Lucene search
K

42 matches found

Schneier on Security
Schneier on Security
added 2025/11/06 12:2 p.m.23 views

Rigged Poker Games

The Department of Justice has indicted thirty-one people over the high-tech rigging of high-stakes poker games. In a typical legitimate poker game, a dealer uses a shuffling machine to shuffle the cards randomly before dealing them to all the players in a particular order. As set forth in the...

6.7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-13277

Malware in sbrugna...

10CVSS9.2AI score0.02459EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2012-2391

Malware in sbrugna...

4.3CVSS6AI score0.02721EPSS
Exploits0References12
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-28154 Malicious code in offsite_payments (npm)

The package offsitepayments was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/17 3:43 a.m.1 views

Malicious code in panmirror (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3385cde99d98bc2917be74ea78c8302eb62e61dfb90d33d71be4a9b71b661e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/09/02 1:42 a.m.2 views

Malicious code in @diotoborg/voluptatum-quae (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b15f68157c017d443f4c68b8281c4260e81c25cc6c102da832bf11fa4288710 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/05/27 11:2 p.m.8 views

GHSA-M5Q3-MVCR-GC5M silverstripe/framework BackURL validation bypass with malformed URLs

A carefully constructed malformed URL can be used to circumvent the offsite redirection protection used on BackURL parameters. This could lead to users entering sensitive data in malicious websites instead of the intended one...

7.5CVSS6.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/05/27 11:2 p.m.15 views

silverstripe/framework BackURL validation bypass with malformed URLs

A carefully constructed malformed URL can be used to circumvent the offsite redirection protection used on BackURL parameters. This could lead to users entering sensitive data in malicious websites instead of the intended one...

6.9AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/27 12:0 a.m.2 views

PT-2024-40363 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A maliciously crafted URL can bypass the offsite redirection protection for BackURL parameters, potentially leading to users entering sensitive data on malicious websites instead of the...

7.5CVSS6.9AI score
Exploits0References5
Malwarebytes
Malwarebytes
added 2023/03/31 1:30 p.m.16 views

3 tips for creating backups your organization can rely on when ransomware strikes

Backups are an organization's last line of defense against ransomware, because comprehensive, offline, offsite backups give you a chance to restore or rebuild your computers without paying a criminal for a decryption key. Unfortunately, many organizations don't realize how important it is to make...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/03/13 2:0 a.m.34 views

Breast cancer photos published by ransomware gang

The Russia-linked ALPHV ransomware group, also known as BlackCat, has posted sensitive clinical photos of breast cancer patients--calling them "nude photos"--to extort money from the Lehigh Valley Health Network LVHN. This has triggered a chorus of accusations from the cybersecurity community, wi...

1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/03/07 1:0 a.m.14 views

Warning issued over Royal ransomware

As part of its StopRansomware effort, the Cybersecurity and Infrastructure Security Agency CISA has published a Cybersecurity Advisory CSA about Royal ransomware. Royal ransomware is a Ransomware-as-a-service Raas that first made an appearance in January 2022. In September of that year, it began...

0.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/08/16 8:46 a.m.4 views

Malicious code in optional-dep-wont-be-found (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2226cdc4dac73c40bc10584ecdb520dfdf47b568418de61acf37fd8cef42daf5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Openbugbounty
Openbugbounty
added 2022/02/09 3:25 p.m.12 views

offsiteconstructionexpo.com Cross Site Scripting vulnerability OBB-2367185

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
ThreatPost
ThreatPost
added 2021/06/15 8:51 p.m.90 views

Millions of Connected Cameras Open to Eavesdropping

Millions of connected security and home cameras contain a critical software vulnerability that can allow remote attackers to tap into video feeds, according to a warning from the Cybersecurity and Infrastructure Security Agency CISA. The bug CVE-2021-32934, with a CVSS v3 base score of 9.1 has be...

9.1CVSS8.4AI score0.00578EPSS
Exploits0References10
OSV
OSV
added 2021/06/08 7:15 p.m.5 views

CVE-2021-26471

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebserviceo.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands...

9.8CVSS7.5AI score0.02261EPSS
Exploits0References4
OSV
OSV
added 2021/06/08 7:15 p.m.5 views

CVE-2021-26472

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges...

9.8CVSS7.5AI score0.02459EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/08/05 12:0 a.m.3 views

The vulnerability of the LibreOffice office suite lies in its improper validation of input data, which allows an attacker to compromise the integrity of the data.

The vulnerability of the LibreOffice office suite is related to a form field that might contain a URL pointing to an external server. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...

7.5CVSS6.5AI score0.01712EPSS
Exploits0References9Affected Software4
Veracode
Veracode
added 2017/08/04 3:9 a.m.28 views

Cross-Site Scripting (XSS)

WordPress is vulnerable to cross-site scripting XSS attacks. The application uses offsite redirects which allows the attackers to inject and execute arbitrary webscript...

4.3CVSS5.6AI score0.02721EPSS
Exploits0References12Affected Software2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

CheckPoint/Sofaware Firewall Multiple Vulnerabilities

No description provided by source. ProCheckUp Research http://procheckup.com/procheckup-labs/pr11-07.aspx PR11-07 Multiple peristent XSS, XSS, XSRF, offsite redirection and information disclosure flaws within CheckPoint/Sofaware firewalls Vulnerability found: 3rd May 2011 Vendor informed: 20th Ju...

7.1AI score
Exploits0
Rows per page
Query Builder