Lucene search
K

151 matches found

OSV
OSV
added 2023/08/23 8:15 p.m.32 views

CVE-2023-40178 @node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError

Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an...

5.3CVSS5.3AI score0.00398EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/08/16 4:20 a.m.190 views

Nearly 2,000 Citrix NetScaler Instances Hacked via Critical Vulnerability

Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. "An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing web shells on vulnerable...

9.8CVSS8.9AI score0.99445EPSS
Exploits16
HackRead
HackRead
added 2023/07/20 9:23 p.m.22 views

Fake ChatGPT and AI pages on Facebook are spreading infostealers

By Habiba Rashid Some of the pages have millions of likes on them, suggesting that this is a large-scale scam. This is a post from HackRead.com Read the original post: Fake ChatGPT and AI pages on Facebook are spreading infostealers...

7AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/07/17 5:27 p.m.34 views

Massive Targeted Exploit Campaign Against WooCommerce Payments Underway

The Wordfence Threat Intelligence team has been monitoring an ongoing exploit campaign targeting a recently disclosed vulnerability in WooCommerce Payments, a plugin installed on over 600,000 sites. Large-scale attacks against the vulnerability, assigned CVE-2023-28121, began on Thursday, July 14...

7.5CVSS7.3AI score0.86919EPSS
Exploits9
Fedora
Fedora
added 2023/06/23 1:1 a.m.19 views

[SECURITY] Fedora 37 Update: trafficserver-9.2.1-1.fc37

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

7.5CVSS7AI score0.02005EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/26 8:18 p.m.5 views

Malicious code in esqguipostpost (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 952d1092de695c775af7b366bca295a8f1a982c7fc1de3c4e7e8cec6ab362c97 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/26 8:15 p.m.5 views

Malicious code in selfgrandccintel (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0e4c6f913eb225305d286b2fcc7910c2879680cf572cd5eac526f11722c2012c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/25 11:12 p.m.7 views

Malicious code in py-cchttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0b88c65358ea2e0f03b3f45be2f0bb0eac44db5f4e539868b79c23fab88e1a81 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/25 11:12 p.m.6 views

Malicious code in esqlgtbvm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 77119cb7f39ab9592c44ff7cd703435046b12fa0bfb98e04a75acd1e271e7f79 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/25 11:0 p.m.3 views

Malicious code in py-pongedvirtual (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4980d2e16244acc0a1432ab27afa0a53ef43e9339648c6c05f9b57d95ab9c7d4 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/25 5:12 p.m.7 views

Malicious code in libintelcv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 52a489a49d2e65effd9ae754a9849fbf4f2f83741d9e0359039e617f8cca7f3a EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/24 11:18 p.m.6 views

Malicious code in cvad (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx de47fa92ba2486938748c5abc85aae94d41007d66399a18526975e5bdd6f4617 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/11 11:24 a.m.5 views

Malicious code in websocet-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx def6cdda3e16e392e575914ced25e522c3bcb3ca50d8228652a805cc7ee4ae51 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/10 12:54 p.m.4 views

Malicious code in sellenium (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 011843a4839c4407ebe20f622a86ded0b7bbb58b21e4dda29907cb1f70809892 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/09 7:0 p.m.5 views

Malicious code in vyepr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx eba3759027a37d4a8a114fdabc180c3a9b593ec0954011af8067fcf100664824 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.7AI score
Exploits0References1
HackRead
HackRead
added 2022/11/21 1:7 a.m.25 views

42,000 phishing domains discovered masquerading as popular brands

By Deeba Ahmed According to researchers, this scam is highly sophisticated and large-scale, targeting brands like McDonald’s, Unilever, Emirates, Knorr, Coca-Cola, etc. This is a post from HackRead.com Read the original post: 42,000 phishing domains discovered masquerading as popular brands...

1.6AI score
Exploits0
CNVD
CNVD
added 2022/09/20 12:0 a.m.8 views

Guangzhou Bainan Information Technology Co., Ltd. has a flawed logic vulnerability in its large instrument sharing management system

Large-scale instrument sharing management system is a company engaged in the design, development, production and integration services of laboratory information technology products. Guangzhou Bainan Information Technology Co., Ltd. has a logic flaw vulnerability in the large instrument sharing...

1.6AI score
Exploits0
HackRead
HackRead
added 2022/09/16 12:9 p.m.16 views

Uber Hack – Ride-hailing Giant Investigating Large-Scale Data Breach

By Waqas Unconfirmed reports claim an 18-year-old kid is behind the massive Uber hack. This is a post from HackRead.com Read the original post: Uber Hack - Ride-hailing Giant Investigating Large-Scale Data Breach...

1.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/11 1:0 p.m.104 views

[updated] Thousands of Zimbra mail servers backdoored in large scale attack

Researchers at Volexity have discovered that a known vulnerability has been used in a large scale attack against Zimbra Collaboration Suite ZCS email servers. But the vulnerability was supposed to be hard to exploit since it required authentication. So they decided to dig deeper. An incomplete fi...

6.5CVSS9.1AI score0.98586EPSS
Exploits16
CNVD
CNVD
added 2022/07/19 12:0 a.m.38 views

Apache Hive Authorization Issues Vulnerability

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. An...

7.5CVSS7.3AI score0.01393EPSS
Exploits0References1
Rows per page
Query Builder