Lucene search
K

13 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/11/12 10:42 p.m.68 views

Patch Tuesday - November 2024

Microsoft is addressing 90 vulnerabilities this November 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for four of the vulnerabilities published today, although as with last month’s batch, it does not evaluate any of these zero-day vulnerabilities...

9.9CVSS10AI score0.81817EPSS
Exploits4
The Hacker News
The Hacker News
added 2024/10/22 4:47 a.m.49 views

CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracked as CVE-2024-9537 CV...

9.8CVSS9.7AI score0.61725EPSS
Exploits8
Securelist
Securelist
added 2024/10/17 10:0 a.m.130 views

SAS CTF and the many ways to persist a kernel shellcode on Windows 7

On May 18, 2024, Kaspersky's Global Research & Analysis Team GReAT, with the help of its partners, held the qualifying stage of the SAS CTF, an international competition of cybersecurity experts held as part of the Security Analyst Summit conference. More than 800 teams from all over the world to...

7.8CVSS7.1AI score0.08661EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/09/11 6:30 a.m.43 views

Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities

Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager EPM, including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows - CVE-2024-29847 CVSS score: 10.0 - A deserialization of...

10CVSS9.1AI score0.88955EPSS
Exploits4
Rapid7 Blog
Rapid7 Blog
added 2024/09/10 8:49 p.m.77 views

Patch Tuesday - September 2024

Microsoft is addressing 79 vulnerabilities this September 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for four of the vulnerabilities published today; at time of writing, all four are listed on CISA KEV. Microsoft is also patching four critical...

9.9CVSS9.1AI score0.8399EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2024/08/13 11:36 p.m.101 views

Patch Tuesday - August 2024

Microsoft is addressing 88 vulnerabilities this August 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for ten of the vulnerabilities published today, which is significantly more than usual. At time of writing, all six of the known-exploited...

9.8CVSS9.9AI score0.70564EPSS
Exploits32
The Hacker News
The Hacker News
added 2024/07/17 5:25 a.m.60 views

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 CVSS score: 9.8, the vulnerability impacts all versions of the software before 1.3.0. It has been describ...

8AI score0.9921EPSS
Exploits11
Rapid7 Blog
Rapid7 Blog
added 2024/05/14 8:25 p.m.79 views

Patch Tuesday - May 2024

Microsoft is addressing 61 vulnerabilities this May 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for three of the vulnerabilities published today. At time of writing, two of the vulnerabilities patched today are listed on CISA KEV. Microsoft is...

9.6CVSS10AI score0.8399EPSS
Exploits41
Trellix
Trellix
added 2022/11/02 12:0 a.m.45 views

The Bug Report October 2022 Edition

The Bug Report — October 2022 Edition By Trellix · November 2, 2022 This story was written by Richard Johnson. Do ROP exploits count as jmp scares? Why am I here? Welcome back to the Bug Report: Spooky Edition, and we’ve got bugs crawling out of the walls! Of all the months we do this, we’ve foun...

9.8CVSS9.6AI score0.9997EPSS
Exploits57
The Hacker News
The Hacker News
added 2022/09/30 9:1 a.m.171 views

Microsoft Confirms 2 New Exchange Zero-Day Flaws Being Used in the Wild

Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation. "The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery SSRF vulnerability, while th...

3.9AI score0.9997EPSS
Exploits16
ATTACKERKB
ATTACKERKB
added 2022/07/28 12:0 a.m.696 views

CVE-2022-2294

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: gwillcox-r7 at July 05, 2022 3:18am UTC reported: Looks like this was a heap buffer overflow in WebRTC which could...

8.8CVSS8.9AI score0.70461EPSS
In wildExploits0References11
GoogleProjectZero
GoogleProjectZero
added 2022/06/30 12:0 a.m.452 views

2022 0-day In-the-Wild Exploitation…so far

Posted by Maddie Stone, Google Project Zero This blog post is an overview of a talk, “ 0-day In-the-Wild Exploitation in 2022…so far”, that I gave at the FIRST conference in June 2022. The slides are available here. For the last three years, we’ve published annual year-in-review reports of 0-days...

10CVSS8.9AI score0.99999EPSS
Exploits237
ThreatPost
ThreatPost
added 2013/06/06 4:0 p.m.14 views

Five Bulletins, One Critical in Microsoft's June Patch

Microsoft announced today in an advanced patch Tuesday notification that it will ship just five bulletins in the June edition of patch Tuesday. Only one bulletin received the software giant’s most sever ‘critical’ rating: it will fix a vulnerability in Windows and Internet Explorer that could all...

0.1AI score
Exploits0References2
Rows per page
Query Builder