Lucene search
+L

154 matches found

Malwarebytes
Malwarebytes
added 2024/04/09 7:21 p.m.55 views

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. The malicious ads are displayed as sponsored results on Googles search engine page and localized to North America. Victims are tricked into downloadi...

7AI score
Exploits0
OSV
OSV
added 2024/03/06 11:7 a.m.43 views

BIT-PYTHON-2021-23336 Web Cache Poisoning

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

5.9CVSS7.7AI score0.35717EPSS
Exploits1References38
OSV
OSV
added 2024/03/06 10:55 a.m.18 views

BIT-DJANGO-2021-23336 Web Cache Poisoning

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

5.9CVSS7.7AI score0.35717EPSS
Exploits1References38
OpenVAS
OpenVAS
added 2023/12/26 12:0 a.m.16 views

Fedora: Security Advisory (FEDORA-2023-7c6c696102)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.01906EPSS
Exploits0References7
OSV
OSV
added 2023/11/30 1:15 p.m.4 views

CVE-2023-40674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS.This issue affects Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management:...

5.4CVSS5.8AI score0.00385EPSS
Exploits0References1
NVD
NVD
added 2023/11/30 1:15 p.m.30 views

CVE-2023-40674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS.This issue affects Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management:...

6.5CVSS0.00385EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/30 12:24 p.m.34 views

CVE-2023-40674 WordPress Simple URLs Plugin <= 118 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS.This issue affects Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management:...

6.5CVSS6.6AI score0.00385EPSS
Exploits0References1
CVE
CVE
added 2023/11/30 12:24 p.m.40 views

CVE-2023-40674

CVE-2023-40674 affects the WordPress Simple URLs plugin (versions

6.5CVSS6.3AI score0.00385EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2023/11/09 1:26 p.m.48 views

New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers

A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. "This incident is a part of a larger malvertising campaign that targets other utilities like...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/11/09 2:54 a.m.41 views

Malvertiser copies PC news site to deliver infostealer

The majority of malvertising campaigns delivering malicious utilities that we have tracked so far typically deceive victims with pages that are almost the exact replica of the software vendor being impersonated. For example, we have seen fake websites appearing like the real Webex, AnyDesk or...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/25 9:13 a.m.42 views

Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware

The popularity of Brazil's PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX. Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off using malicious...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.6 views

WordPress Plugin Simple URLs - Link Cloaking, Product Displays, and Affiliate Link Management Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Simple URLs - Link Cloakin...

8.8CVSS6.5AI score0.00214EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.6 views

WordPress plugin Simple URLs - Link Cloaking, Product Displays, and Affiliate Link Management Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS6AI score0.00343EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2023/08/16 12:0 p.m.24 views

Malvertisers up their game against researchers

Threat actors constantly take notice of the work and takedown efforts initiated by security researchers. In this constant game of cat and mouse chasing, tactics and techniques keep evolving from simple to more complex, and more covert. This is a trend we have observed time and time again, no matt...

6.6AI score
Exploits0
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.7 views

WordPress WordPress Cloaking – Show & Create Geo-Targeted Custom HTML Plugin – GeoRequest Plugin <= 0.2.0 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Cloaking – Show & Create Geo-Targeted Custom HTML Plugin – GeoRequest Type Plugin Vulnerable versions = 0.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim...

6.2AI score0.00284EPSS
Exploits0References2Affected Software1
Malwarebytes
Malwarebytes
added 2023/04/14 10:15 a.m.16 views

Massive malvertising campaign targets seniors via fake Weebly sites

Knowing their audience is something scammers excel at, and for very good reason. This is particularly true for tech support scammers whose prime targets are seniors. By understanding what retirees are searching for and abusing various online platforms, crooks can precisely go after the demographi...

6.7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.6 views

SUSE CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS6.9AI score0.01837EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.5 views

SUSE CVE-2021-23336

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

5.9CVSS9.1AI score0.35717EPSS
Exploits1References46
Malwarebytes
Malwarebytes
added 2022/08/12 3:0 p.m.20 views

Viral video drives malvertising on social media platform

This blog post was authored by Jerome Segura Viral content shared on social media is highly coveted since it gets a lot of impressions and engagement. Unfortunately, the people who push this kind of content don't always have the best of intentions. We recently identified a malvertising campaign o...

0.7AI score
Exploits0
OpenVAS
OpenVAS
added 2022/07/31 12:0 a.m.9 views

Fedora: Security Advisory for dnscrypt-proxy (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Rows per page
Query Builder