Lucene search
K

1056 matches found

Vulnrichment
Vulnrichment
β€’added 2023/09/20 12:0 a.m.β€’11 views

CVE-2023-42334

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

7.2AI score0.00584EPSS
Exploits1References1
Vulnrichment
Vulnrichment
β€’added 2023/09/20 12:0 a.m.β€’12 views

CVE-2023-42335

Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component...

7.9AI score0.01096EPSS
Exploits1References1
Cvelist
Cvelist
β€’added 2023/09/20 12:0 a.m.β€’22 views

CVE-2023-42334

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

6.8AI score0.00584EPSS
Exploits1References1
CVE
CVE
β€’added 2023/09/20 12:0 a.m.β€’57 views

CVE-2023-42335

The CVE-2023-42335 entry describes an Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and Fl3xx Crew 2.10.37. The issue allows a remote attacker to execute arbitrary code via the Add Attachment function in the New Expense component. The root cause is an unrestricted file upload p...

8.8CVSS8.8AI score0.01096EPSS
Exploits1References1Affected Software2
CVE
CVE
β€’added 2023/09/20 12:0 a.m.β€’46 views

CVE-2023-42334

The CVE-2023-42334 issue affects Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37, due to an Indirect Object Reference (IDOR) in the user parameter that enables privilege escalation by remote attackers. Root cause is IDOR exposure; impacts include elevated privileges (no info on exploitation specifi...

6.5CVSS6.6AI score0.00584EPSS
Exploits1References1Affected Software2
NVD
NVD
β€’added 2023/09/01 10:15 a.m.β€’34 views

CVE-2022-44349

NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting XSS...

5.4CVSS5.4AI score0.00292EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
β€’added 2023/09/01 10:15 a.m.β€’3 views

CVE-2022-44349

NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting XSS...

5.4CVSS5.8AI score0.00292EPSS
Exploits0References3
OSV
OSV
β€’added 2023/09/01 10:15 a.m.β€’2 views

CVE-2022-44349

NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting XSS...

5.4CVSS5.8AI score0.00292EPSS
Exploits0References2
Prion
Prion
β€’added 2023/09/01 10:15 a.m.β€’24 views

Cross site scripting

NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting XSS...

4.9CVSS5.4AI score0.00292EPSS
Exploits0References2Affected Software1
CVE
CVE
β€’added 2023/09/01 12:0 a.m.β€’37 views

CVE-2022-44349

CVE-2022-44349 affects NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50. The vulnerability is described as Cross Site Scripting (XSS) in multiple sources. Root cause, affected components, and exact exploit details are not provided in the documents. Some connected sources (CNNVD) claim exploitation; however,...

5.4CVSS5.4AI score0.00292EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
β€’added 2023/09/01 12:0 a.m.β€’30 views

CVE-2022-44349

NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting XSS...

5.6AI score0.00292EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2023/09/01 12:0 a.m.β€’4 views

PT-2023-14454 Β· Navblue S.A.S Β· Navblue N-Ops & Crew

Name of the Vulnerable Software and Affected Versions: NAVBLUE S.A.S N-Ops & Crew version 22.5-rc.50 Description: The issue is related to Cross Site Scripting XSS, which is a type of security vulnerability that can allow an attacker to inject malicious scripts into a website. No information is...

5.4CVSS6.7AI score0.00292EPSS
Exploits0References5
Vulnrichment
Vulnrichment
β€’added 2023/09/01 12:0 a.m.β€’22 views

CVE-2022-44349

NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting XSS...

6.5AI score0.00292EPSS
Exploits0References2
The Hacker News
The Hacker News
β€’added 2023/07/31 12:30 p.m.β€’23 views

Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor

Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also...

7.1AI score
Exploits0
The Hacker News
The Hacker News
β€’added 2023/07/10 5:20 a.m.β€’44 views

Revolut Faces $20 Million Loss as Attackers Exploit Payment System Weakness

Malicious actors exploited an unknown flaw in Revolut's payment systems to steal more than $20 million of the company's funds in early 2022. The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed...

8.7AI score
Exploits0
The Hacker News
The Hacker News
β€’added 2023/07/06 8:52 a.m.β€’55 views

INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cybercrime

A suspected senior member of a French-speaking hacking crew known as OPERA1ER has been arrested as part of an international law enforcement operation codenamed Nervone, Interpol has announced. "The group is believed to have stolen an estimated USD 11 million -- potentially as much as 30 million -...

9.8CVSS6.7AI score0.85689EPSS
Exploits10
The Hacker News
The Hacker News
β€’added 2023/06/22 1:5 p.m.β€’21 views

Camaro Dragon Hackers Strike with USB-Driven Self-Propagating Malware

The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that spreads through compromised USB drives. "While their primary focus has traditionally been Southeast Asian countries, this latest discovery reveals their global reach...

7.2AI score
Exploits0
The Hacker News
The Hacker News
β€’added 2023/06/21 11:29 a.m.β€’23 views

Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor

Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom's Symantec, involved a new backdoor codenamed Graphican. Some of the other targets...

7AI score
Exploits0
The Hacker News
The Hacker News
β€’added 2023/06/10 12:4 p.m.β€’85 views

New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies

Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER. "SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory...

7.2AI score
Exploits0
The Hacker News
The Hacker News
β€’added 2023/04/26 12:33 p.m.β€’42 views

Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China

The advanced persistent threat APT group referred to as Evasive Panda has been observed targeting an international non-governmental organization NGO in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ. The attack chains are designed to distribut...

6.9AI score
Exploits0
Rows per page
Query Builder