in Fit2Cloud Jumpserver
CVE-2023-42820 漏洞描述 JumpServer 是一款广受欢迎的开源堡垒机,是符合 4A...
8.3AI Score
0.0005EPSS
Arbitrary File Read Vulnerability in ECS Intelligent Logistics Unattended System
ECS Intelligent Logistics Unattended System is an intelligent information platform for the unified control of raw material procurement, finished product sales and in-plant logistics for process manufacturing enterprises. There is an arbitrary file read vulnerability in the ECS Intelligent...
6.8AI Score
Are You Willing to Pay the High Cost of Compromised Credentials?
Weak password policies leave organizations vulnerable to attacks. But are the standard password complexity requirements enough to secure them? 83% of compromised passwords would satisfy the password complexity and length requirements of compliance standards. That's because bad actors already have.....
6.7AI Score
Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys
Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype said it has discovered 14 different npm packages so far:...
6.5AI Score
Malicious code in paypal-validators (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (ebc6b081257d4c572b2609876f97c2068316a5023ba3ed2acc567fbca9e0f2eb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
6.8AI Score
Leyka < 3.30.7.1 - Subscriber+ Sensitive Information Disclosure
Description The plugin is vulnerable to Sensitive Information Exposure via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and...
6.5CVSS
6.2AI Score
0.0005EPSS
The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank.....
6.5CVSS
5.4AI Score
0.0005EPSS
The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank.....
6.5CVSS
6.5AI Score
0.0005EPSS
The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank.....
6.5CVSS
6.5AI Score
0.0005EPSS
The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank.....
5.3CVSS
6.5AI Score
0.0005EPSS
Exploit for Classic Buffer Overflow in Notepad-Plus-Plus Notepad++
CVE-2023-40031 notepad++堆缓冲区溢出漏洞CVE-2023-40031 分析与复现 漏洞概述...
7.8CVSS
7.6AI Score
0.001EPSS
Smart chastity device exposes sensitive user data
A security breach or piece of inadvertent exposure can be a devastating thing, not just for the company impacted but also the people whose data is stolen or exposed to the world. The usual roll-call of "name, address, phone number and card details" is bad enough. If such things are tied to...
6.6AI Score
Exploit for SQL Injection in Tongda2000 Tongda Office Anywhere
CVE-2023-4166 fofa:通达 OA python3 CVE-2023-4165.py -h ...
9.8CVSS
7.3AI Score
0.001EPSS
Exploit for SQL Injection in Tongda2000 Tongda Office Anywhere
CVE-2023-4165 fofa:通达 OA python3 CVE-2023-4165.py -h...
9.8CVSS
9.7AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 21, 2023 to August 27, 2023)
Last week, there were 43 vulnerabilities disclosed in 38 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 23 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
7.5CVSS
7AI Score
EPSS
Exploit for Path Traversal in Stagil Stagil Navigation
Jira plugin STAGIL Navigation FileName参数的任意文件读取漏洞POC脚本...
7.5CVSS
7.1AI Score
0.183EPSS
9.8CVSS
9.9AI Score
0.964EPSS
大华智慧园区综合管理平台publishing文件上传 POC 安装依赖 ``` pip install...
9.8CVSS
7.1AI Score
0.029EPSS
Exploit for Path Traversal in Lanproxy Project Lanproxy
Lanproxy 目录遍历漏洞 CVE-2021-3019 漏洞描述...
7.5CVSS
7.1AI Score
0.009EPSS
7.5CVSS
7.1AI Score
0.021EPSS
7.5CVSS
7.1AI Score
0.021EPSS
Command Execution Vulnerability in WPS Windows Edition of Zhuhai Kingsoft Office Software Co.
WPS is an office software. A command execution vulnerability exists in WPS Windows Edition of Zhuhai Kingsoft Office Software Limited, which can be exploited by attackers to execute arbitrary...
8AI Score
Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A command execution vulnerability exists in Tianyue Network Security Audit System, which can be...
7.6AI Score
7.8CVSS
8.2AI Score
0.214EPSS
Command Execution Vulnerability in Qixingchen Tianyue Network Security Audit System
Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A command execution vulnerability exists in Tianyue Network Security Audit System, which can be...
7.6AI Score
Smartbi windowUnloading Authentication Bypass Vulnerability
Smartbi is a one-stop big data analytics platform. An authentication bypass vulnerability exists in Smartbi windowUnloading, which can be exploited by an attacker to obtain system user credentials and execute remote...
7.2AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 14, 2023 to August 20, 2023)
Last week, there were 64 vulnerabilities disclosed in 67 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
9.8CVSS
7.9AI Score
EPSS
Intelligent logistics unattended system is an intelligent information platform for the unified control of raw material procurement, finished product sales and in-plant logistics for process manufacturing enterprises. There is a file upload vulnerability in the Intelligent Logistics Unattended...
6.9AI Score
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
CVE-2023-28432 CVE-2023-28432检测工具 1、启动使用方法:...
7.5CVSS
7.9AI Score
0.865EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 7, 2023 to August 13, 2023)
Last week, there were 86 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....
9.8CVSS
8.5AI Score
EPSS
Qixing Information Technology Group Corporation is an enterprise mainly engaged in technology promotion and application service industry. A command execution vulnerability exists in the Sky Mirror Web Application Inspection System of Qixing Information Technology Group Co. that can be exploited by....
7.3AI Score
Discord.io confirms theft of 760,000 members' data
Discord.io was/is a third party service that enables owners of Discord servers to create customized, personal Discord invites. After a preview of Discord.io's users database was posted on BreachForums, the owners have decided to shut down all Discord.io services "for the foreseeable future."...
7.3AI Score
Remote Code Execution Vulnerability in WPS Office of Zhuhai Kingsoft Office Software Co.
WPS Office is an office software suite from Zhuhai Kingsoft Office Software Co. A remote code execution vulnerability exists in WPS Office of Zhuhai Kingsoft Office Software Co. Ltd, which can be exploited by attackers to gain server...
8.1AI Score
Interpol Busts Phishing-as-a-Service Platform '16Shop,' Leading to 3 Arrests
Interpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan. 16Shop specialized in the sales of phishing kits that other cybercriminals can purchase to mount phishing attacks on a large scale,....
6.6AI Score