94 matches found
SL5 Standard for AI Security
Security Level 5 SL5 is a security posture for AI systems that could plausibly thwart top-priority operations by the world's most cyber-capable institutions: those with extensive resources, state-level infrastructure, and expertise years ahead of the public state of the art. The SL5 terminology...
CVE-2024-2028
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks
The U.S. Federal Communications Commission FCC on Monday announced a ban on all drones and critical components made in a foreign country, citing national security concerns. To that end, the agency has added to its Covered List Uncrewed aircraft systems UAS and UAS critical components produced in ...
Malicious Package
Overview Sharp7Extend is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...
Malicious Package
Overview SqlDbRepository is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named...
CVE-2025-2028 Lack of TLS validation
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs...
CVE-2002-2028
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing...
CVE-2022-2028
Cross-site Scripting XSS - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0...
This Is What Would Happen if China Invaded Taiwan
The new book World on the Brink: How America Can Beat China in the Race for the 21st Century lays out what might actually happen if China were to invade Taiwan in 2028...
openSUSE Security Advisory (SUSE-SU-2024:2028-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 7 : ruby (ELSA-2019-2028)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2028 advisory. - Introduce 'Gem::UserInteractionverbose' method as precondition to fix CVE-2019-8321. rubygems-2.3.0-refactor-checking-reallyverbose.patch - Fix escap...
CVE-2023-2028
The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2028 Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting
The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2028
The CVE-2023-2028 issue affects the Call Now Accessibility Button WordPress plugin and is caused by improper sanitization of certain settings. Versions prior to 1.1 allow Stored Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_html is disallowed (e.g., in multisite). Public...
Amazon Linux 2 : thunderbird (ALAS-2023-2028)
The version of thunderbird installed on the remote host is prior to 102.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2028 advisory. 2024-01-03: CVE-2023-1999 was added to this advisory. The Mozilla Foundation describes this issue as follows:OCSP...
Ubuntu: Security Advisory (USN-2028-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-2028
CVE-2022-2028 is a stored XSS vulnerability in the open-source time-tracking project titra (GitHub: kromitgmbh/titra) affecting versions prior to 0.77.0. The issue has been observed as a Stored XSS in the Project Name field (example payload provided), enabling injection when a project name is sav...
CVE-2022-2028 Cross-site Scripting (XSS) - Generic in kromitgmbh/titra
Cross-site Scripting XSS - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0...
Mageia: Security Advisory (MGASA-2013-0160)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...