Lucene search
K

447 matches found

Circl
Circl
added 2025/01/28 10:23 a.m.6 views

CVE-2025-0065

creationtimestamp| type| source ---|---|--- 2025-01-28 10:23:32+00:00| seen| https://infosec.exchange/users/cve/statuses/113905487848074528 2025-01-28 11:15:28+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgsdbqlg7r2n 2025-01-28 12:00:20+00:00| seen|...

7.8CVSS8.2AI score0.00497EPSS
Exploits0References13
CVE
CVE
added 2025/01/21 8:53 p.m.57 views

CVE-2025-21564

Oracle Agile PLM Framework (Oracle Supply Chain) is affected in version 9.3.6, specifically the Agile Integration Services component. The CVE entry describes an easily exploitable vulnerability allowing a low-privileged attacker with network access via HTTP to obtain unauthorized access to critic...

8.1CVSS7.5AI score0.00481EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/01/21 8:52 p.m.57 views

CVE-2025-21508

CVE-2025-21508 affects Oracle JD Edwards EnterpriseOne Tools, specifically the Web Runtime SEC component. Affected versions are prior to 9.2.9.0. The vulnerability allows a low-privileged, unauthenticated attacker with network access over HTTP to cause a hang or frequent crashes (complete denial ...

6.5CVSS5.9AI score0.00661EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/20 10:36 a.m.2 views

Malicious code in chipped (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8b4d484b6a0b05dde597bbc9ba800eec0c201e3fc81387511d009ae01d5e07b3 The OpenSSF Package Analysis project identified 'chipped' @ 1.1.0 npm as malicious. It is considered malicious because: - The package communicat...

6.9AI score
Exploits0
OSV
OSV
added 2024/12/20 12:6 p.m.4 views

MAL-2024-12070 Malicious code in yb2bacceleratorstorefront-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7d6b9ec48a872ef195c69f3ecee359b142d1f9bb683a236c67a0c96876efafd0 The OpenSSF Package Analysis project identified 'yb2bacceleratorstorefront-web' @ 1.0.0 npm as malicious. It is considered malicious because: -...

7.1AI score
Exploits0
Circl
Circl
added 2024/12/12 11:44 a.m.10 views

CVE-2024-54101

creationtimestamp| type| source ---|---|--- 2024-12-12 11:44:13+00:00| seen| https://infosec.exchange/users/cve/statuses/113639676531469272...

6.2CVSS7AI score0.00115EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/11 2:46 p.m.4 views

Malicious code in @flutteruki-gaming/eslint-config-flutteruki-gaming (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1d4e889992a980c69235fc81b993e0417a4bf52dcb6e16a20b0c32e8cf3057fe The OpenSSF Package Analysis project identified '@flutteruki-gaming/eslint-config-flutteruki-gaming' @ 1.8.0 npm as malicious. It is considered...

7.2AI score
Exploits0
Circl
Circl
added 2024/12/02 1:31 p.m.5 views

CVE-2024-12015

creationtimestamp| type| source ---|---|--- 2024-12-02 13:31:36+00:00| seen| https://infosec.exchange/users/cve/statuses/113583475655174182...

7.7CVSS7.6AI score0.00513EPSS
Exploits0References1
0day.today
0day.today
added 2024/11/24 12:0 a.m.156 views

ProjectSend R1605 Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploadin...

8.3AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/21 5:7 a.m.1 views

Malicious code in unity-xlsx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c00dae819c9f67995c5364676a4b71e58196df002687ac1e333816c86e0bd53d The OpenSSF Package Analysis project identified 'unity-xlsx' @ 0.1.0 npm as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
GithubExploit
GithubExploit
added 2024/09/29 8:20 a.m.357 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

EN Is a Proof of Concept PoC script to check for vulnerabil...

8.6CVSS8.9AI score0.99978EPSS
Exploits52
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/09/17 11:46 a.m.4 views

Malicious code in ui-extensions-test-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 612535ed853f3bcea44a30e8568888db73a09aa577ffd88994bf21ea077c985a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
Schneier on Security
Schneier on Security
added 2024/09/06 3:16 p.m.9 views

YubiKey Side-Channel Attack

There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. Its a complicated attack, requiring the victims username and password, and physical access to their YubiKey--as well as some technical expertise and equipment. Still, nice piece of security analysi...

7.1AI score
Exploits0
Akamai Blog
Akamai Blog
added 2024/07/02 9:0 a.m.13 views

Examining the Polyfill Attack from Akamai's Point of View

...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2024/05/20 12:30 p.m.49 views

Drs-Malware-Scan - Perform File-Based Malware Scan On Your On-Prem Servers With AWS

Perform malware scan analysis of on-prem servers using AWS services Challenges with on-premises malware detection It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints. Signature-based antivirus alone is insufficient as moder...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2024/05/19 12:30 p.m.40 views

JAW - A Graph-based Security Analysis Framework For Client-side JavaScript

An open-source, prototype implementation of property graphs for JavaScript based on the esprima parser, and the EsTree SpiderMonkey Spec. JAW can be used for analyzing the client-side of web applications and JavaScript-based programs. This project is licensed under GNU AFFERO GENERAL PUBLIC LICEN...

7.1AI score
Exploits0References31
Securelist
Securelist
added 2024/05/06 10:0 a.m.30 views

Financial cyberthreats in 2023

Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2024/05/03 12:30 p.m.58 views

MasterParser - Powerful DFIR Tool Designed For Analyzing And Parsing Linux Logs

What is MasterParser ? MasterParser stands as a robust Digital Forensics and Incident Response tool meticulously crafted for the analysis of Linux logs within the var/log directory. Specifically designed to expedite the investigative process for security incidents on Linux systems, MasterParser...

7.4AI score
Exploits0References2
Schneier on Security
Schneier on Security
added 2024/04/15 11:4 a.m.20 views

New Lattice Cryptanalytic Technique

A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer...

7.5AI score
Exploits0
CNVD
CNVD
added 2024/03/14 12:0 a.m.23 views

Fortinet FortiPortal Authorization Issues Vulnerability

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. An authorization issue vulnerability exists in Fortinet FortiPortal that stems from the...

4.3CVSS7AI score0.00432EPSS
Exploits0References1
Rows per page
Query Builder