Lucene search
K

91 matches found

ThreatPost
ThreatPost
added 2022/03/30 4:14 p.m.191 views

Google Chrome Bug Actively Exploited as Zero-Day

Google has updated its Stable channel for the desktop version of Chrome, to address a zero-day security vulnerability that’s being actively exploited in the wild. The bug, tracked as CVE-2022-1096, is a type-confusion issue in the V8 JavaScript engine, which is an open-source engine used by Chrom...

9.6CVSS9.6AI score0.71536EPSS
Exploits9References12
Rapid7 Blog
Rapid7 Blog
added 2022/01/18 8:0 p.m.184 views

Active Exploitation of VMware Horizon Servers

This post is co-authored by Charlie Stafford, Lead Security Researcher. We will update this blog with further information as it becomes available. CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Blog's Last Update ---|---|---|---|---|--- CVE-2021-44228 | VMware Advisory |...

9.3CVSS0.3AI score0.99999EPSS
Exploits351
hivepro
hivepro
added 2021/12/08 9:54 a.m.143 views

Grafana releases an emergency patch for a Zero-Day vulnerability

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A vulnerability in Chrome and Microsoft Edge Chromium-based exists as a result of a use-after-free Grafana, a database analyzing, and monitoring tool used by major companies has been affected by a high severe zero-day...

5CVSS1.1AI score0.88849EPSS
Exploits44
The Hacker News
The Hacker News
added 2021/09/25 6:39 a.m.232 views

Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability

Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild. Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a...

9.6CVSS0.2AI score0.70435EPSS
Exploits12
ThreatPost
ThreatPost
added 2021/09/22 5:22 p.m.19 views

Unpatched Apple Zero-Day Allows Code Execution

A zero-day security vulnerability in Apple’s macOS Finder system could allow remote attackers to trick users into running arbitrary commands, according to researchers – and a silent patch hasn’t fixed it. For those not in the Apple camp, the macOS Finder is the default file manager and GUI...

7.3AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/09/13 10:10 p.m.121 views

Apple Issues Emergency Fix for NSO Zero-Click Zero Day

Apple users should immediately update all their devices – iPhones, iPads, Macs and Apple Watches – to install an emergency patch for a zero-click zero-day exploited by NSO Group to install spyware. The security updates, pushed out by Apple on Monday, include iOS 14.8 for iPhones and iPads, as wel...

7.8CVSS7.4AI score0.75994EPSS
Exploits2References16
The Hacker News
The Hacker News
added 2021/07/08 4:35 a.m.281 views

Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability

Even as Microsoft expanded patches for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain...

9.3CVSS1.4AI score0.99759EPSS
Exploits75
Krebs on Security
Krebs on Security
added 2021/07/07 2:34 p.m.184 views

Microsoft Issues Emergency Patch for Windows Flaw

Microsoft on Tuesday issued an emergency software update to quash a security bug thats been dubbed "PrintNightmare," a critical vulnerability in all supported versions of Windows that is actively being exploited. The fix comes a week ahead of Microsofts normal monthly Patch Tuesday release, and...

9CVSS0.8AI score0.99759EPSS
Exploits41
HackRead
HackRead
added 2021/07/07 12:0 p.m.44 views

Microsoft issues emergency patch to fix PrintNightmare vulnerability

By Waqas Microsoft is urging customers to "install these updates immediately" and protect their PCs against the widely exploited PrintNightmare vulnerability. This is a post from HackRead.com Read the original post: Microsoft issues emergency patch to fix PrintNightmare vulnerability...

3.1AI score
Exploits0
ThreatPost
ThreatPost
added 2021/07/07 10:55 a.m.349 views

Microsoft Releases Emergency Patch for PrintNightmare Bugs

Microsoft has released an emergency patch for the PrintNightmare, a set of two critical remote code-execution RCE vulnerabilities in the Windows Print Spooler service that hackers can use to take over an infected system. However, more fixes are necessary before all Windows systems affected by the...

9.3CVSS9.5AI score0.99759EPSS
Exploits75References12
The Hacker News
The Hacker News
added 2021/07/07 3:11 a.m.114 views

Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability

Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability — known as "PrintNightmare" — that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems. Tracked as...

9.3CVSS2.9AI score0.99759EPSS
Exploits75
Positive Technologies
Positive Technologies
added 2020/11/01 12:0 a.m.3 views

PT-2020-4510 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 10.3.6.0.0 through 14.1.1.0.0 Description: The issue is related to a vulnerability in the Oracle WebLogic Server product, specifically in the Console component. This vulnerability allows an unauthenticated...

10CVSS9.4AI score0.9927EPSS
Exploits9References17
Rapid7 Blog
Rapid7 Blog
added 2020/09/14 11:29 p.m.812 views

CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know

Updates September 16, 2020 Samba domain controllers before 4.8 have been confirmed to be vulnerable to CVE-2020-1472. There are now multiple public PoC exploits available, most if not all of which are modifications to Secura’s original PoC built on Impacket. There are reports of the vulnerability...

9.3CVSS0.3AI score0.99512EPSS
Exploits75
The Hacker News
The Hacker News
added 2020/03/12 2:30 p.m.3 views

Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP!

Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware , which can propagate itself from one vulnerable computer to another automatically. The vulnerability,...

10CVSS8.1AI score0.9981EPSS
Exploits125
Openbugbounty
Openbugbounty
added 2020/02/20 8:57 p.m.8 views

blogavenger.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1098452 Security Researcher geeknik Helped patch 8956 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting blogavenger.com website an...

0.2AI score
Exploits0
ThreatPost
ThreatPost
added 2019/08/26 7:32 p.m.124 views

Apple Fixes iOS Flaw That Opened iPhones to Jailbreaks

Apple has released an emergency patch fixing a kernel vulnerability – for the second time – after it was accidentally unpatched in iOS 12.4. The flaw CVE-2019-8605, a use-after-free issue existing in the kernel, could enable a malicious application to execute arbitrary code with system privileges...

9.3CVSS0.2AI score0.17438EPSS
Exploits6References10
The Hacker News
The Hacker News
added 2019/06/19 6:42 p.m.3 views

New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now

Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server. According to Oracle, the vulnerability—which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10—is already being exploited in the wild by a...

9.8CVSS9.1AI score0.99964EPSS
Exploits44
The Hacker News
The Hacker News
added 2019/03/12 4:22 p.m.87 views

Adobe Releases Patches for Critical Flaws in Photoshop CC and Digital Edition

Adobe users would feel lighter this month, as Adobe has released patches for just two security vulnerability in its March Security Update. The company today released its monthly security updates to address two critical arbitrary code execution vulnerabilities—one in Adobe Photoshop CC and another...

10CVSS1.8AI score0.68369EPSS
Exploits0
ThreatPost
ThreatPost
added 2019/03/12 3:53 p.m.60 views

Adobe Patches Critical Photoshop, Digital Edition Flaws

Adobe on Tuesday released its March Security Update, reporting and fixing only two critical flaws: one in Photoshop CC and one in Adobe Digital Editions. Both critical flaws could allow a bad actor to achieve arbitrary code execution in the context of the current user, Adobe said. The company sai...

10CVSS1AI score0.68369EPSS
Exploits0References6
Krebs on Security
Krebs on Security
added 2019/01/09 2:46 p.m.95 views

Patch Tuesday, January 2019 Edition

Microsoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. But there are a few...

9.3CVSS0.8AI score0.71365EPSS
Exploits0
Rows per page
Query Builder