Lucene search
K

83 matches found

Code423n4
Code423n4
added 2022/11/09 12:0 a.m.34 views

Mssing Crucial Checks When Unlocking funds for Withdraw Requests from L2

Lines of code Vulnerability details Impact Atomicity literally does not exist when users from L2 initiate a withdrawal by burning funds on the contract and sending the message to L1. This is giving malicious attackers plenty of time to stealthily launch a series of small and yet sizable forgery o...

6.9AI score
Exploits0
Prion
Prion
added 2022/09/21 1:15 p.m.18 views

Code injection

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify...

4.3CVSS4.8AI score0.00658EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/09/21 12:0 p.m.7 views

CVE-2022-3255 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify...

6.8CVSS5.7AI score0.00658EPSS
Exploits1References4
Hacker One
Hacker One
added 2022/09/07 9:38 p.m.70 views

Ruby on Rails: ActionView sanitize helper bypass leading to XSS using SVG tag.

An HTML sanitization bypass vulnerability was discovered in the ActionView sanitize helper. This allowed an attacker to bypass sanitization and execute cross-site scripting XSS attacks by using the use tag of the SVG element. By embedding a base64 encoded SVG with malicious code, an attacker coul...

6.1CVSS6.3AI score0.00867EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2022/08/09 4:0 p.m.22 views

Summer of exploitation leads to healthcare under fire

May 2021 was a tough month for the Healthcare and Medical sector-the most notable threat trend at the time was the heavy use of a new popular exploit against Dell systems, leading to immense effort by attackers to utilize the exploit before it became less effective due to patching. During this...

7.2AI score
Exploits0
Veracode
Veracode
added 2022/06/16 5:10 p.m.43 views

Privilege Escalation

linux-gcp:focal is vulnerable to privilege escalation. The vulnerability exists in afllc.c which allows an attacker to craft and inject malicious attacks...

5.5CVSS6.4AI score0.00582EPSS
Exploits1References8Affected Software2
The Hacker News
The Hacker News
added 2022/04/21 3:36 a.m.48 views

Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure

The Five Eyes nations have released a joint cybersecurity advisory warning of increased malicious attacks from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the...

1.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/04/19 1:4 p.m.13 views

4 Bad Bots Likely to Cause Problems for the Remainder of 2022

A short primer on internet bots An Internet bot bot, for short is a software application that runs automated tasks over the internet. Bots typically run simple tasks which they can perform at a dramatically greater rate than any human. Beneficial or anodyne bots are characterized as legitimate, o...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/02/19 7:36 a.m.22 views

U.S. Cybersecurity Agency Publishes List of Free Security Tools and Services

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday published a repository of free tools and services to enable organizations to mitigate, detect, and respond effectively to malicious attacks and further improve their security posture. The "Free Cybersecurity Services and...

7AI score
Exploits0
Kitploit
Kitploit
added 2021/12/10 8:30 p.m.23 views

Tarian - Antivirus for Kubernetes

We want to maintain this as an open-source project to fight against the attacks on our favorite Kubernetes ecosystem. By continuous contribution, we can fight threats together as a community. Protect your Applications running on Kubernetes from malicious attacks by pre-registering your source cod...

7.2AI score
Exploits0References6
Hacker One
Hacker One
added 2021/08/19 8:28 p.m.107 views

Affirm: Subdomain takeover due to non registered TLD [ ██████████.█████.██████.com ]

Summary: I was looking at recent disclosed report 1297689 and I was thinking to take a look for the same issue on this asset as I love to test for subdomain takeover vulnerabilities. While testing I noticed a DNS entry for ███████.████.██████████.com is CNAME ████.███████████ which's TLD is not...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2021/08/17 1:0 p.m.44 views

How to Reduce Exchange Server Downtime in Case of a Disaster?

Exchange Server downtime may occur at any point in time due to several reasons, such as malware attack, server crash, database corruption, and hardware or software-related issues/incompatibility. However, downtime can impact productivity and lead to data loss that can have severe implications on...

7.3AI score
Exploits0References9
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2021/07/02 6:24 a.m.73 views

What is Web API Security❓ — Methods of Protection

What is Web API Security❓ — Methods of Protection Before stressing what web API security is, it is important to first explain what APIs are. What are APIs? Fully known as Application Programming Interface , API is a software middle person that allows your applications to talk with one another. It...

7.5AI score
Exploits0
OSV
OSV
added 2021/03/08 5:15 p.m.17 views

CVE-2021-21327

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to...

7.5CVSS6.4AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/03/08 5:15 p.m.38 views

CVE-2021-21327

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to...

7.5CVSS7.1AI score0.02252EPSS
Exploits4References4
Prion
Prion
added 2021/03/08 5:15 p.m.19 views

Design/Logic Flaw

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to...

5CVSS7.3AI score0.02252EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2021/03/08 5:0 p.m.68 views

CVE-2021-21327 Unsafe Reflection in getItemForItemtype()

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to...

6.8CVSS7.6AI score0.02252EPSS
Exploits4References3
0day.today
0day.today
added 2021/03/08 12:0 a.m.92 views

GLPI 9.5.3 - (fromtype) Unsafe Reflection Vulnerability

Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical advisories:...

7.5CVSS0.3AI score0.02252EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/03/08 12:0 a.m.399 views

GLPI 9.5.3 - 'fromtype' Unsafe Reflection

Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Date: 2021-02-13 Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical...

7.5CVSS7.6AI score0.02252EPSS
Exploits4
CNVD
CNVD
added 2021/03/03 12:0 a.m.7 views

Other vulnerabilities exist in Ethermint

Due to the inconsistency between the storage cache cycle and the transaction processing cycle, storage changes caused by failed transactions are improperly retained in memory. Although dirty storage data is discarded at the EndBlock stage, it is still valid in the current block, which can lead to...

7AI score
Exploits0
Rows per page
Query Builder