462 matches found
New “Prestige” ransomware impacts organizations in Ukraine and Poland
The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...
WordPress WPGateway 3.5 Privilege Escalation Vulnerability
Description: Unauthenticated Privilege Escalation Affected Plugin: WPGateway Plugin Slug: wpgateway Plugin Developer: Jack Hopman/WPGateway Affected Versions: = 3.5 CVE ID: CVE-2022-3180 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fully Patched Version: N/A...
WordPress WPGateway 3.5 Privilege Escalation
Description: Unauthenticated Privilege Escalation Affected Plugin: WPGateway Plugin Slug: wpgateway Plugin Developer: Jack Hopman/WPGateway Affected Versions: = 3.5 CVE ID: CVE-2022-3180 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fully Patched Version: N/A...
CVE-2022-28740
aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor...
CVE-2022-28741
aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion LFI vulnerability that occurs due to missing input validation in v5.x...
CVE-2022-28741
aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion LFI vulnerability that occurs due to missing input validation in v5.x...
CVE-2022-28740
aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor...
PT-2022-19202 · Unknown · Aenrich A+Hrd 5.X Learning Management Key Performance Indicator System
Name of the Vulnerable Software and Affected Versions: aEnrich a+HRD 5.x Learning Management Key Performance Indicator System version 5.x Description: The issue is related to a local file inclusion LFI vulnerability due to missing input validation. Recommendations: For version 5.x, update to a...
aEnrich a+HRD 路径遍历漏洞
aEnrich a+HRD is a full-service human resources development solution from Acer aEnrich China. A path traversal vulnerability exists in aEnrich a+HRD Learning Management Key Performance Indicator System version 5.x. The vulnerability stems from a lack of input validation, and a Local File Inclusio...
The vulnerability of the ActiveX control on the SCADA server of Measuresoft ScadaPro Server allows a intruder to execute arbitrary code.
The vulnerability of the ActiveX control in the SCADA server of Measuresoft ScadaPro Server relates to the use of an untrusted indicator. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability
Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enable...
CVE-2021-3432
Invalid interval in CONNECTIND leads to Division by Zero. Zephyr versions = v1.14.0 Divide By Zero CWE-369. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4...
PT-2022-10334 · Zephyr · Zephyr
Name of the Vulnerable Software and Affected Versions: Zephyr versions = v2.5.0 Description: The issue arises from an invalid channel map in CONNECT IND, resulting in a deadlock due to improper check or handling of exceptional conditions. This is classified as CWE-703. Recommendations: For Zephyr...
June 14, 2022-KB5013887 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 20H2, Windows Server, version 20H2, Windows 10 Version 21H1, and Windows 10 Version 21H2
June 14, 2022-KB5013887 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 20H2, Windows Server, version 20H2, Windows 10 Version 21H1, and Windows 10 Version 21H2 Release Date: June 14, 2022 Version: .NET Framework 3.5 and 4.8 The June 14, 2022 update for Windows 10, versio...
CVE-2022-22972
creationtimestamp| type| source ---|---|--- 2022-05-19 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=806 2022-05-19 08:16:48+00:00| seen| https://t.me/ctinow/52262 2022-05-19 12:12:49+00:00| exploited| https://t.me/truesecator/2957 2022-05-19 18:51:26+00:00| seen|...
CVE-2021-23265
creationtimestamp| type| source ---|---|--- 2022-05-16 20:40:14+00:00| seen| https://t.me/cibsecurity/42762...
CVE-2022-0882
creationtimestamp| type| source ---|---|--- 2022-05-03 20:33:58+00:00| seen| https://t.me/cibsecurity/41829 2025-04-21 14:02:20+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12661...
North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...
CVE-2021-39693
In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
PT-2022-10976 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: A logic error in the code of AppOpsService.java allows for a possible way to access location without a visible indicator. This issue could lead to local escalation of privilege with no...