Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation

The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom...

CVE-2024-44439

CVE-2024-44439 concerns Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v1.9.1. The available sources describe a vulnerability that could allow a remote attacker to escalate privileges via an open port. Affected component/version: ...

CVE-2024-44439

An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port...

CVE-2024-47222

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol...

CVE-2024-47222

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol...

CVE-2024-47222

The CVE-2024-47222 entry corresponds to a vulnerability in New Cloud MyOffice SDK Collaborative Editing Server, with affected versions 2.2.2–2.8. The root cause is insufficient validation in the WOPI protocol handling, allowing server-side request forgery (SSRF) via manipulated requests originati...

CVE-2024-47222

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol...

New Cloud MyOffice SDK Collaborative Editing Server 安全漏洞

MyOffice SDK is an office software development kit from MyOffice, Inc. A security vulnerability exists in New Cloud MyOffice SDK Collaborative Editing Server versions 2.2.2 through 2.8, which originates from a vulnerability that allows server-side request forgery to be implemented by manipulating...

CVE-2024-7736 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-7736 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-7736

The CVE-2024-7736 entry affects ENOVIA Collaborative Industry Innovator (3DEXPERIENCE R2022x through R2024x). The issue is a reflected Cross-site Scripting (XSS) vulnerability exploiting a JavaScript/script rendering pathway in the browser, enabling arbitrary script execution in a user session. T...

Command Execution Vulnerability in Zhiyuan OA (CNVD-2024-45618)

Zhiyuan OA is a collaborative management software, a digital collaborative operation platform for medium-sized and large group organizations. A command execution vulnerability exists in Zhiyuan OA, which can be exploited by an attacker to gain server privileges...

CVE-2024-8004 Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

A stored Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-8004

CVE-2024-8004 describes a stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator spanning releases from 3DEXPERIENCE R2022x to R2024x . The issue allows an attacker to execute arbitrary script in a user’s browser session when malicious input is stored and rende...

CVE-2024-6378

A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-6378

A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-6378

CVE-2024-6378 is a reflected XSS vulnerability in ENOVIA Collaborative Industry Innovator affecting 3DEXPERIENCE R2022x through R2024x. The connected sources clearly identify the affected product and the underlying issue: a reflected cross-site scripting flaw that could cause arbitrary script exe...

Key Takeaways From The Take Command Summit: Command Your Cloud

The Cloud security landscape is constantly changing. During the "Command Your Cloud" session at the Rapid7 Take Command Summit, industry experts Ryan Blanchard, Jeffrey Gardner and Devin Krugly shared vital strategies for staying ahead of that constant change. Effective cloud security requires a...

CVE-2024-38353 CodiMD - Missing Image Access Controls and Unauthorized Image Access

CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid authentication to...

CVE-2024-38353 CodiMD - Missing Image Access Controls and Unauthorized Image Access

CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid authentication to...