CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/01/31 5:15 p.m.•12 views

CVE-2024-42671

6.1CVSS0.00259EPSS

Securelist•added 2025/01/31 10:0 a.m.•9 views

One policy to rule them all

Windows group policies are a powerful management tool that allows administrators to define and control user and computer settings within a domain environment in a centralized manner. While group policies offer functionality and utility, they are unfortunately a prime target for attackers. In...

7AI score

Cvelist•added 2025/01/31 12:0 a.m.•13 views

CVE-2024-42671

0.00259EPSS

CVE•added 2025/01/31 12:0 a.m.•90 views

CVE-2024-42671

CVE-2024-42671 affects slabiak Appointment Scheduler v1.0.5. The issue is a Host Header Poisoning Open Redirect, enabling remote redirection to a malicious site. The CVSS base score is 6.1 (Medium) with Network attack vector, no privileges, user interaction required, and a changed scope; impact i...

6.1CVSS6.6AI score0.00259EPSS

Vulnrichment•added 2025/01/31 12:0 a.m.•4 views

CVE-2024-42671

6.6AI score0.00259EPSS

Schneier on Security•added 2025/01/30 12:44 p.m.•6 views

Fake Reddit and WeTransfer Sites are Pushing Malware

There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. They exploit people who are using search engines to search sites like Reddit. Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing...

7.2AI score

Securelist•added 2025/01/30 8:0 a.m.•21 views

No need to RSVP: a closer look at the Tria stealer campaign

Introduction Since mid-2024, we've observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app APK, which we have named "Tria Stealer" after unique strings found in campaign samples. The primary targets of the...

7.1AI score

Trend Micro Simply Security•added 2025/01/30 12:0 a.m.•3 views

Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response

The Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub, where attackers leveraged the platform's release infrastructure to deliver malware such as SectopRAT, Vidar, and Cobeacon...

7.2AI score

RedHat Linux•added 2025/01/27 9:50 p.m.•20 views

Important: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.7.3 security updates and bug fixes

Multicluster Engine for Kubernetes 2.7.3 General Availability release images, which provide enhancements, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

9.1CVSS6.7AI score0.03092EPSS

Exploits2References3

BDU FSTEC•added 2025/01/27 12:0 a.m.•1 views

The vulnerability of the IBM Safer Payments security measure lies in its ability to allow unlimited distribution of resources, which enables a perpetrator to trigger a service failure.

The vulnerability of the IBM Safer Payments security tool is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS5.5AI score0.00568EPSS

BDU FSTEC•added 2025/01/27 12:0 a.m.•4 views

The vulnerability of the `saveRequestFiles` function in the Fastify JavaScript software framework allows a hacker to trigger a service failure.

The vulnerability of the saveRequestFiles function in the Fastify JavaScript software framework is related to the use of incorrect authentication tokens due to unlimited resource distribution. Exploiting this vulnerability could allow a malicious actor to cause service failures by sending special...

7.8CVSS5.5AI score0.00529EPSS

BDU FSTEC•added 2025/01/24 12:0 a.m.•2 views

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system, which allows a hacker to trigger a service failure.

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

6.8CVSS7.7AI score0.00661EPSS

BDU FSTEC•added 2025/01/23 12:0 a.m.•4 views

The vulnerability of the modular application server of IBM WebSphere Liberty Profile, a software for managing transaction applications of the IBM TXSeries for Multiplatforms, allows a hacker to trigger a service failure.

7.8CVSS5.4AI score0.00605EPSS