Lucene search
K

2294 matches found

Vulnrichment
Vulnrichment
added 2023/08/17 7:5 p.m.11 views

CVE-2023-40168 Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop

TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening th...

7.4CVSS6.8AI score0.00574EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/08/17 7:5 p.m.22 views

CVE-2023-40168 Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop

TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening th...

7.4CVSS7.5AI score0.00574EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/08/17 6:24 p.m.45 views

CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...

7.1CVSS9.1AI score0.00702EPSS
Exploits0References2
CVE
CVE
added 2023/08/17 6:24 p.m.63 views

CVE-2023-40313

CVE-2023-40313 affects OpenNMS Horizon before 32.0.2 and related Meridian versions, where a BeanShell interpreter running in remote server mode can lead to arbitrary remote Java code execution. Root cause is the remote BeanShell interpreter enabled in these versions. Consequences include potentia...

8.8CVSS8AI score0.00702EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/08/17 6:24 p.m.17 views

CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...

7.1CVSS7.8AI score0.00702EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/17 12:0 a.m.10 views

PT-2023-27376 · Opennms · Opennms Meridian +1

Name of the Vulnerable Software and Affected Versions: OpenNMS Horizon versions prior to 32.0.2 OpenNMS Meridian versions prior to 2023.1.6 OpenNMS Meridian versions prior to 2022.1.19 OpenNMS Meridian versions prior to 2021.1.30 OpenNMS Meridian versions prior to 2020.1.38 Description: A BeanShe...

8.8CVSS7.5AI score0.00702EPSS
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2023/08/16 12:0 a.m.4 views

The vulnerability of the modDeepSecurity module in the monitoring and security management widget of Trend Micro Apex Central allows a attacker to perform an SSRF attack.

The vulnerability of the modDeepSecurity module in the monitoring panel of the Trend Micro Apex Central security management and monitoring tool is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...

9.1CVSS6.3AI score0.00351EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/08/16 12:0 a.m.5 views

The vulnerability of the modTMSL module in the monitoring and security management panel of Trend Micro Apex Central allows a attacker to perform an SSRF attack.

The vulnerability of the modTMSL module in the monitoring and security management widgets of Trend Micro Apex Central relates to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...

9.1CVSS6.3AI score0.00358EPSS
Exploits0References5
Prion
Prion
added 2023/08/14 7:15 p.m.18 views

Design/Logic Flaw

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

6.5CVSS8.6AI score0.00741EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker News
added 2023/08/14 1:14 p.m.69 views

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw CVE-2022-24086, CVSS score: 9.8 in Adobe Commerce and Magento Open Source...

10CVSS8.1AI score0.99199EPSS
Exploits5
Cvelist
Cvelist
added 2023/08/14 12:0 a.m.13 views

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

8.8AI score0.00741EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2023/08/04 10:33 a.m.21 views

Malicious npm Packages Found Exfiltrating Sensitive Data from Developers

Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information. Software supply chain firm Phylum, which first identified the "test" packages on July 31, 2023, said they "demonstrated increasi...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/31 1:38 p.m.57 views

New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods

The P2PInfect peer-to-peer P2 worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security...

10CVSS9.1AI score0.9967EPSS
Exploits8
Trellix
Trellix
added 2023/07/26 12:0 a.m.104 views

Beyond File Search: A Novel Method

Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler By Mathanraj Thangaraju and Sijo Jacob · July 26, 2023 Threat Summary In the ever-evolving landscape of cyber threats, malware authors continuously explore new avenues to exploit unsuspecting users. The Windows...

8.6AI score0.99374EPSS
Exploits62
The Hacker News
The Hacker News
added 2023/07/21 3:5 p.m.27 views

HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software

A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. "HotRat malware equips attackers with a wide array of capabilities, such as stealing login...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/07/21 12:0 a.m.36 views

Veritas InfoScale Operations Manager prior to 8.0.0.410 Insecure File Upload (VTS23-009)

The Veritas InfoScale Operations Manager application installed on the remote host is prior to 8.0.0.410. It is, therefore, affected by an insecure file upload vulnerability. - The VIOM XPRTLD web application allows an authenticated attacker to upload all types of files to the server. An...

8.8CVSS8.2AI score0.00813EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/18 8:54 p.m.42 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-30447, CVE-2023-30446, CVE-2023-30443, CVE-2023-30448, CVE-2023-30445, CVE-2023-30449, CVE-2023-23487, CVE-2023-30431,...

8.8CVSS7.8AI score0.01378EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/07/17 9:15 p.m.4 views

CVE-2023-38404

The XPRTLD web application in Veritas InfoScale Operations Manager VIOM before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server...

8.8CVSS6AI score0.00813EPSS
Exploits0References1
Prion
Prion
added 2023/07/17 9:15 p.m.25 views

Command injection

The XPRTLD web application in Veritas InfoScale Operations Manager VIOM before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server...

6.5CVSS8.8AI score0.00813EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/07/17 12:0 a.m.23 views

CVE-2023-38404

The XPRTLD web application in Veritas InfoScale Operations Manager VIOM before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server...

7.2CVSS9.1AI score0.00813EPSS
Exploits0References1
Rows per page
Query Builder