Threat Report: High Tech Industry targeted the most with 46% of attack traffic tagged by NLX
How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization's threat response Summary of Findings The Network Effect Threat Report offers insights based...
8.5AI Score
7.1AI Score
7.1AI Score
5.5CVSS
5.5AI Score
0.001EPSS
Magento LTS's guest order "protect code" can be brute-forced too easily
Impact Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack....
7.5CVSS
6.7AI Score
0.001EPSS
Magento LTS's guest order "protect code" can be brute-forced too easily
Impact Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack....
7.5CVSS
7.1AI Score
0.001EPSS
PrestaShop MyPrestaModules - PhpInfo Disclosure
PrestaShop modules by MyPrestaModules expose...
7.5CVSS
7.6AI Score
0.04EPSS
Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military
Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to a Russian...
7.5AI Score
0.001EPSS
Malicious code in discord.js-v12-lukyy (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (84f8bf74e566b2971105d1d8482b27bb35a3cd1aa60def4e10b9ae09a4397da8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before...
7.5CVSS
7.5AI Score
0.0005EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 14, 2023 to August 20, 2023)
Last week, there were 64 vulnerabilities disclosed in 67 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
9.8CVSS
7.9AI Score
EPSS
Serial Codes Generator and Validator with WooCommerce Support < 2.4.15 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.8AI Score
0.0004EPSS
7.1AI Score
H2 Database Web Interface Create Alias Remote Code Execution Exploit
The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...
7.4AI Score
7.1AI Score
7.1AI Score
7.1AI Score
0.006EPSS
7.1AI Score
H2 Web Interface Create Alias RCE
The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...
7.4AI Score
7.1AI Score
9.8CVSS
7.1AI Score
0.006EPSS
9.8CVSS
9.7AI Score
EPSS
espace-numerique-entreprises.corsica Cross Site Scripting vulnerability OBB-3570484
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 24, 2023 to July 30, 2023)
Last week, there were 64 vulnerabilities disclosed in 66 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....
9.8CVSS
8.4AI Score
EPSS
7.1AI Score
7.1AI Score
Fuji Xerox / Fujifilm Printer Detection (HTTP)
HTTP based detection of Fuji Xerox / Fujifilm printer...
7.1AI Score
7.1AI Score
7.1AI Score
Imcat 4.4 - Phpinfo Configuration
Imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1...
7.5CVSS
7.5AI Score
0.014EPSS
7.1AI Score
7.1AI Score
7.1AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.4AI Score
7.1AI Score
espace-terroir.ch Cross Site Scripting vulnerability OBB-3524241
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
espace-ultradanse.fr Cross Site Scripting vulnerability OBB-3513703
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
espace-lumiere.fr Cross Site Scripting vulnerability OBB-3503840
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
espace-motos.fr Cross Site Scripting vulnerability OBB-3493242
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
espace-crequi.fr Cross Site Scripting vulnerability OBB-3493240
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score