CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Malwarebytes•added 2025/02/21 4:17 p.m.•9 views

Healthcare security lapses keep piling up

Healthcare is one of the sectors that has the most sensitive information about us. At the same time it's one of the worst at keeping them secret. Because of its access and storage of our personal health information PHI and other personally identifiable information PII, the healthcare sector shoul...

7.3AI score

RedhatCVE•added 2025/02/05 2:17 p.m.•4 views

CVE-2020-2945

Vulnerability in the Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management product of Oracle Financial Services Applications component: User Interfaces. Supported versions that are affected are 8.0.7 and 8.0.8. Easily exploitable vulnerability allows low privilege...

7.1CVSS6.2AI score0.00405EPSS

Trend Micro Simply Security•added 2025/01/29 12:0 a.m.•4 views

ASRM: A New Pillar for Cyber Insurance Underwriting

ASRM transforms cyber insurance underwriting by integrating real-time risk assessments, advanced tools NDR, EDR, Cloud Security, MDR, and proactive mitigation strategies to improve accuracy, reduce claims, and build trust...

7.3AI score

HackRead•added 2025/01/25 1:3 p.m.•19 views

American National Insurance Company (ANICO) Data Leaked in MOVEit Breach

Cybersecurity researchers discovered 270,000+ lines of American National Insurance customer data leaked online, potentially linked to the 2023…...

7.3AI score

Malwarebytes•added 2025/01/14 12:20 p.m.•8 views

Insurance company accused of using secret software to illegally collect and sell location data on millions of Americans

Insurance company Allstate and its subsidiary Arity unlawfully collected, used, and sold data about the location and movement of Texans’ cell phones through secretly embedded software in mobile apps, according to Texas Attorney General Ken Paxton. Attorney General Paxton says the companies didn't...

7AI score

Pen Test Partners Blog•added 2024/12/03 6:17 a.m.•6 views

6 non tech things you wish you had done before being breached

Introduction When a breach happens, it’s not just technical defences that matter. Preparation in non-technical areas, like having key documents printed or emergency contacts accessible, can make all the difference. In this blog, we highlight six simple yet essential steps to help you prepare in...

7AI score

CNVD•added 2024/11/21 12:0 a.m.•10 views

TRCore DVC Path Traversal Vulnerability

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a path traversal vulnerability that stems from the program's failure to properly filter special elements in the path of a resource or file, which can be exploited by an attacker to read arbitrary system files...

CNVD•added 2024/11/21 12:0 a.m.•9 views

Exploits0References1

TRCore DVC path traversal vulnerability (CNVD-2024-46436)

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a path traversal vulnerability that can be exploited by an attacker to read arbitrary system files...

The Hacker News•added 2024/11/18 11:15 a.m.•6 views

Exploits0References1

Beyond Compliance: The Advantage of Year-Round Network Pen Testing

IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here's the thing: hackers don't wait around for compliance schedules. Most companies approach network penetration testing on a set schedule, with the most common...

7.1AI score

CNNVD•added 2024/11/18 12:0 a.m.•2 views

TRCore DVC 安全漏洞

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a path traversal vulnerability that can be exploited by an attacker to read arbitrary system files...

CNNVD•added 2024/11/18 12:0 a.m.•1 views

Exploits0References2

TRCore DVC 安全漏洞

Pen Test Partners Blog•added 2024/11/05 6:35 a.m.•8 views

Exploits0References2

Maritime lawyers assemble!

Maritime cyber insurance has been playing catch-up with maritime cyber security for a while now. It was all pretty good until the availability of cheap VSAT meant that ships became constantly connected. Vessels were mostly not connected at sea, other than Fleet Broadband connections, rarely used...

7.4AI score

OSV•added 2024/11/03 2:15 p.m.•0 views

CVE-2024-10735

A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /editNominee.php. The manipulation of the argument nomineeid leads to sql injection. The attack can be initiated remotely. The...

9.8CVSS5.8AI score

Exploits0References4

NVD•added 2024/11/03 2:15 p.m.•13 views

CVE-2024-10735

9.8CVSS0.00096EPSS

Cvelist•added 2024/11/03 2:0 p.m.•16 views

CVE-2024-10735 Project Worlds Life Insurance Management System editNominee.php sql injection

6.5CVSS0.00096EPSS

CVE•added 2024/11/03 2:0 p.m.•41 views

CVE-2024-10735

CVE-2024-10735 affects Project Worlds Life Insurance Management System 1.0. The vulnerability is in the file /editNominee.php, where manipulation of the nominee_id parameter leads to an SQL injection. The issue is remotely exploitable and publicly disclosed. Affected scope is the system’s ability...

9.8CVSS7.1AI score0.00096EPSS

Exploits1References4Affected Software1

NVD•added 2024/11/03 1:15 p.m.•10 views

CVE-2024-10734

A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /editPayment.php. The manipulation of the argument reciptno leads to sql injection. It is possible to initiate the attack remotely. The...

9.8CVSS0.00096EPSS

OSV•added 2024/11/03 1:15 p.m.•2 views

CVE-2024-10734

9.8CVSS5.8AI score0.00096EPSS