An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM...
4.4CVSS
4.4AI Score
0.0004EPSS
An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM...
4.4CVSS
4.3AI Score
0.0004EPSS
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM...
4.4CVSS
4.4AI Score
0.0004EPSS
Siemens OpenSSL Affected Industrial Products (Update E)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
8.3AI Score
0.013EPSS
Siemens Industrial Products (Update C)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
7.8AI Score
0.004EPSS
Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update K)
EXECUTIVE SUMMARY --------- Begin Update K Part 1 of 2 --------- CVSS v3 8.8 --------- End Update K Part 1 of 2 --------- ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK Vulnerability: Unquoted Search Path or Element 2. UPDATE...
6.7CVSS
7AI Score
0.0004EPSS
MSMAP - Memory WebShell Generator
Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer and Management Clients. 简体中文 The idea behind I, The idea behind II...
0.1AI Score
The state of cryptojacking in the first three quarters of 2022
Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Although finance experts and retail investors estimate crypto to have a solid chance of recovery in the long term, at the time of writing this report the prices remain low. However, cybercriminals are...
AI Score
Security update for the Linux Kernel (important)
An update that solves 32 vulnerabilities, contains two features and has 84 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2016-3695: Fixed an issue inside the...
8.8CVSS
-0.4AI Score
0.01EPSS
Security update for the Linux Kernel (important)
An update that solves 17 vulnerabilities, contains one feature and has 29 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users...
8.8CVSS
0.3AI Score
0.01EPSS
Security update for the Linux Kernel (important)
An update that solves 26 vulnerabilities, contains two features and has 89 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-39190: Fixed an issue that was...
7.8CVSS
-0.1AI Score
0.01EPSS
This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the...
9.8CVSS
9.4AI Score
0.004EPSS
CVE-2022-23768 Neo Information Sys. NIS-HAP11AC remote access and manipulation vulnerability
This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the...
8.8CVSS
9.7AI Score
0.004EPSS
neo-mart.net Cross Site Scripting vulnerability OBB-2906446
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.2AI Score
EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: UMC Stack Vulnerabilities: Unquoted Search Path or Element, Uncontrolled Resource Consumption, Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a...
8.2CVSS
7.5AI Score
0.003EPSS
Siemens OpenSSL Vulnerabilities in Industrial Products (Update B)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
5.9CVSS
7.2AI Score
0.005EPSS
A Retrospective on the 2015 Ashley Madison Breach
It's been seven years since the online cheating site AshleyMadison.com was hacked and highly sensitive data about its users posted online. The leak led to the public shaming and extortion of many Ashley Madison users, and to at least two suicides. To date, little is publicly known about the...
-0.4AI Score
Fully Undetected Grabber (Grabs Wallets, Passwords, Cookies, Modifies Discord Client Etc.) Features Stealer Discord Token Discord Info - Username, Phone number, Email, Billing, Nitro Status & Backup Codes Discord Friends with rare badges Grabs crypto wallets Zcash Armory Bytecoin Jaxx Exodus...
0.1AI Score
Russia Creates Malware False-Flag App
The Russian hacking group Turla released an Android app that seems to aid Ukrainian hackers in their attacks against Russian networks. It's actually malware, and provides information back to the Russians: The hackers pretended to be a "community of free people around the world who are fighting...
1.5AI Score
Why 8kun Went Offline During the January 6 Hearings
The latest Jan. 6 committee hearing on Tuesday examined the role of conspiracy theory communities like 8kun[.]top and TheDonald[.]win in helping to organize and galvanize supporters who responded to former President Trump's invitation to "be wild" in Washington, D.C. on that chaotic day. At the...
1.1AI Score
Siemens TIA Administrator (Update A)
EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATICS PCS neo (Admin Console), SINTEPLAN, TIA Portal Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory...
7.5CVSS
7.7AI Score
0.002EPSS
neo-heidelberg.de Cross Site Scripting vulnerability OBB-2700641
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
10AI Score
0.002EPSS
Meet the Administrators of the RSOCKS Proxy Botnet
Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the "RSOCKS" botnet, a collection of millions of hacked devices that were sold as "proxies" to cybercriminals looking for ways to route their malicious traffic through someone else's computer....
