Lucene search
+L

173 matches found

The Hacker News
The Hacker News
added 2024/04/24 4:50 a.m.56 views

CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers

A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network CDN cache domains since at least February 2024. Cisco Talos has attributed the activity with moderate confidence to a threat actor...

7.3AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2024/04/23 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-32959

Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through = 7.2.2...

8.8CVSS5.8AI score0.00434EPSS
Exploits0References1
OSV
OSV
added 2024/04/09 7:15 p.m.7 views

CVE-2024-1934

The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpslocalcompress::construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset th...

7.5CVSS5.8AI score0.00718EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.5 views

Huashi Private Cloud CDN Live Streaming Acceleration Server 安全漏洞

Huashi Private Cloud CDN Live Streaming Acceleration Server is a live streaming acceleration service from China Huashi. A security vulnerability exists in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport version v.1.1.2, which originates from a vulnerability that allow...

9.8CVSS7.7AI score0.01146EPSS
Exploits0References2
OSV
OSV
added 2024/03/01 8:15 a.m.5 views

CVE-2024-27950

Missing Authorization vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0...

8.8CVSS7.3AI score0.00372EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.8 views

PT-2024-10894 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache versions prior to 0.9.5 Description: The issue is related to a lack of CSRF check in the wpfc save cdn integration AJAX action and insufficient sanitization and escaping of some options available via this action. This could...

6.1CVSS6AI score0.00252EPSS
Exploits1References5
Veracode
Veracode
added 2023/10/25 6:39 a.m.18 views

Denial Of Service (DoS)

next is vulnerable to Denial Of Service DoS. The vulnerability exists because the base-server.ts does not include a cache-control header. Consequently, empty prefetch responses might be cached by a Content Delivery Network CDN. This creates an opportunity for an attacker to potentially crash the...

7.5CVSS6.9AI score0.01284EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/10/22 3:15 a.m.26 views

CVE-2023-46298

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN...

7.5CVSS5.8AI score0.01284EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2023/10/17 2:48 p.m.46 views

Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure

In what's the latest evolution of threat actors abusing legitimate infrastructure for nefarious ends, new findings show that nation-state hacking groups have entered the fray in leveraging the social platform for targeting critical infrastructure. Discord, in recent years, has become a lucrative...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2023/10/16 6:5 p.m.50 views

CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...

7.5CVSS7.8AI score0.00901EPSS
Exploits0References5
Trellix
Trellix
added 2023/10/16 12:0 a.m.12 views

Discord, I Want to Play a Game

Discord, I Want to Play a Game By Ernesto Fernández Provecho and David Pastor Sanz Threatray · October 16, 2023 Discord is the first choice for gamers when they want to chat with some friends while playing an online computer game. Moreover, it is also a major choice for users that simply want to...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/15 10:20 a.m.54 views

NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers

An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities. "The attacks are reaching victims mainly in Southern Europe...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/10 2:20 p.m.42 views

New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks

Malicious actors are using a legitimate Rust-based injector called Freeze.rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It...

6.9AI score
Exploits0
OSV
OSV
added 2023/06/07 2:15 a.m.5 views

CVE-2022-4948

The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in...

4.3CVSS5.8AI score0.00535EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/04/06 8:15 p.m.1 views

CVE-2023-1923

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcremovecdnintegrationajaxrequestcallback function. This makes it possible for unauthenticated attackers to...

4.3CVSS6.6AI score0.00227EPSS
Exploits0References4
OSV
OSV
added 2023/04/06 8:15 p.m.2 views

CVE-2023-1923

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcremovecdnintegrationajaxrequestcallback function. This makes it possible for unauthenticated attackers to...

4.3CVSS7.2AI score0.00227EPSS
Exploits0References2
Qualys Blog
Qualys Blog
added 2023/01/03 9:9 a.m.27 views

BitRAT Now Sharing Sensitive Bank Data as a Lure

Introduction In June of 2022 Qualys Threat Research Unit TRU wrote an in-depth report on Redline, a commercial off the shelf infostealer that spreads via fake cracked software hosted on Discord’s content delivery network. Since then, we have continued to track similar threats to identify their...

0.6AI score
Exploits0
CNNVD
CNNVD
added 2023/01/02 12:0 a.m.7 views

WordPress plugin Image Optimizer, Resizer and CDN 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS4.9AI score0.0047EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/12/09 12:0 a.m.495 views

Image Optimizer, Resizer and CDN < 6.8.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Step 1: Install the plugin and register for an...

4.8CVSS4.8AI score0.0047EPSS
Exploits2
Imperva Blog
Imperva Blog
added 2022/12/06 9:0 a.m.23 views

Ten Reasons a Website Needs a CDN

Today’s website visitors expect a fast and efficient user experience with no delays or site performance issues. However, high traffic volumes and global reaching websites mean website managers are faced with the challenge of added latency and slow page load times, which can result in lost busines...

7.2AI score
Exploits0
Rows per page
Query Builder