Lucene search
K

663 matches found

OSV
OSV
added 2021/03/01 9:15 p.m.2 views

CVE-2021-21515

Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server...

5.4CVSS6.2AI score0.00817EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/09 12:0 a.m.7 views

Microsoft SharePoint 安全漏洞

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. Microsoft SharePoint ...

8CVSS6.9AI score0.01976EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/02/02 12:0 a.m.5 views

IBM API Connect 输入验证错误漏洞

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An input validation error vulnerability exists in IBM API Connect, which can be exploited by an...

6.5CVSS6.6AI score0.00812EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2021/01/28 6:1 p.m.106 views

Utah Ponders Making Online ‘Catfishing’ a Crime

Legislature introduced in Utah means it could soon be illegal there to pretend to be someone else when engaging in certain types of deceptive activities on the internet, a practice known as “catfishing.” The Online Impersonation Prohibition up for debate this week in the Utah House of...

0.8AI score
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2021/01/14 12:0 a.m.5 views

The vulnerability of the nsm DropPrivileges function (from the support/nsm.File.c module in the NFS utilities nfs-utils package) arises from improper assignment of standard privileges. This allows attackers to gain access to confidential data and compromise its integrity.

The vulnerability of the nsm DropPrivileges function from the NFS utility package nfs-utils, file.c section is related to the improper assignment of standard privileges. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential data, compromise its...

10CVSS7.3AI score0.01499EPSS
Exploits0References14Affected Software11
The Hacker News
The Hacker News
added 2021/01/13 8:37 a.m.5 views

Buyer's Guide for Securing Internal Environment with a Small Cybersecurity Team

Ensuring the cybersecurity of your internal environment when you have a small security team is challenging. If you want to maintain the highest security level with a small team, your strategy has to be 'do more with less,' and with the right technology, you can leverage your team and protect your...

5.9AI score
Exploits0
Hacker One
Hacker One
added 2021/01/05 9:3 p.m.408 views

Logitech: Host Header injection in oslo.io (using X-Forwarded-For header) leading to email spoofing

Hello team I hope it will be a happy year for you and for me 😇 Summary: I found Host Header injection in oslo.io I tried to use it to show the security effect on users And I found this Steps To Reproduce: 1. Well, first of all, enter your project 2.Make an invitation by email 3.Now through the...

Exploits0
CNVD
CNVD
added 2020/12/09 12:0 a.m.6 views

Unspecified Vulnerability in Schneider Electric Easergy T300 (CNVD-2021-19762)

Easergy T300 is a new generation of intelligent terminals for distribution network automation, adhering to the design concepts of "modularity, flexibility, and application orientation", which can be widely used in medium-voltage distribution network management, fault location, isolation, and...

6.5CVSS6.6AI score0.01075EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.5 views

Schneider Electric Easergy T300 安全漏洞

Easergy T300 is a new generation of intelligent terminals for distribution network automation, adhering to the design concepts of "modularity, flexibility, and application orientation", which can be widely used in medium-voltage distribution network management, fault location, isolation, and...

6.5CVSS6.6AI score0.01075EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2020/11/05 9:8 a.m.25 views

Deception Technology: No Longer Only A Fortune 2000 Solution

A cyber-attacker successfully breaks into your environment and begins sneaking around to find something valuable - intellectual property, bank account credentials, company plans, whatever. The attacker makes his way to a certain host on a network node to browse the directories, and suddenly, his...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/05 9:8 a.m.4 views

Deception Technology: No Longer Only A Fortune 2000 Solution

A cyber-attacker successfully breaks into your environment and begins sneaking around to find something valuable - intellectual property, bank account credentials, company plans, whatever. The attacker makes his way to a certain host on a network node to browse the directories, and suddenly, his...

5.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/09/30 6:42 a.m.5 views

Mozilla: Custom cursor can overlay user interface

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

6.5CVSS7.3AI score0.01237EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2020/08/06 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work...

6.5CVSS6.9AI score0.01237EPSS
Exploits0References1
OSV
OSV
added 2020/07/29 12:0 a.m.2 views

UBUNTU-CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

6.5CVSS6.9AI score0.01237EPSS
Exploits0References5
CNVD
CNVD
added 2020/06/23 12:0 a.m.11 views

Fortinet FortiDeceptor Insufficient Session Expiration Vulnerability

FortiDeceptor is an innovative security product based on deception technology that deceives, exposes and eliminates internal or external cyber threats before they can cause damage to an organization. A security vulnerability exists in Fortinet FortiDeceptor 3.0.0 and prior versions that stems fro...

8.1CVSS7AI score0.01028EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/10 12:0 a.m.4 views

Microsoft Edge Spoofing Vulnerability (CNVD-2020-61591)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security vulnerability exists in Microsoft Edge based on Chromium IE mode, which arises from the program not handling specific redirects correctly. The vulnerability can be exploited by...

6.1CVSS6.5AI score0.01811EPSS
Exploits1References1
OSV
OSV
added 2020/05/19 4:15 p.m.5 views

CVE-2020-10134

Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer device and an end-user erroneously completes both pairing procedure...

6.3CVSS6.9AI score0.00658EPSS
Exploits0References2
Veracode
Veracode
added 2020/04/10 12:37 a.m.35 views

Spoofable Address Bar

Mozilla Firefox is vulnerable to Spoofable Address Bar. A flaw was found in the way Firefox displays the address bar when window.open is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site...

5.8CVSS2.2AI score0.04745EPSS
Exploits1References29Affected Software4
Prion
Prion
added 2020/02/07 5:15 a.m.30 views

Code injection

There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing commands could allow unintended GPU opcodes to be executed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

7.2CVSS7.6AI score0.00247EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2019/12/16 11:0 a.m.39 views

The War Vet, the Dating Site, and the Phone Call From Hell

Jared Johns found out too late that swapping messages with the pretty girl from a dating site would mean serious trouble. If only he had known who she really was...

0.8AI score
Exploits0
Rows per page
Query Builder