Lucene search
K

638 matches found

Trellix
Trellix
added 2024/10/02 12:0 a.m.7 views

Cyber Threats Targeting the US Government During the Democratic National Convention

Cyber Threats Targeting the US Government During the Democratic National Convention By Anne An · October 2, 2024 Introduction Trellix global sensors detected increased threat activities during the days that the Democratic National Convention DNC was held in August 2024, culminating into a massive...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/09/25 7:3 a.m.22 views

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans RATs. The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation an...

7.7AI score
Exploits0
ICS
ICS
added 2024/09/24 6:0 a.m.44 views

Alisonic Sibylla

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Alisonic Equipment: Sibylla Vulnerability: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' 2. RISK EVALUATION Successful exploitation of this vulnerability...

9.8CVSS9.8AI score0.00561EPSS
Exploits0References10
ICS
ICS
added 2024/09/24 6:0 a.m.27 views

OPW Fuel Management Systems SiteSentinel

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : OPW Fuel Managements Systems Equipment : SiteSentinel Vulnerability : Missing Authentication For Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could...

9.8CVSS10AI score0.00716EPSS
Exploits0References10
OSV
OSV
added 2024/09/10 4:15 a.m.3 views

CVE-2024-44112

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2024/09/10 4:15 a.m.11 views

CVE-2024-44112

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

4.3CVSS0.0025EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/10 4:3 a.m.24 views

CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

4.3CVSS0.0025EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/10 4:3 a.m.11 views

CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

4.3CVSS7AI score0.0025EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/08/29 11:5 a.m.94 views

Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks

A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 CVSS score: 8.7, the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closed-circui...

10CVSS9.1AI score0.99975EPSS
Exploits13
OSV
OSV
added 2024/07/09 5:15 a.m.4 views

CVE-2024-37171

SAP Transportation Management Collaboration Portal allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. This will trigger the application handler to send a request to an unintended service, which may reveal information about that...

5CVSS5.8AI score0.00353EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/09 4:21 a.m.12 views

CVE-2024-37171 [CVE-2024-37171] Server-Side Request Forgery (SSRF) in SAP Transportation Management (Collaboration Portal)

SAP Transportation Management Collaboration Portal allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. This will trigger the application handler to send a request to an unintended service, which may reveal information about that...

5CVSS6.6AI score0.00353EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/09 4:21 a.m.23 views

CVE-2024-37171 [CVE-2024-37171] Server-Side Request Forgery (SSRF) in SAP Transportation Management (Collaboration Portal)

SAP Transportation Management Collaboration Portal allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. This will trigger the application handler to send a request to an unintended service, which may reveal information about that...

5CVSS0.00353EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.6 views

SAP Transportation Management Code Issue Vulnerability

SAP Transportation Management is an integrated transportation fleet and logistics management application from SAP, Germany, that helps organizations reduce complexity, increase efficiency and agility to build a more sustainable and risk-resilient supply chain. A code issue vulnerability exists in...

5CVSS6.8AI score0.00353EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/08 12:0 a.m.5 views

PT-2024-9896 · Sap · Sap Transportation Management

Name of the Vulnerable Software and Affected Versions: SAP Transportation Management Collaboration Portal affected versions not specified Description: The issue allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application, triggering the...

5CVSS6.9AI score0.00353EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2024/05/16 3:16 a.m.12 views

Cybercriminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks

The Microsoft Threat Intelligence team said it has observed a threat actor it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta...

7.4AI score
Exploits0
ICS
ICS
added 2024/05/09 6:0 a.m.32 views

alpitronic Hypercharger EV charger

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: alpitronic Equipment: Hypercharger EV charger Vulnerability: Use of Default Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker disabling...

8.3CVSS7AI score0.00489EPSS
Exploits0References10
NCSC
NCSC
added 2024/04/19 12:0 a.m.7 views

Vulnerabilities fixed in Oracle Supply Chain products

Oracle has fixed vulnerabilities in several Supply Chain products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User rights...

8.1CVSS7.3AI score0.46836EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/04/11 12:0 a.m.335 views

Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure

CVE ID: CVE-2023-27195 Description: An access control issue in Trimble TM4Web v22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an...

7.4AI score0.01018EPSS
Exploits2
0day.today
0day.today
added 2024/04/11 12:0 a.m.279 views

Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure Vulnerability

An access control issue in Trimble TM4Web version 22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an Administrator account,...

9.8CVSS7.6AI score0.01018EPSS
Exploits2
ICS
ICS
added 2024/04/02 6:0 a.m.99 views

IOSIX IO-1020 Micro ELD

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION : Exploitable from adjacent network/Low attack complexity Vendor : IOSiX Equipment : IO-1020 Micro ELD Vulnerabilities : Use of Default Credentials, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these...

7.4CVSS8.3AI score0.004EPSS
Exploits0References8
Rows per page
Query Builder