Lucene search
K

15493 matches found

OSV
OSV
added 2023/03/15 2:0 a.m.7 views

MAL-2023-191 Malicious code in cms-serviceclients-extensions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3150363413ce714345472394bfc28e97eba6d3608025b70b28e9142230cecbd3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References2
Microsoft Security Update
Microsoft Security Update
added 2023/03/14 5:0 p.m.52 views

2023-03 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5023696)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

3.4AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2023/03/14 5:0 p.m.28 views

2023-03 Cumulative Update for Windows 11 Version 22H2 for ARM64-based Systems (KB5023706)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

3.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/14 4:1 p.m.29 views

How AI Could Write Our Laws

Nearly 90% of the multibillion-dollar federal lobbying apparatus in the United States serves corporate interests. In some cases, the objective of that money is obvious. Google pours millions into lobbying on bills related to antitrust regulation. Big energy companies expect action whenever there ...

0.2AI score
Exploits0
OSV
OSV
added 2023/03/13 6:15 a.m.2 views

CVE-2023-1363

A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add User Account. The manipulation of the argument username leads to cross site scripting. It is possible to launch the...

5.4CVSS3.7AI score0.00551EPSS
Exploits1References3
CVE
CVE
added 2023/03/13 6:0 a.m.44 views

CVE-2023-1363

CVE-2023-1363 affects SourceCodester Computer Parts Sales and Inventory System 1.0. Affected component: Add User Account. The vulnerability arises from manipulating the username argument, triggering cross-site scripting that can be exploited remotely. Multiple sources confirm the issue and note t...

5.4CVSS4.4AI score0.00551EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/03/13 6:0 a.m.14 views

CVE-2023-1363 SourceCodester Computer Parts Sales and Inventory System Add User Account cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add User Account. The manipulation of the argument username leads to cross site scripting. It is possible to launch the...

4CVSS5.5AI score0.00551EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/13 12:0 a.m.3 views

Computer Parts Sales and Inventory System 跨站脚本漏洞

Computer Parts Sales and Inventory System is a computer parts sales and inventory system by Warren Daloyan, an individual developer. A cross-site scripting vulnerability exists in SourceCodester Computer Parts Sales and Inventory System version 1.0, which stems from an unknown function present in...

5.4CVSS4.5AI score0.00551EPSS
Exploits1References4
Prion
Prion
added 2023/03/11 12:15 p.m.16 views

Sql injection

A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file custtransac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS9.7AI score0.00808EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/03/11 11:31 a.m.50 views

CVE-2023-1351

CVE-2023-1351 affects SourceCodester Computer Parts Sales and Inventory System 1.0, with a SQL injection in the file cust_transac.php via the phonenumber parameter. The vulnerability can be exploited remotely and exploits have been publicly disclosed. Remediation guidance across sources includes ...

9.8CVSS8.3AI score0.00808EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/03/11 12:0 a.m.5 views

Computer Parts Sales and Inventory System SQL注入漏洞

Computer Parts Sales and Inventory System is a computer parts sales and inventory system by Warren Daloyan, an individual developer. SourceCodester Computer Parts Sales and Inventory System version 1.0 suffers from a SQL injection vulnerability that originates from a security issue in the file...

9.8CVSS7.2AI score0.00808EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2023/03/10 8:0 a.m.4 views

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU resulting in a denial of service condition.

...

6.5CVSS7AI score0.00338EPSS
Exploits0
Cvelist
Cvelist
added 2023/03/08 6:53 p.m.19 views

CVE-2023-27486 Insufficient authorization validation between zones when xCAT zones are enabled

xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management...

8.1CVSS8.7AI score0.00853EPSS
Exploits1References4
Wordfence Blog
Wordfence Blog
added 2023/03/08 4:59 p.m.18 views

PSA: Intentionally Leaving Backdoors in Your Code Can Lead to Fines and Jail Time

In the cybersecurity field, we talk a lot about threat actors and vulnerable code, but what doesn’t get discussed enough is intentional vulnerabilities and becoming your own threat actor. Even when making decisions with the best of intentions, it is possible to work against your own best interest...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/03/07 11:35 p.m.4 views

Malicious code in milo-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86e0a528e7d78836123c80e70f5b1108807ae1c739ab8c65ad4a90702c07dab9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2023/03/07 11:35 p.m.9 views

MAL-2023-413 Malicious code in fca-milo-mod (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2da92f220dbfcf8c5ad54661d1c103af95453c437b5f83b868e8d9624dba1856 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2023/03/07 11:35 p.m.4 views

MAL-2023-597 Malicious code in milo-cute (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca097e4b102ba0c7c8c5489364e1ab73a771de2338769b2f99b7cc0d12d31ef8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2023/03/07 6:21 a.m.2 views

LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach

The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged...

7.2CVSS7.8AI score0.72936EPSS
Exploits4
The Hacker News
The Hacker News
added 2023/03/07 6:21 a.m.95 views

LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach

The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged...

7.2CVSS1.7AI score0.72936EPSS
Exploits4
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/03/07 2:51 a.m.4 views

Malicious code in fca-dark-rulex (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1dc65e0b0172e4250c22303c0778367df0d04b4256634ccb454dbff9bcd8415e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder