91 matches found
EUVD-2024-30356
Malicious code in bioql PyPI...
CVE-2024-32554
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Knight Lab Knight Lab Timeline allows Stored XSS.This issue affects Knight Lab Timeline: from n/a through 3.9.3.4...
CVE-2024-2287
The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.9.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
RansomHub Becomes 2024's Top Ransomware Group, Hitting 600+ Organizations Globally
The threat actors behind the RansomHub ransomware-as-a-service RaaS scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network's domain controller as part of their...
MAL-2024-2860 Malicious code in pelisplus-repelis-ver-detective-knight-independence-peliculas-completa-en-espanol (npm)
--- -= Per source details. Do not edit below this line.=-...
Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide
An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. Knight aka Cyclops 2.0 ransomware first arrived in May 2023, employing double extortion tactics to...
CVE-2024-32554
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Knight Lab Knight Lab Timeline allows Stored XSS.This issue affects Knight Lab Timeline: from n/a through 3.9.3.4...
CVE-2024-32554 WordPress Knight Lab Timeline plugin <= 3.9.3.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Knight Lab Knight Lab Timeline allows Stored XSS.This issue affects Knight Lab Timeline: from n/a through 3.9.3.4...
CVE-2024-32554
CVE-2024-32554: Knight Lab Timeline plugin for WordPress is affected by Stored XSS due to improper neutralization of input during web page generation. Affected versions include Knight Lab Timeline up to 3.9.3.4. The vulnerability is currently listed as Unpatched in the provided sources; no fix/ve...
CVE-2024-32554 WordPress Knight Lab Timeline plugin <= 3.9.3.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Knight Lab Knight Lab Timeline allows Stored XSS.This issue affects Knight Lab Timeline: from n/a through 3.9.3.4...
PT-2024-24675 · Knight · Knight Lab Timeline
Name of the Vulnerable Software and Affected Versions: Knight Lab Timeline versions 3.9.3.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For...
WordPress Plugin Knight Lab Timeline 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
WordPress Knight Lab Timeline plugin <=3.9.3.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Knight Lab Timeline versions = 3.9.3.4...
WordPress Knight Lab Timeline Plugin <=3.9.3.4 is vulnerable to Cross Site Scripting (XSS)
Software Knight Lab Timeline Type Plugin Vulnerable versions =3.9.3.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32554 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1498a16164e Credits LVT-tholv2k Required privilege...
CVE-2024-2287 Knight Lab Timeline <= 3.9.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.9.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Plugin Knight Lab Timeline 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2024-19592 · WordPress · Knight Lab Timeline
Name of the Vulnerable Software and Affected Versions: Knight Lab Timeline plugin for WordPress versions up to, and including, 3.9.3.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...
WordPress Knight Lab Timeline Plugin <= 3.9.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Knight Lab Timeline Type Plugin Vulnerable versions = 3.9.3.3 Fixed in 3.9.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2287 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a18014776421 Credits Tien Luong...
Knight Lab Timeline < 3.9.3.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.9.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
QakBot Resurges Latest Strikes with Ransom Knight and Remcos RAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The QakBot malware has been associated with a persistent phishing campaign since the beginning of August 2023, leading to the deployment of both the Ransom Knight ransomware and the Remcos RAT. To receiv...