89 matches found
Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
TrendAI™ Research has identified two emerging threat campaigns—SHADOW-AETHER-040 and SHADOW-AETHER-064—that use agentic AI to drive intrusion operations against government and financial organizations in Latin America, marking these among the first cases we have observed of AI agents executing...
MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.71-1.b15.AXS4 (AXSA:2016-040:01)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-040:01 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2015-7575 Mozilla Network Security Services NSS before 3.20.2, as used ...
MiracleLinux 8 : mariadb:10.3 (AXSA:2026-040:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-040:01 advisory. mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 Tenable has extracted the preceding...
MAL-2025-15372 Malicious code in banana-040-project (npm)
The package banana-040-project was found to contain malicious code...
Malicious code in banana-040-project (npm)
The package banana-040-project was found to contain malicious code...
CVE-2025-3739
CVE-2025-3739 : A vulnerability in Drupal 8 Google Optimize Hide Page affects the Drupal 8 Google Optimize Hide Page module. The CVSSv3.1 metrics indicate a network attack vector, high attack complexity, and that an attacker requires high privileges with no user interaction to achieve a Confident...
Amazon Linux 2 : containerd, --advisory ALAS2ECS-2024-040 (ALASECS-2024-040)
The version of containerd installed on the remote host is prior to 1.7.20-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-040 advisory. The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This...
Amazon Linux 2 : docker (ALASDOCKER-2024-040)
The version of docker installed on the remote host is prior to 25.0.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-040 advisory. 2025-01-04: CVE-2024-36620 was added to this advisory. 2025-01-04: CVE-2024-36623 was added to this advisory...
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-040)
The version of kernel installed on the remote host is prior to 5.15.152-100.162. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-040 advisory. 2024-09-12: CVE-2024-27431 was added to this advisory. 2024-09-12: CVE-2024-27415 was added to this...
Amazon Linux 2023 : openjpeg2, openjpeg2-devel, openjpeg2-tools (ALAS2023-2023-040)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-040 advisory. There is a flaw in the opj2compress program in openjpeg2. An attacker who is able to submit a large number of image files to be processed in a directory by opj2compress, could trigger a heap...
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-040)
The version of kernel installed on the remote host is prior to 5.4.226-129.415. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-040 advisory. A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request...
Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage
A threat actor is said to have "highly likely" exploited a security flaw in an outdated Atlassian Confluence server to deploy a never-before-seen backdoor against an unnamed organization in the research and technical services sector. The attack, which transpired over a seven-day-period during the...
Dell OpenManage Server Administrator Authentication Bypass (DSA-2021-040)
Binary data dellomsacve-2021-21513.nbin...
Advantech iView Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated configuration change combined with an unauthenticated file write primitive, leading to an arbitrary file write that allows for remote code execution as the user running iView, which is typically NT AUTHORITY\SYSTEM. This issue was demonstrated in...
Nextcloud Server < 20.0.0 Multiple Vulnerabilities (NC-SA-2020-040, NC-SA-2020-041, NC-SA-2021-006)
Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...
Security Bulletin: Vulnerability in OpenSource Apache Tomcat affects IBM Algorithmics Algo Risk Application (CVE-2015-5174)
Summary Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ in the getResource, getResourceAsStream and getResourcePaths ServletContext methods to obtain a directory listing f...
MS07-040: Vulnerabilities in the .NET Framework could allow remote code execution
Resolves three privately reported vulnerabilities. Two of these vulnerabilities could allow remote code execution on client systems that have the .NET Framework installed. One could allow information disclosure on Web servers that are running ASP.NET.INTRODUCTIONMicrosoft has released security...
MS03-040: October, 2003, Cumulative Patch for Internet Explorer
Technical Updates October 1, 2003: Originally published.October 15, 2003: Updated the "Prerequisites" section to indicate that you can install the security patch on Windows NT Workstation 4.0 SP6a and Windows 2000 SP2.Symptoms This is a cumulative security patch for Microsoft Internet Explorer th...
@Base - Critical - Unsupported - SA-CONTRIB-2017-040
Provide some more API for developer to work with Drupal 7. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466...
MS06-040: Vulnerability in Server service could allow remote code execution
MS06-040: Vulnerability in Server service could allow remote code execution INTRODUCTION Microsoft has released security bulletin MS06-040. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment...