CVE-2021-3601

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. OpenSSL does not class this issue as a security vulnerability. The trusted CA store should not contain anything that the user does not trust to issue other certificates. Notes:...

Experts Find Similarities Between New LockBit 3.0 and BlackMatter Ransomware

Cybersecurity researchers have reiterated similarities between the latest iteration of the LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that closed shop in November 2021. The new version of LockBit, called LockBit 3.0 aka LockBit Black, was released in...

AZL-10338 CVE-2021-33468 affecting package yasm 1.3.0-17

An issue was discovered in yasm version 1.3.0. There is a use-after-free in error in modules/preprocs/nasm/nasm-pp.c...

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

A group of actors originating from North Korea that Microsoft Threat Intelligence Center MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name for its campaigns and h...

多款小米手机缓冲区错误漏洞

The Xiaomi Redmi K40 and the Xiaomi Redmi Note10 Pro are both smartphones from Chinese company Xiaomi. The Xiaomi phones have a security vulnerability that stems from a heap overflow that can be exploited by an attacker to cause a remote denial of service. The following versions are affected: Red...

North Korean APT targets US healthcare sector with Maui ransomware

State-sponsored North Korean threat actors have been targeting the US Healthcare and Public Health HPH sector for the past year using the Maui ransomware, according to a joint cybersecurity advisory CSA from the FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Department of the...

Trilium Notes 跨站脚本漏洞

Trilium Notes is a layered notes application for Zadam Personal Developers. It specializes in building large personal knowledge bases. A cross-site scripting vulnerability exists in Trilium Notes version v0.53.1, which can be exploited by an attacker to perform a cross-site scripting attack on th...

Stored XSS in

Description Hello, I have found that an XSS payload has been executed in the name of note field, and I wanted to make a report about it, just please note that in the Occurrences I left it empty because I don't know anything about it, and please see the video attached in POC to know more about it...

whenNotPaused modifier missing

Lines of code Vulnerability details Impact whenNotPaused modifier is missing in both createBasket function NibblVaultFactory.solL80 and withdrawUnsettledBids function NibblVault.solL424 This means even when contract is in paused state this function will still be operational Note Other impacted...

getCashPrior == 0 not checked at the end of redeemFresh

Lines of code CNote.solL332 Vulnerability details Impact To ensure that there are no Note tokens in CNote.sol the getCashPrior value should be exactly 0 at the end of every function that transfers tokens in and out of the contract. In the redeemFresh function, the getCashPior value is not checked...

SAP Fiori Launchpad Cross Site Scripting

Onapsis Security Advisory 2022-0005: Cross-Site Scripting XSS vulnerability in SAP Fiori launchpad Impact on Business Impact depends on the victim's privileges. In most cases, a successful attack allows an attacker to hijack a session, or force the victim to perform undesired requests in the SAP...

Phoenix Contact Classic Line Industrial Controllers

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 Vulnerability: Missing Authentication for Critical...

MAL-2022-4927 Malicious code in note-taking (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ea2d2fd1a7135206395b32cd06293cc0edc73f1477925f0d2002f6f0d5ddd9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in note-taking (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ea2d2fd1a7135206395b32cd06293cc0edc73f1477925f0d2002f6f0d5ddd9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SAP NetWeaver AS Java Information Disclosure (2256846)

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.1 to 7.5, allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. Note that Nessus has not tested for this issue but has instead relied only on the application's...

WordPress plugin Note Press SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Note Press 0.1.10 and earlier versions are vulnerable to SQL injection, which stems...

WordPress Note Press plugin SQL injection vulnerability (CNVD-2022-64665)

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. FormCraft is one of the form creation plugins used in it. WordPress plugin is an application plugin. WordPress Note Press plugin 0.1.10 and earlier...

WordPress Note Press plugin SQL injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Note Press plugin 0.1.10 and earlier versions are vulnerable to SQL injection, which stems...

BlackBasta is the latest ransomware to target ESXi virtual machines on Linux

BlackBasta, an alleged subdivision of the ransomware group Conti, just began supporting the encryption of VMwares ESXi virtual machines VM installed on enterprise Linux servers. Because more and more organizations have begun using VMs for cost-effectiveness and easier management of devices, this...

CVE-2022-1688

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections...