Lucene search
K

261 matches found

OSV
OSV
added 2024/02/20 6:30 a.m.4 views

GHSA-F3RF-CR7F-CWC4 Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page

Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the...

6.1CVSS7AI score0.00385EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/02/20 6:30 a.m.4 views

Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page

Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the...

6.1CVSS6.2AI score0.00385EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2024/02/19 12:0 a.m.6 views

PT-2024-14323 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.45 through 7.4.3.101 Liferay DXP 2023.Q3 before patch 6 Liferay DXP versions 7.4 update 45 through 92 Description: The issue is an open redirect vulnerability in the Countries Management’s edit region page. This...

6.1CVSS6.2AI score0.00385EPSS
Exploits0References9
ICS
ICS
added 2024/02/08 7:0 a.m.50 views

Qolsys IQ Panel 4, IQ4 HUB

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Low attack complexity Vendor : Qolsys, Inc. Equipment : IQ Panel 4, IQ4 Hub Vulnerability : Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the panel...

9.8CVSS8.6AI score0.00585EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2023/12/19 6:58 a.m.93 views

8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware

The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 CVSS score: 7.2, a remote code execution bug that could be exploited by authenticated attackers to ta...

10CVSS8.2AI score0.99997EPSS
Exploits52
HackRead
HackRead
added 2023/12/11 1:5 p.m.10 views

Interpol Busts Human Traffickers Luring Victims with Fake Online Job Ads

By Deeba Ahmed Operation Storm Makers II, as dubbed by Interpol, witnessed the mobilization of law enforcement agencies from 27 countries. This is a post from HackRead.com Read the original post: Interpol Busts Human Traffickers Luring Victims with Fake Online Job Ads...

7.3AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/11/22 5:0 p.m.59 views

Diamond Sleet supply chain compromise distributes a modified CyberLink installer

Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet ZINC involving a malicious variant of an application developed by CyberLink Corp., a software company that develops multimedia software products. This malicious file is a legitima...

7.5CVSS7.2AI score0.99979EPSS
Exploits17
Microsoft Secure
Microsoft Secure
added 2023/11/22 5:0 p.m.66 views

Diamond Sleet supply chain compromise distributes a modified CyberLink installer

Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet ZINC involving a malicious variant of an application developed by CyberLink Corp., a software company that develops multimedia software products. This malicious file is a legitima...

7.5CVSS7.2AI score0.99979EPSS
Exploits17
Wired Threat Level
Wired Threat Level
added 2023/11/21 8:49 p.m.8 views

DOJ Charges Binance With Vast Money-Laundering Scheme and Sanctions Violations

From Russia to Iran, the feds have charged Binance with conducting well over $1 billion in transactions with sanctioned countries and criminal actors...

7.4AI score
Exploits0
MSRC
MSRC
added 2023/11/20 8:0 a.m.13 views

Celebrating ten years of the Microsoft Bug Bounty program and more than $60M awarded

This year marks the tenth anniversary of the Microsoft Bug Bounty Program, an essential part of our proactive strategy to protect customers from security threats. Since its inception in 2013, Microsoft has awarded more than $60 million to thousands of security researchers from 70 countries. These...

7.5AI score
Exploits0
ICS
ICS
added 2023/11/02 6:0 a.m.41 views

Franklin Fueling System TS-550

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Franklin Fueling System Equipment : TS-550 Vulnerability : Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful...

9.8CVSS9.5AI score0.00284EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2023/10/26 4:25 a.m.54 views

YoroTrooper: Researchers Warn of Kazakhstan's Stealthy Cyber Espionage Group

A relatively new threat actor known as YoroTrooper is likely made up of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani...

6.7AI score
Exploits0
HackRead
HackRead
added 2023/10/19 6:18 p.m.22 views

Human Error: Casio ClassPad Data Breach Impacting 148 Countries

By Waqas If you are a Casio ClassPad customer, it is strongly recommended that you change your ClassPad password immediately to protect yourself. This is a post from HackRead.com Read the original post: Human Error: Casio ClassPad Data Breach Impacting 148 Countries...

7AI score
Exploits0
OSV
OSV
added 2023/09/30 10:15 p.m.5 views

CVE-2023-43730

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "countriesname1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

5.4CVSS5.9AI score0.00431EPSS
Exploits1References2
ICS
ICS
added 2023/08/24 6:0 a.m.21 views

CODESYS Development System

1. EXECUTIVE SUMMARY ​CVSS v3 7.3 ​ATTENTION: low attack complexity ​Vendor: CODESYS, GmbH ​Equipment: CODESYS Development System ​Vulnerability: Uncontrolled Search Path Element. 2. RISK EVALUATION ​Successful exploitation of this vulnerability could cause users to unknowingly launch a malicious...

7.3CVSS7.1AI score0.00194EPSS
Exploits0References10
MSRC
MSRC
added 2023/08/07 7:0 a.m.7 views

Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards

We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered and fixed more than a thousand potential security issues before they impacted our customers. In recognition of this...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/03 9:38 a.m.43 views

Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets

In yet another sign of a lucrative crimeware-as-a-service CaaS ecosystem, cybersecurity researchers have discovered a new Windows-based information stealer called Meduza Stealer that's actively being developed by its author to evade detection by software solutions. "The Meduza Stealer has a...

9.8CVSS8.9AI score0.85689EPSS
Exploits10
HackRead
HackRead
added 2023/05/25 7:6 p.m.20 views

Netflix’s Password Sharing Crackdown Goes Global: 103 Countries Affected

By Habiba Rashid Netflix is sending emails addressing password sharing between households, and users are not happy about it as CancelNetflix trends on social media. This is a post from HackRead.com Read the original post: Netflixs Password Sharing Crackdown Goes Global: 103 Countries Affected...

7.1AI score
Exploits0
hivepro
hivepro
added 2023/05/24 10:21 a.m.17 views

WINTAPIX Kernel Driver Targeting Middle Eastern Nations

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The WINTAPIX driver, protected by VMProtect, targets Saudi Arabia and other Gulf countries, possibly linked to Iranian threat actors exploiting Exchange servers for malware deployment. To receive real-ti...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/05/03 12:0 a.m.4 views

PT-2023-9399 · Yealink · Yealink Meeting Server

Name of the Vulnerable Software and Affected Versions: Yealink Meeting Server versions prior to V26.0.0.67 Description: The issue is related to insufficient protection of service data, allowing a remote attacker to gain access to user credentials. This can be achieved by sending an HTTP request...

7.8CVSS7.6AI score0.00472EPSS
Exploits0References10
Rows per page
Query Builder