Lucene search
+L

180 matches found

OSV
OSV
added 2021/12/10 8:15 p.m.27 views

CVE-2021-23639

The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...

9.8CVSS7.4AI score
Exploits0References3
Prion
Prion
added 2021/12/10 8:15 p.m.31 views

Remote code execution

The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...

7.5CVSS9.7AI score0.05329EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2021/12/10 8:5 p.m.178 views

CVE-2021-23639

md-to-pdf before 5.0.0 is vulnerable to Remote Code Execution via gray-matter parsing of front matter without disabling the JS engine. Affected tool is the CLI md-to-pdf (Simonhaenisch) with PoC demonstrations and Snyk/Snyk-like advisories confirming RCE risk. The root cause is executing embedded...

9.8CVSS9.7AI score0.05329EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2021/12/10 12:0 a.m.21 views

Markdown To Pdf 输入验证错误漏洞

Markdown To Pdf is a simple and crackable Cli tool from the individual developer Simon Hanisch in Germany. It is used to convert Markdown to pdf. An input validation error vulnerability exists in Markdown To Pdf, which stems from the product's use of gray-matter to parse front-end content when th...

9.8CVSS8.7AI score0.05329EPSS
Exploits2References3
Malwarebytes
Malwarebytes
added 2021/11/25 4:27 p.m.46 views

Google’s Threat Horizons report: Will the straightforward approach get results?

Google’s Cybersecurity Action Team has released a Threat Horizons report focusing on cloud security. It’s taken some criticism for being surprisingly straightforward and less complex than you may expect. On the other hand, many businesses simply don’t understand many of the threats at large...

6.8AI score
Exploits0
Akamai Blog
Akamai Blog
added 2021/11/18 2:0 p.m.19 views

Finding My Way as an Akamai Intern

It’s an exciting time to be starting a career in digital – but even more so when it’s at a company like Akamai. An organization driven by a commitment to developing talent within the industry, Akamai is an intellectually rigorous, demanding, and rewarding environment to be in at any level. But fo...

6.9AI score
Exploits0
Snyk
Snyk
added 2021/09/23 10:57 a.m.19 views

Remote Code Execution (RCE)

Overview md-to-pdf is a CLI tool for converting Markdown files to PDF. Affected versions of this package are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. PoC: bash //Before running poc.js: $ cat...

9.8CVSS7.3AI score0.05329EPSS
Exploits2References2
OSV
OSV
added 2021/04/13 8:15 p.m.3 views

CVE-2021-29440

Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the...

7.2CVSS6.3AI score0.30623EPSS
Exploits5References4
Openbugbounty
Openbugbounty
added 2020/10/06 9:17 a.m.5 views

drawingmatter.org Cross Site Scripting vulnerability OBB-1384549

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
ThreatPost
ThreatPost
added 2020/06/24 2:30 p.m.167 views

Experts Denounce Racial Bias of Crime-Predictive Facial-Recognition AI

More than 1,000 technology experts and academics from organizations such as MIT, Microsoft, Harvard and Google have signed an open letter denouncing a forthcoming paper describing artificial intelligence AI algorithms that can predict crime based only on a person’s face, calling it out for...

6.6AI score
Exploits0References10
ThreatPost
ThreatPost
added 2020/06/11 8:59 p.m.90 views

Black Lives Matter Emails Deliver TrickBot Malware

Cyberattackers are seizing upon the 24-hour news cycle again in order to capitalize on the current zeitgeist – this time with a fake Black Lives Matter malspam campaign that distributes the TrickBot malware. According to Swiss security firm Abuse.ch, threat actors are posing as government...

Exploits0References13
HackRead
HackRead
added 2020/06/11 7:52 p.m.31 views

Black Lives Matter movement exploited to spread Trickbot malware

By Deeba Ahmed This shows there’s certainly no limit to the meanness and notoriety of cybercriminals. This is a post from HackRead.com Read the original post: Black Lives Matter movement exploited to spread Trickbot malware...

3AI score
Exploits0
Akamai Blog
Akamai Blog
added 2019/05/23 4:0 p.m.139 views

Broadcast Operations Control Center (BOCC): Enabling OTT Broadcast Operations

So, what is the BOCC? Simply put, Akamai runs a state-of-the-art Broadcast Operations Control Centre, the BOCC, to help ensure smooth and seamless end-user play-back experience for live OTT Over the Top and linear video delivered through Akamai Media Delivery Solutions. To phrase it more...

0.6AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/01/18 2:55 p.m.228 views

TAU Threat Intelligence Notification – WindTail (OSX)

Summary Dark Matter researcher Taha Karim recently presented his research on the APT group WindShift at Hack in the Box Singapore. This group primarily focuses on highly targeted campaigns directed toward Middle Eastern government and commercial entities. One of the custom macOS backdoors employe...

0.1AI score
Exploits0
CISA
CISA
added 2018/07/30 12:0 a.m.12 views

NCCIC Webinar Series on Russian Government Cyber Activity

NCCIC is holding a webinar on Russian government cyber activity against critical infrastructure as detailed in NCCIC Alert TA18-074A today from 1–2:30 p.m. ET. The webinar will feature NCCIC subject matter experts discussing recent cybersecurity incidents, mitigation techniques, and resources tha...

6.8AI score
Exploits0References2
The Hacker News
The Hacker News
added 2017/05/05 10:13 p.m.16 views

Wikileaks Unveils CIA's Man-in-the-Middle Attack Tool

Wikileaks has published a new batch of the Vault 7 leak, detailing a man-in-the-middle MitM attack tool allegedly created by the United States Central Intelligence Agency CIA to target local networks. Since March, WikiLeaks has published thousands of documents and other secret tools that the...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2017/03/23 3:26 p.m.16 views

WikiLeaks Dark Matter Release Shows CIA Interdiction of iPhone Supply Chain

From the early days of the iPhone, the CIA has had an interest in compromising the flagship Apple mobile device, according to the latest WikiLeaks release of CIA documents. Today’s Vault 7 Dark Matter release shows an unsurprising interest from the intelligence agency in tracking iPhone users, as...

Exploits0References2
The Hacker News
The Hacker News
added 2017/03/23 3:48 a.m.19 views

Wikileaks Reveals How CIA Was Hacking Your iPhones And MacBooks

As part of its "Vault 7" series, Wikileaks — the popular whistle-blowing platform — has just released another batch of classified documents focused on exploits and hacking techniques the Central Intelligence Agency CIA designed to target Apple MacOS and iOS devices. Dubbed "Dark Matter," the leak...

7.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/04/30 8:16 a.m.9 views

Reporting LIVE from the HIMSS 2015 Cybersecurity Command Center

Well, its not exactly live anymore but it certainly was worth tweeting live from the brand new Cybersecurity Command Center CCC at HIMSS 2015 in Chicago a couple weeks ago given all the excitement. The CCC was the place to be at HIMSS this year with standing room only at the educational sessions...

1.8AI score
Exploits0
The Hacker News
The Hacker News
added 2014/11/24 10:1 p.m.12 views

Sony Pictures HACKED; Studio-Staff Computers Seized by Hackers

It’s a bad day for Sony yesterday!! Sony appears to be hacked once again by hackers, but this time not its PlayStation, instead its Sony Pictures Entertainment – the company’s motion picture, television production and distribution unit. According to multiple reports, the corporate computers of So...

7AI score
Exploits0
Rows per page
Query Builder