Lucene search
K

462 matches found

Microsoft Secure
Microsoft Secure
added 2022/10/14 7:0 p.m.10 views

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...

0.5AI score
Exploits0
0day.today
0day.today
added 2022/09/15 12:0 a.m.422 views

WordPress WPGateway 3.5 Privilege Escalation Vulnerability

Description: Unauthenticated Privilege Escalation Affected Plugin: WPGateway Plugin Slug: wpgateway Plugin Developer: Jack Hopman/WPGateway Affected Versions: = 3.5 CVE ID: CVE-2022-3180 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fully Patched Version: N/A...

0.8AI score0.08841EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/09/14 12:0 a.m.317 views

WordPress WPGateway 3.5 Privilege Escalation

Description: Unauthenticated Privilege Escalation Affected Plugin: WPGateway Plugin Slug: wpgateway Plugin Developer: Jack Hopman/WPGateway Affected Versions: = 3.5 CVE ID: CVE-2022-3180 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fully Patched Version: N/A...

0.7AI score0.08841EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2022/09/09 4:15 p.m.2 views

CVE-2022-28740

aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor...

7.5CVSS7.1AI score0.00616EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/09 4:15 p.m.2 views

CVE-2022-28741

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion LFI vulnerability that occurs due to missing input validation in v5.x...

8.1CVSS7.1AI score0.00863EPSS
Exploits0References3
OSV
OSV
added 2022/09/09 4:15 p.m.2 views

CVE-2022-28741

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion LFI vulnerability that occurs due to missing input validation in v5.x...

8.1CVSS5.8AI score0.00863EPSS
Exploits0References2
OSV
OSV
added 2022/09/09 4:15 p.m.3 views

CVE-2022-28740

aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor...

7.5CVSS5.8AI score0.00616EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/09 12:0 a.m.4 views

PT-2022-19202 · Unknown · Aenrich A+Hrd 5.X Learning Management Key Performance Indicator System

Name of the Vulnerable Software and Affected Versions: aEnrich a+HRD 5.x Learning Management Key Performance Indicator System version 5.x Description: The issue is related to a local file inclusion LFI vulnerability due to missing input validation. Recommendations: For version 5.x, update to a...

8.1CVSS7.7AI score0.00863EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/09 12:0 a.m.4 views

aEnrich a+HRD 路径遍历漏洞

aEnrich a+HRD is a full-service human resources development solution from Acer aEnrich China. A path traversal vulnerability exists in aEnrich a+HRD Learning Management Key Performance Indicator System version 5.x. The vulnerability stems from a lack of input validation, and a Local File Inclusio...

8.1CVSS7.7AI score0.00863EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/09/05 12:0 a.m.8 views

The vulnerability of the ActiveX control on the SCADA server of Measuresoft ScadaPro Server allows a intruder to execute arbitrary code.

The vulnerability of the ActiveX control in the SCADA server of Measuresoft ScadaPro Server relates to the use of an untrusted indicator. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

7.8CVSS7.6AI score0.00288EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2022/07/21 8:41 a.m.225 views

Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability

Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enable...

1AI score0.9817EPSS
Exploits1
OSV
OSV
added 2022/06/28 8:15 p.m.4 views

CVE-2021-3432

Invalid interval in CONNECTIND leads to Division by Zero. Zephyr versions = v1.14.0 Divide By Zero CWE-369. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4...

7.5CVSS5.5AI score0.0083EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/06/28 12:0 a.m.6 views

PT-2022-10334 · Zephyr · Zephyr

Name of the Vulnerable Software and Affected Versions: Zephyr versions = v2.5.0 Description: The issue arises from an invalid channel map in CONNECT IND, resulting in a deadlock due to improper check or handling of exceptional conditions. This is classified as CWE-703. Recommendations: For Zephyr...

4CVSS4AI score0.00203EPSS
Exploits0References5
Microsoft KB
Microsoft KB
added 2022/06/02 12:0 a.m.11 views

June 14, 2022-KB5013887 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 20H2, Windows Server, version 20H2, Windows 10 Version 21H1, and Windows 10 Version 21H2

June 14, 2022-KB5013887 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 20H2, Windows Server, version 20H2, Windows 10 Version 21H1, and Windows 10 Version 21H2 Release Date: June 14, 2022 Version: .NET Framework 3.5 and 4.8 The June 14, 2022 update for Windows 10, versio...

6.6AI score
Exploits0
Circl
Circl
added 2022/05/19 4:0 a.m.12 views

CVE-2022-22972

creationtimestamp| type| source ---|---|--- 2022-05-19 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=806 2022-05-19 08:16:48+00:00| seen| https://t.me/ctinow/52262 2022-05-19 12:12:49+00:00| exploited| https://t.me/truesecator/2957 2022-05-19 18:51:26+00:00| seen|...

9.8CVSS7.5AI score0.52813EPSS
Exploits3References29
Circl
Circl
added 2022/05/16 8:40 p.m.4 views

CVE-2021-23265

creationtimestamp| type| source ---|---|--- 2022-05-16 20:40:14+00:00| seen| https://t.me/cibsecurity/42762...

4.3CVSS4.7AI score0.00548EPSS
Exploits0References1
Circl
Circl
added 2022/05/03 8:33 p.m.5 views

CVE-2022-0882

creationtimestamp| type| source ---|---|--- 2022-05-03 20:33:58+00:00| seen| https://t.me/cibsecurity/41829 2025-04-21 14:02:20+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12661...

5.5CVSS5.5AI score0.00115EPSS
Exploits1References2
hivepro
hivepro
added 2022/03/25 2:16 p.m.223 views

North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...

9.1AI score0.23546EPSS
Exploits0
OSV
OSV
added 2022/03/16 3:15 p.m.3 views

CVE-2021-39693

In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS5.9AI score0.00124EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/03/16 12:0 a.m.4 views

PT-2022-10976 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: A logic error in the code of AppOpsService.java allows for a possible way to access location without a visible indicator. This issue could lead to local escalation of privilege with no...

7.8CVSS7.7AI score0.00124EPSS
Exploits0References2
Rows per page
Query Builder