RHCOS 4 : OpenShift Container Platform 4.6.59 (RHSA-2022:4947)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4947 advisory. - cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 - credentials: Stored XSS vulnerabilities in jenkin...

RHCOS 3 : OpenShift Container Platform 3.11.715 (RHSA-2022:4999)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:4999 advisory. - cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 Note that Nessus has not tested for this issue but has inste...

CVE-2026-1708

creationtimestamp| type| source ---|---|--- 2026-03-11 07:16:03+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-1708...

EUVD-2026-1708

A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The...

CVE-2025-1708

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content...

CVE-2025-1708

creationtimestamp| type| source ---|---|--- 2025-07-03 06:21:23+00:00| seen| https://infosec.exchange/users/certvde/statuses/114787856061012885 2025-07-03 06:23:54+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3lt23lwyqz3d2 2025-08-06 13:54:20+00:00| seen|...

CVE-2023-1708

An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine...

RHEL 9 : conmon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 Note that Nessus has not tested for...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2024-1708)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 9 : cri-o (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 Note that Nessus has not tested for...

CBL Mariner 2.0 Security Update: cri-o (CVE-2022-1708)

The version of cri-o installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1708 advisory. - A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with...

CVE-2022-1708 affecting package cri-o for versions less than 1.21.7-1

CVE-2022-1708 affecting package cri-o for versions less than 1.21.7-1. A patched version of the package is available...

CVE-2013-1708

creationtimestamp| type| source ---|---|--- 2024-03-25 11:49:23+00:00| seen| https://t.me/ETHICALHACKERSCOMMUNITY2/3889 2024-03-25 14:38:09+00:00| seen| Telegram/HKj6TR4hMohrGsEUcNFDijNGdim3MCZhggfzha3EYtXw 2024-03-25 14:38:09+00:00| seen| https://t.me/tengkorakcybercrewz/4400 2024-03-25...

Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware

North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark...

Attacks, Vulnerabilities and Actors 19 to 25 February 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of fifteen attacks were executed, five vulnerabilities were uncovered, and five active adversaries...

Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities

This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry...

ConnectWise ScreenConnect Unauthenticated Remote Code Execution

This module exploits an authentication bypass vulnerability that allows an unauthenticated attacker to create a new administrator user account on a vulnerable ConnectWise ScreenConnect server. The attacker can leverage this to achieve RCE by uploading a malicious extension module. All versions of...

ConnectWise ScreenConnect Service < 23.9.8 Multiple Vulnerabilities

According to its version, the ConnectWise ScreenConnect Service remote access software installed on the remote Windows host is prior to 23.9.8. It is, therefore affected by multiple vulnerabilities: - A path-traversal vulnerability which may allow an attacker the ability to execute remote code or...

CVE-2024-1708

creationtimestamp| type| source ---|---|--- 2024-02-21 17:22:10+00:00| seen| https://t.me/ctinow/189797 2024-02-21 17:31:30+00:00| seen| https://t.me/ctinow/189811 2024-02-22 10:40:05+00:00| exploited| https://t.me/truesecator/5446 2024-02-22 10:40:07+00:00| seen|...

CVE-2024-1708

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems...