Lucene search
K

326 matches found

Hacker One
Hacker One
added 2023/05/10 11:36 p.m.177 views

U.S. Dept Of Defense: CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman

A cross-site scripting XSS vulnerability was found on the cpanel application hosted on a website. The vulnerability allowed an attacker to steal cookies or hijack a browser session. The cpanel was not updated due to the disabled auto-update feature. The vulnerability was mitigated by enabling the...

6.1CVSS5.4AI score0.65533EPSS
Exploits7
The Hacker News
The Hacker News
added 2023/04/11 9:16 a.m.25 views

Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month,...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/24 7:51 a.m.2 views

Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisor...

6.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.2 views

SUSE CVE-2010-4585

Unspecified vulnerability in the auto-update functionality in Opera before 11.00 allows remote attackers to cause a denial of service application crash by triggering an Opera Unite update...

5CVSS6.7AI score0.02244EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:44 a.m.4 views

SUSE CVE-2017-10125

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly...

7.1CVSS8.7AI score0.0063EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.3 views

SUSE CVE-2022-22754

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

6.5CVSS8.6AI score0.00644EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/01/12 6:6 a.m.1 views

Access of uninitialized pointer vulnerability in OMRON CX-Motion-MCH

Overview CX-Motion-MCH provided by OMRON Corporation contains an access of uninitialized pointer vulnerability CWE-824, CVE-2023-22366. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact Having a user to open a specially crafted project file...

7.8CVSS7.2AI score0.002EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/01/11 5:32 a.m.132 views

Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit

The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with one of the vulnerabilities...

9.8CVSS0.6AI score0.99964EPSS
Exploits11
Krebs on Security
Krebs on Security
added 2023/01/10 10:28 p.m.50 views

Microsoft Patch Tuesday, January 2023 Edition

Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical...

0.5AI score0.41538EPSS
Exploits0
NVD
NVD
added 2022/12/22 8:15 p.m.20 views

CVE-2022-22754

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

6.5CVSS0.00644EPSS
Exploits0References4
Prion
Prion
added 2022/12/22 8:15 p.m.23 views

Code injection

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

4.3CVSS6.6AI score0.00644EPSS
Exploits0References4Affected Software3
Cvelist
Cvelist
added 2022/12/22 12:0 a.m.25 views

CVE-2022-22754

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

7.3AI score0.00644EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/12/22 12:0 a.m.8 views

CVE-2022-22754

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

5.9AI score0.00644EPSS
Exploits0References4
CVE
CVE
added 2022/12/22 12:0 a.m.532 views

CVE-2022-22754

CVE-2022-22754: Affects Firefox <97, Thunderbird <91.6, and Firefox ESR

6.5CVSS7AI score0.00644EPSS
Exploits0References4Affected Software3
AlpineLinux
AlpineLinux
added 2022/12/22 12:0 a.m.724 views

CVE-2022-22754

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

6.5CVSS7.5AI score0.00644EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/28 6:40 a.m.3 views

Multiple vulnerabilities in OMRON CX-Programmer

Overview CX-Programmer provided by Omron Corporation contains multiple vulnerabilities listed below. Use-after-free CWE-416 - CVE-2022-43508, CVE-2023-22277, CVE-2023-22317, CVE-2023-22314 Out-of-bounds Write CWE-787 - CVE-2022-43509 Stack-based Buffer Overflow CWE-121 - CVE-2022-43667 Michael...

7.8CVSS7.7AI score0.00268EPSS
Exploits0References18
ICS
ICS
added 2022/10/04 12:0 a.m.58 views

OMRON CX-Programmer

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Omron Equipment : CX-Programmer Vulnerabilities : Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device or may allow arbitrary code execution. 3. TECHNICAL DETAILS...

9.8CVSS9.4AI score0.00564EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/19 12:0 a.m.3 views

PT-2022-25421

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker suitably positioned on the network could intercept the update request and deliver a...

6.4AI score0.00274EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/09/15 12:0 a.m.23 views

Zoom Client 5.7.3 < 5.11.6 Privilege Escalation

The Zoom Client for Meetings for macOS Standard and for IT Admin starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. Note that Nessus has not tested fo...

8.8CVSS7.4AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 2022/08/18 8:15 p.m.15 views

CVE-2022-28757

The Zoom Client for Meetings for macOS Standard and for IT Admin starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...

8.8CVSS0.00176EPSS
Exploits0References1
Rows per page
Query Builder