Lucene search
K

181 matches found

CNNVD
CNNVD
added 2025/05/13 12:0 a.m.5 views

SAP S4CORE 安全漏洞

SAP S4CORE is an application for managing procurement contracts from SAP. SAP S4CORE suffers from an information disclosure vulnerability that stems from a lack of authorization checks, which can be exploited by an attacker to cause information disclosure...

4.3CVSS6.1AI score0.00255EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/04/17 12:0 a.m.4 views

CISA: Key Secure by Demand Elements for Operational Technology Fact Sheet

This fact sheet addresses key elements for operational technology OT owners and operators to consider when purchasing digital products that automate physical processes, e.g. programmable logic controllers PLCs, human-machine interfaces HMIs, and remote terminal units RTUs. CISA strongly advises...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.4 views

SAP S4CORE 安全漏洞

SAP S4CORE is a Managed Procurement Contracts application from SAP, Germany. A security vulnerability exists in SAP S4CORE that originates from data tampering and could result in the modification of entity sets and compromise application integrity...

4.3CVSS6.6AI score0.00249EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/01/14 12:0 a.m.2 views

CISA: Secure by Demand: Priority Considerations

This is CISA's Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. This guide is intended to help owners and operators procure Operational Technology OT products, particularly industrial automation and control system products,...

7AI score
Exploits0
CISA
CISA
added 2025/01/13 12:0 p.m.5 views

CISA and US and International Partners Publish Guidance on Priority Considerations in Product Selection for OT Owners and Operators

Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure by Demand series, this guidance focuses on helping customers identify...

6.9AI score
Exploits0References3
CISA
CISA
added 2024/12/05 12:0 p.m.9 views

ASD’s ACSC, CISA, and US and International Partners Release Guidance on Choosing Secure and Verifiable Technologies

Today, CISA—in partnership with the Australian Signals Directorate Australian Cyber Security Centre ASD ACSC, and other international partners—released updates to a Secure by Design Alert, Choosing Secure and Verifiable Technologieslink is external. Partners that provided recommendations in this...

7.1AI score
Exploits0References3
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.5 views

SAP S/4HANA 跨站脚本漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A cross-site scripting vulnerability exists in SAP S/4HANA that stems from weak coding of user control inputs and e-procurement on SAP S/4HANA that allows the execution of...

6.1CVSS5.3AI score0.00242EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2024/08/19 5:43 a.m.18 views

Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group

Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7. The two clusters of potential FIN7 activity "indicate communications inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd Russia and SmartApe Estonia,...

7AI score
Exploits0
CISA
CISA
added 2024/05/09 12:0 p.m.6 views

ASD’s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies

Today, the Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC, together with CISA, the Canadian Centre for Cyber Security CCCS, the United Kingdom’s National Cyber Security Centre NCSC-UK, and the New Zealand National Cyber Security Centre NCSC-NZ are releasing the...

6.9AI score
Exploits0References2
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.7 views

Ecommerce-CodeIgniter-Bootstrap 安全漏洞

Ecommerce-CodeIgniter-Bootstrap is a responsive, multi-vendor, multi-language online store platform shopping cart solution. A security vulnerability exists in Ecommerce-CodeIgniter-Bootstrap that stems from an arbitrary code execution vulnerability in the manageQuantitiesAndProcurement method of...

8CVSS7.8AI score0.01075EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/04/29 12:0 a.m.7 views

PT-2024-24229

Name of the Vulnerable Software and Affected Versions Ecommerce-CodeIgniter-Bootstrap version d22b54e8915f167a135046ceb857caaf8479c4da Description The issue allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders model.php component. This is ...

8CVSS8.1AI score0.01075EPSS
Exploits1References8
The Hacker News
The Hacker News
added 2024/04/23 10:16 a.m.16 views

German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies

German authorities said they have issued arrest warrants against three citizens on suspicion of spying for China. The full names of the defendants were not disclosed by the Office of the Federal Prosecutor aka Generalbundesanwalt, but it includes Herwig F., Ina F., and Thomas R. "The suspects are...

6.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/04/05 9:11 a.m.7 views

procurementroundtable.org Cross Site Scripting vulnerability OBB-3904851

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/03/27 7:3 a.m.9 views

procurement.it Cross Site Scripting vulnerability OBB-3887941

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/02/04 11:11 a.m.7 views

healthcareprocurement.com Cross Site Scripting vulnerability OBB-3848700

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/09/21 7:10 p.m.5 views

Malicious code in optimize-procurement-and-inventory-with-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1d4a974419b1ab87d44f6d1c5cfd7fac97f037b476328f114d344113cf6bbd6f The OpenSSF Package Analysis project identified 'optimize-procurement-and-inventory-with-ai' @ 6.1.8 npm as malicious. It is considered maliciou...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/07/21 5:0 p.m.90 views

Add Unique Asset Context with Custom Attributes in CSAM

There is no such thing as “too much context” when it comes to asset management. Continuous discovery and comprehensive, normalized asset data create the foundation for streamlined risk detection and response. The more reliable asset data a security team has, the better it can operationalize an...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/10 1:1 p.m.38 views

Estonian National Charged in U.S. for Acquiring Electronics and Metasploit Pro for Russian Military

An Estonian national has been charged in the U.S. for purchasing U.S.-made electronics on behalf of the Russian government and military. The 45-year-old individual, Andrey Shevlyakov, was arrested on March 28, 2023, in Tallinn. He has been indicted with 18 counts of conspiracy and other charges. ...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/08 11:46 a.m.17 views

SolarWinds and Market Incentives

In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response. The penetration of government and corporate networks worldwide is the result of inadequate cyberdefenses across the...

0.9AI score
Exploits0
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.4 views

ZOHO ManageEngine ServiceDesk Plus 跨站脚本漏洞

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates Incident Management, Problem Management, Asset Management IT Project Management, Procurement and Contract Management modules...

6.1CVSS6AI score0.02813EPSS
Exploits0References3
Rows per page
Query Builder