Lucene search
K

211 matches found

Malwarebytes
Malwarebytes
added 2024/11/20 1:12 p.m.29 views

Update now! Apple confirms vulnerabilities are already being exploited

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make su...

8.8CVSS7AI score0.22728EPSS
Exploits1
OSV
OSV
added 2024/11/15 3:15 p.m.6 views

CVE-2024-11243

A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has...

6.1CVSS3.9AI score0.00618EPSS
Exploits1References6
NVD
NVD
added 2024/11/15 3:15 p.m.21 views

CVE-2024-11243

A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has...

6.9CVSS0.00618EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.6 views

Online Shop Store 代码注入漏洞

Online Shop Store is an online store system from Online Shop Store, Inc. A code injection vulnerability exists in Online Shop Store version 1.0, which stems from a cross-site scripting vulnerability in the m2 parameter of the /signup.php file...

6.9CVSS5AI score0.00618EPSS
Exploits1References6
Spring Security Advisories
Spring Security Advisories
added 2024/03/26 12:0 a.m.21 views

This Week in Spring - March 26th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Sam Brannen shares some good news: a null-safe Index operator for the Spring Expression Language SpEL is coming to Spring Framework 6.2! This is interesting, and a nice application of AI do I even need to spell out "artificia...

7.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/12/03 5:22 p.m.7 views

haircollection-m2.com Improper Access Control vulnerability OBB-3800859

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
NVD
NVD
added 2023/08/22 7:16 p.m.23 views

CVE-2020-22181

A reflected cross site scripting XSS vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi...

6.1CVSS6.1AI score0.00347EPSS
Exploits0References2
Prion
Prion
added 2023/08/22 7:16 p.m.12 views

Cross site scripting

A reflected cross site scripting XSS vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi...

5.8CVSS6.1AI score0.00347EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/22 12:0 a.m.5 views

PT-2023-11613 · Samsung · Samsung Sww-3400Rw Router

Name of the Vulnerable Software and Affected Versions: Samsung sww-3400rw Router devices affected versions not specified Description: A reflected cross site scripting XSS issue was found in Samsung sww-3400rw Router devices. The issue is related to the m2 parameter of the "sess-bin/command.cgi"...

6.1CVSS6AI score0.00347EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/22 12:0 a.m.4 views

SAMSUNG sww-3400rw 跨站脚本漏洞

The SAMSUNG sww-3400rw Router is a wireless router from Samsung South Korea. The SAMSUNG sww-3400rw suffers from a cross-site scripting vulnerability that originates from cross-site scripting via the m2 parameter of sess-bin/command.cgi...

6.1CVSS5.9AI score0.00347EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/08/22 12:0 a.m.24 views

CVE-2020-22181

A reflected cross site scripting XSS vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi...

6.1AI score0.00347EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/16 12:0 a.m.57 views

Atlassian Confluence 7.13.15 < 7.13.19 / 7.19.7 < 7.19.11 / 8.1.1 < 8.4.1 DoS (CONFSERVER-90185)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-90185 advisory. - The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If...

7.5CVSS7.6AI score0.51547EPSS
Exploits1References2
Rapid7 Blog
Rapid7 Blog
added 2023/08/04 7:3 p.m.103 views

Metasploit Weekly Wrap-Up

Fly High in the Sky With This New Cloud Exploit! This week, a new module was added that takes advantage of both authentication bypass and command injection in certain versions of Western Digital's MyCloud hardware. Submitted by community member Erik Wynter, this module gains access to the target,...

10CVSS10.7AI score0.99445EPSS
Exploits37
OpenVAS
OpenVAS
added 2023/05/22 12:0 a.m.19 views

Apache Tomcat DoS Vulnerability (May 2023) - Linux

Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; ...

7.5CVSS7.9AI score0.51547EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/04/19 12:0 a.m.130 views

Veritas NetBackup prior to 10.0 Privilege Escalation (VTS22-010#M2) (deprecated)

CVE-2023-28759 was part of VTS22-010M2 but is not any longer. It now appears on its own separate advisory, VTS23-006. A plugin for that advisory has replaced this one. %NASLMINLEVEL 80900 C Tenable, Inc. @DEPRECATED@ Disabled on 2022/05/12. Deprecated by veritasnetbackupVTS23-006.nasl...

7.8CVSS7.6AI score0.0019EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2023/04/03 10:30 a.m.19 views

New macOS malware steals sensitive info, including a user's entire Keychain database

A new macOS malware--called MacStealer--that is capable of stealing various files, cryptocurrency wallets, and details stored in specific browsers like Firefox, Chrome, and Brave, was discovered by security researchers from Uptycs, a cybersecurity company specializing in cloud security. It can al...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/27 10:38 a.m.5 views

New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords

A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices. Dubbed MacStealer , it's the latest example of a threat that uses Telegram as a command-and-control C2 platform to exfiltrate data. It primarily affect...

6.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/02/06 2:0 p.m.24 views

macOS Patching Is Here!

In the past few years, many of our customers have seen a sharp increase in the number of Mac devices introduced to their environment. All those new Mac devices introduce new vulnerabilities that must be remediated. To keep up with the new volume of vulnerabilities, organizations had to opt-in, bu...

1.2AI score
Exploits0
OSV
OSV
added 2022/11/11 4:15 p.m.5 views

CVE-2022-26367

Improper buffer restrictions in some IntelR XMMTM 7560 Modem software before version M27560R01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access...

8.2CVSS6AI score0.00189EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/11 3:48 p.m.12 views

CVE-2022-27874

Improper authentication in some IntelR XMMTM 7560 Modem software before version M27560R01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access...

6.8CVSS7.2AI score0.00229EPSS
Exploits0References1
Rows per page
Query Builder