Lucene search
+L

424 matches found

impervablog
impervablog
added 2025/04/09 1:34 p.m.14 views

The Database Kill Chain

Cyber Threat Modeling Frameworks Modern attacks targeting sensitive data have become complex. An organization with many assets might be lost when trying to assess its overall risk, understand the pain points and prioritize the tasks required to secure its information systems. Cyber threat modelin...

8AI score
Exploits0
rapid7blog
rapid7blog
added 2025/03/27 1:31 p.m.10 views

Unpacking a post-compromise breach simulation with Vector Command

The reality of modern cyber threats In today’s evolving cyber landscape, breaches are not a matter of if , but when. Attackers continue to refine their techniques, using stealthy post-compromise tactics to maintain persistence, escalate privileges, and move laterally across networks. The key to...

8.2AI score
Exploits0
redhatcve
redhatcve
added 2025/02/05 4:1 a.m.6 views

CVE-2024-54407

Cross-Site Request Forgery CSRF vulnerability in a328496647 CK and SyntaxHighlighter ck-and-syntaxhighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through = 3.4.2...

7.1CVSS7.2AI score0.00194EPSS
Exploits0References1
trendmicroblog
trendmicroblog
added 2025/01/07 12:0 a.m.5 views

Trend Micro Contributes and Maps Container Security to MITRE ATT&CK: A Game-Changer for Cyber Defense

Trend Micro leads the way by mapping its Container Security detection capabilities to the MITRE ATT&CK framework for Containers and contributing real-world attack data...

7.3AI score
Exploits0
qualysblog
qualysblog
added 2024/12/19 6:2 p.m.12 views

Securing Cloud Environments Against Potential Extortion Threats

Introduction With the growing reliance on cloud infrastructure, organizations must be vigilant against potential extortion threats targeting misconfigurations and weak access controls. Unfortunately, extortion threats are a huge problem. According to the Verizon 2024 Data Breach Investigations...

8.1AI score
Exploits0
thn
thn
added 2024/12/18 10:30 a.m.12 views

ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation

Across small-to-medium enterprises SMEs and managed service providers MSPs, the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it's vital to understand the current cybersecurity vendor landscape and...

7.1AI score
Exploits0
securelist
securelist
added 2024/12/18 10:0 a.m.28 views

Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations

About C.A.S C.A.S Cyber Anarchy Squad is a hacktivist group that has been attacking organizations in Russia and Belarus since 2022. Besides data theft, its goal is to inflict maximum damage, including reputational. To this end, the group's attacks exploit vulnerabilities in publicly available...

8.4AI score
Exploits0
qualysblog
qualysblog
added 2024/12/17 9:17 p.m.59 views

What’s New in Qualys VMDR: 2024 Edition

Let us quickly recap the features released in Qualys Vulnerability Management, Detection & Response VMDR in 2024 and understand their use cases and benefits. Every quarter, the Qualys Product Management team collaborates with multiple customers worldwide, develops innovative solutions that addres...

7.3AI score
Exploits0
nvd
nvd
added 2024/12/16 3:15 p.m.23 views

CVE-2024-54407

Cross-Site Request Forgery CSRF vulnerability in a328496647 CK and SyntaxHighlighter ck-and-syntaxhighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through = 3.4.2...

7.1CVSS0.00194EPSS
Exploits0References1
cve
cve
added 2024/12/16 2:13 p.m.48 views

CVE-2024-54407

CVE-2024-54407 affects CK and SyntaxHighlighter plugins (CK and SyntaxHighlighter) with a CSRF-triggered Stored XSS vulnerability that affects versions up to 3.4.2. The root cause is a Cross-Site Request Forgery flaw that enables stored XSS in affected pages when an attacker can induce a user to ...

7.1CVSS7.2AI score0.00194EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/12/16 2:13 p.m.10 views

CVE-2024-54407 WordPress CK and SyntaxHighlighter plugin <= 3.4.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in a328496647 CK and SyntaxHighlighter ck-and-syntaxhighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through = 3.4.2...

7.1CVSS8.6AI score0.00194EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/12/16 12:0 a.m.4 views

WordPress plugin CK and SyntaxHighlighter 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

7.1CVSS8.5AI score0.00194EPSS
Exploits0References1
patchstack
patchstack
added 2024/12/12 12:19 p.m.5 views

WordPress CK and SyntaxHighlighter plugin <= 3.4.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin CK and SyntaxHighlighter versions = 3.4.2...

7.1CVSS6.2AI score0.00194EPSS
Exploits0Affected Software1
qualysblog
qualysblog
added 2024/12/11 3:1 p.m.22 views

Qualys Achieves 100% Major Step Detection in the 2024 MITRE ATT&CK Evaluations, Enterprise

How Qualys Transformed from Risk Leader to EDR Powerhouse In today’s rapidly evolving threat landscape, ransomware continues to dominate as one of the most significant cybersecurity challenges. To help organizations evaluate their defenses against these sophisticated threats, the MITRE ATT&CK...

9.8CVSS7.6AI score0.99999EPSS
Exploits54
qualysblog
qualysblog
added 2024/11/26 7:17 p.m.12 views

Elevate Cyber Defense with Qualys Advanced Hunting

Introduction In today’s cyber threat landscape, proactive approaches such as threat hunting have become key in any organization’s defense strategy, identifying and tackling threats before they become an incident. That is why Qualys is delighted to introduce Advanced Hunting , our threat-hunting...

7AI score
Exploits0
osv
osv
added 2024/11/20 6:23 p.m.13 views

GHSA-J5HQ-5JCR-XWX7 github.com/rancher/steve's users can issue watch commands for arbitrary resources

Impact A vulnerability has been discovered in Steve API Kubernetes API Translator in which users can watch resources they are not allowed to access, when they have at least some generic permissions on the type. For example, a user who can get a single secret in a single namespace can get all...

7.7CVSS7.3AI score0.00444EPSS
Exploits0References6
github
github
added 2024/10/25 7:39 p.m.17 views

RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists

Impact A vulnerability has been identified whereby RKE2 deployments in Windows nodes have weak Access Control Lists ACL, allowing BUILTIN\Users or NT AUTHORITY\Authenticated Users to view or edit sensitive files which could lead to privilege escalation. The affected files include binaries, script...

7.5CVSS6.1AI score0.00539EPSS
Exploits0References4Affected Software1
osv
osv
added 2024/10/25 7:39 p.m.10 views

GHSA-X7XJ-JVWP-97RV RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists

Impact A vulnerability has been identified whereby RKE2 deployments in Windows nodes have weak Access Control Lists ACL, allowing BUILTIN\Users or NT AUTHORITY\Authenticated Users to view or edit sensitive files which could lead to privilege escalation. The affected files include binaries, script...

9.1CVSS7.8AI score0.00539EPSS
Exploits0References4
github
github
added 2024/10/25 7:37 p.m.19 views

Rancher Remote Code Execution via Cluster/Node Drivers

Impact A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher...

9.1CVSS9.7AI score0.0073EPSS
Exploits0References4Affected Software1
osv
osv
added 2024/10/25 7:35 p.m.16 views

GHSA-XJ7W-R753-VJ8V Exposure of vSphere's CPI and CSI credentials in Rancher

Impact A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a...

9.1CVSS9AI score0.00438EPSS
Exploits0References4
Rows per page
Query Builder