0.3AI Score
IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID=...
9.8CVSS
0.002EPSS
IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID=...
9.8CVSS
9.9AI Score
0.002EPSS
IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID=...
9.8CVSS
9.8AI Score
0.002EPSS
IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID=...
10AI Score
0.002EPSS
Malicious code in neo-savant (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (269f6641d9eb5c43ea9441f3fe764f0ac3ee148fb8d52084b63c7c61bccf8b18) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
KrebsOnSecurity in New Netflix Series on Cybercrime
Netflix has a new documentary series airing next week -- "Web of Make Believe: Death, Lies & the Internet" -- in which Yours Truly apparently has a decent amount of screen time. The debut episode explores the far-too-common harassment tactic of "swatting" -- wherein fake bomb threats or hostage...
AI Score
Ransomware-Simulator - Ransomware Simulator Written In Golang
The goal of this repository is to provide a simple, harmless way to check your AV's protection on ransomware. This tool simulates typical ransomware behaviour, such as: Staging from a Word document macro Deleting Volume Shadow Copies Encrypting documents (embedded and dropped by the simulator...
-0.1AI Score
Security update for the Linux Kernel (important)
An update that solves 16 vulnerabilities, contains 6 features and has 25 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2020-27835: Fixed a use after free...
8.8CVSS
-0.1AI Score
EPSS
Security update for the Linux Kernel (important)
An update that solves 16 vulnerabilities, contains 6 features and has 29 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-29156: Fixed a double free related to...
8.8CVSS
-0.2AI Score
EPSS
Security update for the Linux Kernel (important)
An update that solves 14 vulnerabilities, contains one feature and has 61 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past...
7.5CVSS
-0.1AI Score
0.001EPSS
Yubico ykneo-openpgp data forgery issue vulnerability
Yubico ykneo-openpgp is an open source security product from the Swedish company Yubico. It implements the OpenPGP card functionality used on YubiKey NEO devices sold by Yubico. A data forgery issue vulnerability exists in versions prior to Yubico ykneo-openpgp 1.0.10. The vulnerability stems from....
8.8CVSS
8.3AI Score
0.001EPSS
Siemens TIA Administrator Denial of Service Vulnerability
SIMATIC PCS neo is a distributed control system (DCS).TIA Administrator is a web-based framework.Siemens Network Planner (SINETPLAN) supports you as a planner of PROFINET-based automation systems.TIA Portal is a PC A denial of service vulnerability exists in Siemens TIA Administrator, which can be....
3.6AI Score
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit....
7.5CVSS
7.3AI Score
0.002EPSS
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit....
7.5CVSS
0.002EPSS
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit....
7.5CVSS
7.3AI Score
0.002EPSS
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit....
7.5AI Score
0.002EPSS
Security update for the Linux Kernel (important)
An update that solves 17 vulnerabilities and has 62 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source...
9.1CVSS
AI Score
0.003EPSS
Unauthorised AJAX Calls via Freemius
The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle....
2.7AI Score
WordPress Sync eCommerce NEO plugin <= 1.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Sync eCommerce NEO plugin (versions <= 1.4). Solution No patched version...
2.8AI Score
Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Sync eCommerce NEO plugin (versions <= 1.4). Solution No patched version...
4AI Score
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.304.4.1] - Revert rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info (Rohit Nair) [Orabug: 33832625] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33832582] {CVE-2022-0492} [5.4.17-2136.304.4] - scsi: libiscsi: Fix iscsi_task...
8.4CVSS
-0.2AI Score
0.095EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.304.4.1] - Revert rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info (Rohit Nair) [Orabug: 33832625] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33832582] {CVE-2022-0492} [5.4.17-2136.304.4] - scsi: libiscsi: Fix iscsi_task...
8.4CVSS
-0.2AI Score
0.095EPSS
In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking...
7.1CVSS
6.8AI Score
0.0004EPSS