EUVD-2023-25608

Malicious code in bioql PyPI...

EUVD-2023-29940

Malicious code in bioql PyPI...

EUVD-2023-12710

Malicious code in bioql PyPI...

CVE-2023-41265

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

CVE-2023-41266

A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous...

Path traversal

A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous...

BlackCat Ransomware Deploys New Signed Kernel Driver

In this blog post, we will provide details on a BlackCat ransomware incident that occurred in February 2023, where we observed a new capability, mainly used for the defense evasion phase...

CVE-2023-1585

Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use TOCTOU vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later...

CVE-2023-0681 Rapid7 Nexpose Uncontrolled URL Redirect

Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in t...

Security Bulletin: IBM SDK, Java Technology Edition, Security Update February 2023

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to February 2023. IBM 8 SR7 FP20 1.8.0351. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION:...

Acer Data Breach: Hacker Claims to Sell 160GB Trove of Stolen Data

By Waqas A hacker on a popular forum is claiming to have stolen Acer Inc.'s data in mid-February 2023. This is a post from HackRead.com Read the original post: Acer Data Breach: Hacker Claims to Sell 160GB Trove of Stolen Data...

CISA Known Exploited Vulnerability Catalog February 2023

For a detailed CISAs KEV Catalog, download the pdf file here Summary For a detailed CISAs KEV Catalog, download the pdf file here The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included ...

Summary of Vulnerabilities & Threats: February 2023

...

WordPress Paid Memberships Pro Plugin <= 2.9.11 is vulnerable to SQL Injection

Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.9.11 Fixed in 2.9.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0631 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID c680ed84c0a0 Credits Marc Montpas Required privilege Subscribe...

WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Debug Assistant Type Plugin Vulnerable versions = 1.4 Fixed in 1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-26516 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 29fe448c29d4 Credits Prasanna V Balaji...

WordPress Quiz And Survey Master Plugin <= 8.0.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.0.10 Fixed in 8.1.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-26524 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c4b1a4af0da2 Credits Rio Darmawa...

tradecommissioner.gc.ca Cross Site Scripting vulnerability OBB-3206292

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kuendigtramsteinairbase.de Cross Site Scripting vulnerability OBB-3206152

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

schwarzlichtviertel.de Cross Site Scripting vulnerability OBB-3205873

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Top 10 Plugin <= 3.2.4 is vulnerable to Broken Access Control

Software Top 10 Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer WebberZone PSID 0fa5b1c87acc Credits WordFence Required privilege Subscriber Publishe...