Lucene search
K

101 matches found

BDU FSTEC
BDU FSTEC
added 2023/12/19 12:0 a.m.6 views

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system, related to the lack of measures taken to protect the website structure, allows a perpetrator to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

5.5CVSS6.3AI score0.00597EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/18 12:0 a.m.10 views

PT-2023-23838 · Kainex · Kainex Wise Chat

Name of the Vulnerable Software and Affected Versions: Kainex Wise Chat versions 3.1.3 and earlier Description: A Cross-Site Request Forgery CSRF issue affects Kainex Wise Chat. This issue allows an attacker to perform unintended actions on a user's account. Recommendations: For versions 3.1.3 an...

8.8CVSS8.9AI score0.00324EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/11/10 12:0 a.m.4 views

PT-2023-22717 · Tribulant · Tribulant Newsletters Plugin

Name of the Vulnerable Software and Affected Versions: Tribulant Newsletters plugin versions = 4.8.8 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is...

8.8CVSS8.9AI score0.00303EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/11/09 12:0 a.m.3 views

PT-2023-24647 · Pascal Casier · Bbpress Toolkit Plugin

Name of the Vulnerable Software and Affected Versions: Pascal Casier bbPress Toolkit plugin versions 1.0.12 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that t...

8.8CVSS8.9AI score0.00312EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.7 views

PT-2023-29836 · WordPress · Mahlamusa Who Hit The Page – Hit Counter

Name of the Vulnerable Software and Affected Versions: Mahlamusa Who Hit The Page – Hit Counter plugin versions = 1.4.14.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application tha...

8.8CVSS8.8AI score0.00214EPSS
Exploits0References6
Wallarm Lab
Wallarm Lab
added 2023/10/14 1:15 p.m.30 views

2023 OWASP Top-10 Series: Wrap Up

Over the past several months, we've taken a journey through the new 2023 OWASP API Security Top-10 list. In the previous 12 weekly posts, we've delved into each category, discussed what it is, how it's exploited, why it matters, and suggested effective protections for each. Now, as we conclude th...

7.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.6 views

PT-2023-3555 · Ibm · Ibm Robotic Process Automation

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation versions 21.0.0 through 21.0.7.6 IBM Robotic Process Automation versions 23.0.0 through 23.0.6 Description: The issue is related to weaknesses in the authentication procedure of the software. Exploitation of thi...

5.3CVSS5.1AI score0.00394EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/05/09 12:0 a.m.20 views

Siemens SICAM P850 and P855 Devices Session Fixation (CVE-2022-40226)

A vulnerability has been identified in SICAM P850 All versions V3.10, SICAM P855 All versions V3.10. Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login. This plug...

8.1CVSS7.5AI score0.00638EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/03/28 12:0 a.m.7 views

The vulnerability of the Zabbix universal monitoring system, related to the lack of measures taken to protect the website structure, allows attackers to compromise data integrity.

The vulnerability of the Zabbix universal monitoring system is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the data...

5.4CVSS6.5AI score0.00725EPSS
Exploits0References13Affected Software5
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.5 views

PT-2023-20416 · WordPress · Registrationmagic

Name of the Vulnerable Software and Affected Versions: RegistrationMagic plugin versions = 5.1.9.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is...

8.8CVSS8.8AI score0.00248EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/02/23 12:0 a.m.10 views

PT-2023-19545 · Wpdevart · Wpdevart Organization Chart

Name of the Vulnerable Software and Affected Versions: WpDevArt Organization chart versions 1.4.4 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a...

8.8CVSS8.5AI score0.00271EPSS
Exploits0References4
OSV
OSV
added 2022/09/01 12:0 a.m.12 views

ASB-A-228101796

Bulletin has no description...

8.4CVSS7.2AI score0.00119EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/08/19 12:0 a.m.5 views

PT-2022-23481 · Jizhicms · Jizhicms

Name of the Vulnerable Software and Affected Versions: jizhicms version 2.3.1 Description: An issue was discovered that allows for a CSRF vulnerability, which can be exploited to add an admin. Recommendations: For jizhicms version 2.3.1, as a temporary workaround, consider implementing CSRF...

8.8CVSS8.6AI score0.0035EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2022/02/10 10:13 p.m.133 views

Sharp SIM-Swapping Spike Causes $68M in Losses

SIM-swapping – the practice of duping mobile carriers into switching a target’s phone services to an attacker-controlled phone – is on the rise, the Feds are warning – leading to millions in losses for consumers who found their bank accounts drained and other accounts taken over. Subscriber...

8.9AI score
Exploits0References6
ICS
ICS
added 2022/01/11 12:0 a.m.24 views

Siemens SICAM PQ Analyzer

1. EXECUTIVE SUMMARY CVSS v3 3.4 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SICAM PQ Analyzer Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve persistence on the system or cause a...

8.1CVSS8.2AI score0.00828EPSS
Exploits0References11
Wiz blog
Wiz blog
added 2021/10/06 5:29 p.m.9 views

How to Protect Your Cloud Environment from Supply Chain Attacks

Learn how to protect your cloud environment from supply chain attacks...

6.9AI score
Exploits0
Redos
Redos
added 2021/09/08 12:0 a.m.11 views

ROS-2-1703

2.1703 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

9.8CVSS8.1AI score0.05984EPSS
Exploits0
OSV
OSV
added 2021/09/01 12:0 a.m.7 views

ASB-A-189392423

1188785118878711887891188792...

7.8CVSS7.2AI score0.00301EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2021/06/23 3:59 p.m.57 views

Rapid7 Joins Statement On DMCA Lawsuits Against Security Tools

Rapid7 has joined a statement from members of the cybersecurity community cautioning against using Section 1201 of the Digital Millennium Copyright Act DMCA to suppress beneficial security tools. In the past, Rapid7 has written extensively about DMCA Sec. 1201’s impact on performing independent...

7.6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/04/20 12:0 a.m.5 views

The vulnerability of the Mozilla Firefox browser, related to the lack of measures taken to protect the structure of web pages, allows attackers to execute cross-site scripting attacks.

The vulnerability of the Mozilla Firefox browser is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

6.4CVSS6.5AI score0.00567EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder