Lucene search
K

344 matches found

Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.3 views

PT-2025-29823

Name of the Vulnerable Software and Affected Versions: Lighthouse Studio versions prior to 9.16.14 Description: A template injection vulnerability exists in Lighthouse Studio’s Perl web application ciwweb.pl. Exploitation allows an unauthenticated attacker to execute arbitrary commands on the web...

10CVSS7.9AI score0.4942EPSS
Exploits4References17
Rapid7 Blog
Rapid7 Blog
added 2025/03/31 1:1 p.m.14 views

Seeing is Securing: MDR VALUE at-a-glance with the Detection and Response Dashboard

Transparency is core to Managed Detection & Response MDR. It’s necessary between Rapid7 and our customers as we conduct security operations on their behalf. And it’s necessary for our customers to communicate transparently and effectively with their stakeholders. Scroll on – because there’s a new...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2025/03/18 12:0 a.m.2 views

IBM AIX 安全漏洞

IBM AIX is an open standards-based UNIX operating system developed for the IBM Power architecture by International Business Machines IBM. A security vulnerability exists in IBM AIX versions 7.2 and 7.3, which stems from improper control of the nimsh service SSL/TLS protection mechanism process an...

9.6CVSS9.2AI score0.00858EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2025/02/21 7:26 a.m.24 views

CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks

A high-severity security flaw impacting the Craft content management system CMS has been added by the U.S. Cybersecurity and Infrastructure Security Agency CISA to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability in question is...

9.3CVSS8.3AI score0.97446EPSS
Exploits10
Krebs on Security
Krebs on Security
added 2025/01/28 2:50 a.m.5 views

A Tumultuous Week for Federal Cybersecurity Efforts

Image: Shutterstock. Greg Meland. President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation's cybersecurity posture. The president fired all advisors from the Department of Homeland Security's Cyber Safety Review...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/01/28 12:0 a.m.5 views

Interagency Security Committee Compliance Policy and Compliance Benchmarks, 2024 Edition

The Interagency Security Committee Compliance Policy and Compliance Benchmarks, 2024 Edition outlines the ISC Compliance Policy and updates Compliance Benchmarks in alignment with Executive Order 14111 and the updated Risk Management Process Standard of 2024. These updated compliance benchmarks a...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/01/27 6:2 p.m.9 views

Unlock the Boardroom with Cyber Risk: How the Qualys Enterprise TruRisk™ Platform Empowers CISOs

The Changing Landscape for CISOs " If you can't measure it, you can't manage it." - Peter Drucker This timeless adage by Drucker resonates deeply in today's digital era, where managing cyber risks has become a business-critical priority. According to a recent survey from Splunk, Today, nearly 50%...

7.6AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2025/01/16 10:30 a.m.8 views

A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More

US president Joe Biden just issued a 40-page executive order that aims to bolster federal cybersecurity protections, directs government use of AI—and takes a swipe at Microsoft’s dominance...

7.2AI score
Exploits0
CISA
CISA
added 2024/12/30 12:0 p.m.19 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-3393link is external Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber...

8.7CVSS7.8AI score0.26636EPSS
In wildExploits0References6
HackRead
HackRead
added 2024/12/19 12:48 p.m.9 views

New Mobile Phishing Targets Executives with Fake DocuSign Links

Cybercriminals are using advanced techniques to target executives with mobile-specific phishing attacks...

7.3AI score
Exploits0
CISA
CISA
added 2024/12/19 12:0 p.m.12 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12356link is external BeyondTrust Privileged Remote Access PRA and Remote Support RS Command Injection Vulnerability These types of vulnerabilities are frequent...

9.8CVSS10AI score0.87991EPSS
In wildExploits8References6
CISA
CISA
added 2024/12/16 12:0 p.m.16 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20767link is external Adobe ColdFusion Improper Access Control Vulnerability CVE-2024-35250link is external Microsoft Windows Kernel-Mode Driver Untrusted...

7.8CVSS7.7AI score0.98514EPSS
In wildExploits14References7
CISA
CISA
added 2024/12/03 12:0 p.m.21 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-45727link is external North Grid Proself Improper Restriction of XML External Entity XEE Reference Vulnerability CVE-2024-11680link is external ProjectSend...

9.8CVSS8.9AI score0.99698EPSS
In wildExploits22References11
The Hacker News
The Hacker News
added 2024/10/23 12:54 p.m.43 views

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities KEV catalog by the U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-38094 CVSS score: 7.2,...

8.1CVSS8.3AI score0.49979EPSS
Exploits2
CISA
CISA
added 2024/10/22 12:0 p.m.22 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38094link is external link is externalMicrosoft SharePoint Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious...

7.2CVSS7.3AI score0.49979EPSS
In wildExploits1References7
Wired Threat Level
Wired Threat Level
added 2024/10/21 7:3 p.m.9 views

ICE's $2 Million Contract With a Spyware Vendor Is Under White House Review

Immigration and Customs Enforcement's contract with Paragon Solutions faces scrutiny over whether it complies with the Biden administration's executive order on spyware, WIRED has learned...

7.4AI score
Exploits0
CISA
CISA
added 2024/10/15 12:0 p.m.15 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-30088link is external Microsoft Windows Kernel TOCTOU Race Condition Vulnerability CVE-2024-9680link is external Mozilla Firefox Use-After-Free Vulnerability...

9.8CVSS8.8AI score0.93159EPSS
In wildExploits13References9
CISA
CISA
added 2024/09/30 12:0 p.m.12 views

CISA’s VDP Platform 2023 Annual Report Showcases Success

Today, the Cybersecurity and Infrastructure Security Agency CISA released its Vulnerability Disclosure Policy VDP Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation. Throughout 2023, CISA focused on advocating for the increased...

7.3AI score
Exploits0References3
The Hacker News
The Hacker News
added 2024/09/25 6:1 a.m.29 views

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager vTM to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2024-7593 CVSS...

9.8CVSS7.7AI score0.99987EPSS
Exploits7
OSV
OSV
added 2024/09/14 11:9 a.m.5 views

OESA-2024-2140 microcode_ctl security update

This is a tool to transform and deploy microcode update for x86 CPUs. Security Fixes: Improper isolation in the IntelR CoreTM Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.CVE-2023-42667 Improper isolation in...

7.8CVSS6.7AI score0.00285EPSS
Exploits0References6
Rows per page
Query Builder