CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

EUVD-2026-28908

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

CVE-2023-42569

Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji...

CVE-2023-42558

Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution...

CVE-2023-42563

Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow...

CVE-2023-42556

Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information...

CVE-2023-42564

Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege...

CVE-2023-42560

Heap out-of-bounds write vulnerability in decmonoaudb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code...

Hazy Hawk Attack Spotted Targeting Abandoned Cloud Assets Since 2023

Infoblox reveals Hazy Hawk, a new threat exploiting abandoned cloud resources S3, Azure and DNS gaps since Dec…...

Kimsuky Exploits Legitimate Certificate to Disseminate TrollAgent

Summary: The Kimsuky group, backed by North Korea, used TrollAgent malware via a fake security program to target a Korean construction associations website, stealing data and enabling remote control between December 2023 and January 2024. Threat Level - Amber | Attack Report For a detailed threat...

CVE-2023-6441

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. University Information System allows SQL Injection.This issue affects University Information System: before 12.12.2023...

CISA Known Exploited Vulnerability Catalog December 2023

For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog,...

CVE-2023-47251

creationtimestamp| type| source ---|---|--- 2023-12-31 18:18:48+00:00| seen| MISP/00941aeb-379c-4544-8c08-43e64b6120d7...

collegeahuntsic.qc.ca Cross Site Scripting vulnerability OBB-3827083

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

astonmartinofgreenwich.com Cross Site Scripting vulnerability OBB-3827073

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-51133

creationtimestamp| type| source ---|---|--- 2023-12-30 17:26:48+00:00| seen| https://t.me/ctinow/160920 2023-12-31 01:31:55+00:00| seen| https://t.me/cibsecurity/74030...

chiangrai.rmutl.ac.th Cross Site Scripting vulnerability OBB-3826488

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-46751

creationtimestamp| type| source ---|---|--- 2023-12-30 10:06:40+00:00| seen| https://t.me/ctinow/160841...

sterilite.com Cross Site Scripting vulnerability OBB-3826475

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...