Lucene search
K

94 matches found

Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.9 views

SL5 Standard for AI Security

Security Level 5 SL5 is a security posture for AI systems that could plausibly thwart top-priority operations by the world's most cyber-capable institutions: those with extensive resources, state-level infrastructure, and expertise years ahead of the public state of the art. The SL5 terminology...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.7 views

CVE-2024-2028

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00449EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/12/23 6:58 a.m.3 views

FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks

The U.S. Federal Communications Commission FCC on Monday announced a ban on all drones and critical components made in a foreign country, citing national security concerns. To that end, the agency has added to its Covered List Uncrewed aircraft systems UAS and UAS critical components produced in ...

6.9AI score
Exploits0
Snyk
Snyk
added 2025/11/07 12:24 p.m.8 views

Malicious Package

Overview Sharp7Extend is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...

9.8CVSS7.2AI score
Exploits0References2
Snyk
Snyk
added 2025/11/07 12:24 p.m.2 views

Malicious Package

Overview SqlDbRepository is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...

9.8CVSS7.2AI score
Exploits0References2
The Hacker News
The Hacker News
added 2025/11/07 11:55 a.m.20 views

Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation

A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named...

7.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/08/06 2:44 p.m.4 views

CVE-2025-2028 Lack of TLS validation

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs...

6.5CVSS6.5AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:30 p.m.10 views

CVE-2002-2028

The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing...

2.1CVSS6.8AI score0.0196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:20 p.m.6 views

CVE-2022-2028

Cross-site Scripting XSS - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0...

8.2CVSS6AI score0.00674EPSS
Exploits1References1
Wired Threat Level
Wired Threat Level
added 2024/06/19 10:0 a.m.8 views

This Is What Would Happen if China Invaded Taiwan

The new book World on the Brink: How America Can Beat China in the Race for the 21st Century lays out what might actually happen if China were to invade Taiwan in 2028...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2024/06/15 12:0 a.m.12 views

openSUSE Security Advisory (SUSE-SU-2024:2028-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS7.4AI score0.00317EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.32 views

Oracle Linux 7 : ruby (ELSA-2019-2028)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2028 advisory. - Introduce 'Gem::UserInteractionverbose' method as precondition to fix CVE-2019-8321. rubygems-2.3.0-refactor-checking-reallyverbose.patch - Fix escap...

9.8CVSS7.5AI score0.10552EPSS
Exploits0References15
NVD
NVD
added 2023/07/10 4:15 p.m.19 views

CVE-2023-2028

The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.8AI score0.00423EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/07/10 12:40 p.m.22 views

CVE-2023-2028 Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting

The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00423EPSS
Exploits2References1
CVE
CVE
added 2023/07/10 12:40 p.m.46 views

CVE-2023-2028

The CVE-2023-2028 issue affects the Call Now Accessibility Button WordPress plugin and is caused by improper sanitization of certain settings. Versions prior to 1.1 allow Stored Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_html is disallowed (e.g., in multisite). Public...

4.8CVSS4.8AI score0.00423EPSS
Exploits2References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/05/02 12:0 a.m.30 views

Amazon Linux 2 : thunderbird (ALAS-2023-2028)

The version of thunderbird installed on the remote host is prior to 102.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2028 advisory. 2024-01-03: CVE-2023-1999 was added to this advisory. The Mozilla Foundation describes this issue as follows:OCSP...

8.8CVSS7.8AI score0.00952EPSS
Exploits0References24
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.15 views

Ubuntu: Security Advisory (USN-2028-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS7.6AI score0.0593EPSS
Exploits1References2
CVE
CVE
added 2022/06/08 8:35 a.m.61 views

CVE-2022-2028

CVE-2022-2028 is a stored XSS vulnerability in the open-source time-tracking project titra (GitHub: kromitgmbh/titra) affecting versions prior to 0.77.0. The issue has been observed as a Stored XSS in the Project Name field (example payload provided), enabling injection when a project name is sav...

8.2CVSS5.7AI score0.00674EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/06/08 8:35 a.m.18 views

CVE-2022-2028 Cross-site Scripting (XSS) - Generic in kromitgmbh/titra

Cross-site Scripting XSS - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0...

8.2CVSS5.6AI score0.00674EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.32 views

Mageia: Security Advisory (MGASA-2013-0160)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS9.5AI score0.11925EPSS
Exploits3References5
Rows per page
Query Builder