Lucene search
K

7660 matches found

Trellix
Trellix
added 2022/06/06 12:0 a.m.19 views

Growling Bears Make Thunderous Noise

Growling Bears Make Thunderous Noise By Trellix · June 6, 2022 Per public attribution, Russian cybercriminal groups have always been active. Their tactics, techniques, and procedures TTPs have not significantly evolved over time, although some changes have been observed. Lately, the threat...

0.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/02 10:28 a.m.4 views

Malicious code in lexical-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4af686331feed45b8818ceff08372677fb1f0f5531b48057d994aa8d3e871fc7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Packet Storm
Packet Storm
added 2022/06/02 12:0 a.m.275 views

Product Show Room Site 1.0 Cross Site Scripting

Product Show Room Site - 'Telephone' Stored Cross-Site ScriptingXSS Exploit Title: Product Show Room Site - 'Telephone' Stored Cross-Site ScriptingXSS Exploit Author: [email protected] inc Vendor Homepage:...

7.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/05/31 1:14 p.m.6 views

Malicious code in react-devtools-release-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ea7f251efb5b52e9221271c637b06b4d48a22a5c0e762a8723498050b5adf80 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/05/31 1:13 p.m.3 views

Malicious code in ceye-test-0001 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e6c92b162c66b57e82aeff6cb8f48d5f03b4aa264ae009c99139ad5261e520e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
ThreatPost
ThreatPost
added 2022/05/31 11:38 a.m.38 views

ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats

ChromeLoader may seem on the surface like a run-of-the-mill browser hijacker that merely redirects victims to advertisement websites. However, its use of PowerShell could pose a greater risk by leading to further and advanced malicious activity, such as the propagation of ransomware or spyware or...

7.3AI score
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/05/31 9:48 a.m.73 views

Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.5 security and bug fix update

The Migration Toolkit for Containers MTC 1.6.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

7.8CVSS6.7AI score0.06934EPSS
Exploits2References7
The Hacker News
The Hacker News
added 2022/05/31 8:30 a.m.239 views

SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years

An "aggressive" advanced persistent threat APT group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attack...

9.3CVSS0.3AI score0.99945EPSS
Exploits33
Microsoft Secure
Microsoft Secure
added 2022/05/27 4:0 p.m.29 views

Android apps with millions of downloads exposed to high-severity vulnerabilities

Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...

7.2AI score
Exploits0
NVD
NVD
added 2022/05/26 7:15 p.m.17 views

CVE-2022-26725

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector...

5.3CVSS0.00745EPSS
Exploits0References1
NVD
NVD
added 2022/05/25 4:15 p.m.17 views

CVE-2022-29408

Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...

6.1CVSS0.00655EPSS
Exploits0References2
OSV
OSV
added 2022/05/25 4:15 p.m.2 views

CVE-2022-29408

Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...

6.1CVSS5.8AI score0.00655EPSS
Exploits0References2
Prion
Prion
added 2022/05/25 4:15 p.m.15 views

Cross site scripting

Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...

4.3CVSS5.9AI score0.00655EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/05/25 3:58 p.m.95 views

CVE-2022-29408

The CVE-2022-29408 entry concerns Vsourz Digital’s WordPress plugin Advanced Contact form 7 DB (<= 1.8.7). Connected sources confirm a persistent (stored) Cross-Site Scripting (XSS) vulnerability, caused by insufficient sanitization/escaping of a parameter in the plugin’s form handling, enabli...

6.1CVSS5.2AI score0.00655EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 10:28 p.m.48 views

Moodle Persistent Cross-site Scripting (XSS)

Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users Teacher and above to inject JavaScript into the session of another user e.g., enrolled student or site administrator via the introeditortext parameter. NOTE: the discoverer and vendor disagree on whether Mood...

5.4CVSS5.9AI score0.00791EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:31 p.m.24 views

GHSA-JXJC-6XMH-H7MG Magento 2 Community Edition XSS Vulnerability

Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This...

6.1CVSS6.1AI score0.0172EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 5:24 p.m.12 views

GHSA-FXF3-WX3C-76PF Shopware vulnerable to Cross-site Scripting

In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication...

5.4CVSS5.3AI score0.00584EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:24 p.m.12 views

Shopware vulnerable to Cross-site Scripting

In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication...

5.4CVSS5.8AI score0.00584EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:7 p.m.9 views

GHSA-F99H-H678-FGG4 Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet

In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will...

5.4CVSS5.7AI score0.04457EPSS
Exploits3References5
NVD
NVD
added 2022/05/20 9:15 p.m.20 views

CVE-2022-29432

Multiple Authenticated administrator or higher user role Persistent Cross-Site Scripting XSS vulnerabilities in TMS-Plugins wpDataTables plugin = 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters...

4.8CVSS0.00489EPSS
Exploits0References2
Rows per page
Query Builder