Lucene search
K

5655 matches found

The Hacker News
The Hacker News
added 2023/09/13 2:5 p.m.82 views

Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints

Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact...

8.2AI score0.11668EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2023/09/08 12:0 a.m.5 views

PT-2023-28233 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

5.5CVSS3.9AI score0.00391EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.24 views

Oracle Linux 5 : gdm (ELSA-2009-1364)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2009-1364 advisory. 1:2.16.0-56 - Resolves: 239818 181302 - Fix tcp wrappers detection on 64-bit 1:2.16.0-55 Resolves: 196054 - Fix docs subpackage Requires 1:2.16.0-53 Resolves:...

6.8CVSS5.6AI score0.01841EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.39 views

Oracle Linux 6 / 7 : php54-php (ELSA-2015-1219)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1219 advisory. - core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024 - fix various functions accept paths with NUL character...

9.8CVSS7.8AI score0.50129EPSS
Exploits5References9
BDU FSTEC
BDU FSTEC
added 2023/08/29 12:0 a.m.5 views

The vulnerability of the Java Protocol Buffers protobuf-java environment library, related to insufficient validation of input data, allows attackers to trigger service failures.

The vulnerability of the Java Protocol Buffers protobuf-java environment library is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

7.8CVSS6.5AI score0.00483EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2023/08/28 4:15 a.m.12 views

CVE-2016-15035

A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified as problematic. This affects an unknown part of the file jsonradio-emergency.de/rechat.js. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named...

6.1CVSS6.5AI score
Exploits0References3
CNNVD
CNNVD
added 2023/08/15 12:0 a.m.4 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from a heap buffer overflow in the Mojom IDL, which allows remote attackers to exploit heap corruption to gain control of the WebUI...

8.8CVSS8.6AI score0.18457EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2023/08/12 11:34 a.m.36 views

Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping

Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom's Zero Touch Provisioning ZTP that could be potentially exploited by a malicious attacker to conduct remote attacks. "An external attacker who leverages the vulnerabilities discovered in AudioCodes Ltd.'s des...

7.5AI score
Exploits0
Prion
Prion
added 2023/08/11 2:15 p.m.13 views

Cross site scripting

Cross Site Scripting XSS vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code...

5.8CVSS6.2AI score0.00456EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2023/08/09 12:0 a.m.227 views

EuroTel ETL3100 Transmitter Default Credentials Vulnerability

EuroTel ETL3100 transmitters use a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system. EuroTel ETL3100 Transmitter Default Credentials Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/09 12:0 a.m.253 views

EuroTel ETL3100 Transmitter Default Credentials

EuroTel ETL3100 Transmitter Default Credentials Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter v01x37 Microprocessor: socs0t08/socs0s08, Mode...

7.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2023/08/09 12:0 a.m.305 views

EuroTel ETL3100 Transmitter Default Credentials

Summary RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter...

9.8CVSS7.3AI score0.00769EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/07 6:13 a.m.50 views

Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to JetBrains Kotlin weak security [CVE-2022-24329]

Summary There is a vulnerability in the JetBrains Kotlin open source library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-24329 DESCRIPTION: JetBrains Kotlin could provide weaker than expected security, caused by...

5.3CVSS6.1AI score0.02178EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/07 12:0 a.m.7 views

The vulnerability of the Webmin control panel in hosting systems stems from the lack of protective measures for website structures, allowing attackers to carry out XSS attacks.

The vulnerability of the Webmin control panel is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

5.5CVSS5.8AI score0.0062EPSS
Exploits1References4Affected Software2
NVD
NVD
added 2023/08/06 11:15 a.m.17 views

CVE-2023-4183

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file editupdate.php of the component Password Handler. The manipulation of the argument userid leads to improper access controls. The atta...

9.8CVSS5.9AI score0.00431EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.2 views

PT-2023-5019 · 3S Smart Software Solutions · Codesys Cmpapp

Name of the Vulnerable Software and Affected Versions: CODESYS CMPapp affected versions not specified Description: The issue is related to insufficient input validation in the CMPapp component of CODESYS software products. This can be exploited by a remote attacker to cause a denial of service...

6.8CVSS6.2AI score0.00519EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.5 views

PT-2023-26604 · Unknown · Campcodes Beauty Salon Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Beauty Salon Management System version 1.0 Description: A critical vulnerability has been found in the system. The issue is related to an unknown function of the file /admin/del service.php, where the manipulation of the editid...

7.5CVSS6.9AI score0.00567EPSS
Exploits1References7
NVD
NVD
added 2023/07/23 9:15 a.m.13 views

CVE-2023-3849

A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this...

6.1CVSS4.8AI score0.03678EPSS
Exploits4References3
Prion
Prion
added 2023/07/20 11:15 p.m.15 views

Sql injection

A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=article/category/del of the component Delete Category Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been...

6.5CVSS9.6AI score0.00645EPSS
Exploits1References3Affected Software1
The Hacker News
The Hacker News
added 2023/07/20 4:56 p.m.84 views

Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks

Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller BMC software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware. "These new vulnerabilities range in severity from High to Critical,...

9.8CVSS10.6AI score0.0171EPSS
Exploits0
Rows per page
Query Builder