Lucene search
+L

13 matches found

mssecure
mssecure
added 2026/04/07 2:0 p.m.24 views

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

In this article 1. DNS hijacking attack chain: From compromised devices to AiTM and other follow-on activity 2. Mitigation and protection guidance 3. Microsoft Defender detection and hunting guidance Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been...

5.8AI score
Exploits0
githubexploit
githubexploit
added 2026/02/10 4:28 a.m.190 views

Exploit for PHP Remote File Inclusion in Synacor Zimbra_Collaboration_Suite

CVE-2025-68645 — Zimbra Classic UI LFI Defender Pack This r...

8.8CVSS5.5AI score0.31769EPSS
Exploits5
packetstormnews
packetstormnews
added 2025/10/09 12:0 a.m.7 views

An AUTOSAR-Aligned Architectural Study of Vulnerabilities in Automotive SoC Software

Cooperative, Connected and Automated Mobility CCAM are complex cyber-physical systems CPS that integrate computation, communication, and control in safety-critical environments. At their core, System-on-Chip SoC platforms consolidate processing units, communication interfaces, AI accelerators, an...

6.9AI score
Exploits0
github
github
added 2025/09/05 9:2 p.m.8 views

secrets-store-sync-controller discloses service account tokens in logs

Hello Kubernetes Community, A security issue was discovered in secrets-store-sync-controller where an actor with access to the controller logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vau...

6.5CVSS6.6AI score0.00179EPSS
Exploits0References5Affected Software1
githubexploit
githubexploit
added 2025/08/17 10:4 p.m.299 views

Exploit for CVE-2025-54253

CVE-2025-54253 Adobe AEM OGNL Injection Simulated PoC Lab !...

10CVSS8.9AI score0.87515EPSS
Exploits7
packetstormnews
packetstormnews
added 2025/04/16 12:0 a.m.11 views

InjectLab: a Tactical Framework for Adversarial Threat Modeling against Large Language Models

Large Language Models LLMs are changing the way people interact with technology. Tools like ChatGPT and Claude AI are now common in business, research, and everyday life. But with that growth comes new risks, especially prompt-based attacks that exploit how these models process language. InjectLa...

7AI score
Exploits0
kubernetes
kubernetes
added 2021/05/18 7:14 p.m.6 views

Holes in EndpointSlice Validation Enable Host Network Hijack

Issue Details A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs. Th...

4.9CVSS6AI score0.01332EPSS
Exploits0Affected Software1
cisa
cisa
added 2020/12/07 12:0 a.m.170 views

NSA Releases Advisory on Russian State-Sponsored Malicious Cyber Actors Exploiting CVE-2020-4006

The National Security Agency NSA has released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting...

9CVSS3.4AI score0.23771EPSS
Exploits0References3
securityvulns
securityvulns
added 2010/12/14 12:0 a.m.38 views

VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow Vulnerability (VUPEN-SR-2010-31)

VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow Vulnerability VUPEN-SR-2010-31 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "RealPlayer is a media player available to play, manage and download all your mp3, flash and video files" from real.com...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2010/12/14 12:0 a.m.39 views

VUPEN Security Research - RealPlayer Audio Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-003)

VUPEN Security Research - RealPlayer Audio Data Handling Buffer Overflow Vulnerability VUPEN-SR-2010-003 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "RealPlayer is a media player available to play, manage and download all your mp3, flash and video files" from...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2010/11/20 12:0 a.m.66 views

VUPEN Security Research - Apple Safari Scrollbar Handling Use-after-free Vulnerability (VUPEN-SR-2010-245)

VUPEN Security Research - Apple Safari Scrollbar Handling Use-after-free Vulnerability VUPEN-SR-2010-245 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2010/10/16 12:0 a.m.49 views

VUPEN Security Research - Microsoft Office Excel Ghost Record Type Parsing Vulnerability (CVE-2010-3242)

VUPEN Security Research - Microsoft Office Excel Ghost Record Type Parsing Vulnerability CVE-2010-3242 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and share...

9.3CVSS7.4AI score0.21413EPSS
Exploits1
threatpost
threatpost
added 2010/07/28 6:4 p.m.8 views

Adobe to Share Vulnerability Data with Security Vendors

LAS VEGAS — Adobe’s push to beef up its security posture took another leap forward here with the announcement of plans to start sharing details on software vulnerabilities with security vendors ahead of time to help reduce the window of exposure to hacker attacks. In partnership with Microsoft,...

1.1AI score
Exploits0References1
Rows per page
Query Builder