Lucene search
K

15 matches found

CNNVD
CNNVD
added 2026/04/22 12:0 a.m.13 views

aEnrich a+HRD 安全漏洞

aEnrich a+HRD is a comprehensive human resource development solution provided by aEnrich Corporation. aEnrich a+HRD has a security vulnerability; this vulnerability stems from lack of authorization, which may allow authenticated remote attackers to arbitrarily read database content through specif...

7.1CVSS5.8AI score0.00259EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/03 12:0 a.m.5 views

A Systematic Security Evaluation of OpenClaw and Its Variants

Tool-augmented AI agents substantially extend the practical capabilities of large language models, but they also introduce security risks that cannot be identified through model-only evaluation. In this paper, we present a systematic security assessment of six representative OpenClaw-series agent...

6AI score
Exploits0
CNNVD
CNNVD
added 2025/09/01 12:0 a.m.4 views

Sunnet eHRD CTMS 跨站脚本漏洞

Sunnet eHRD CTMS is a Human Resource Development and Clinical Training Management System from Sunnet China Sunnet. A cross-site scripting vulnerability exists in Sunnet eHRD CTMS that stems from a reflective cross-site scripting issue that could lead to arbitrary JavaScript code execution...

6.1CVSS6.6AI score0.00245EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/01 12:0 a.m.4 views

Sunnet eHRD CTMS 跨站脚本漏洞

Sunnet eHRD CTMS is a Human Resource Development and Clinical Training Management System from Sunnet China Sunnet. A cross-site scripting vulnerability exists in Sunnet eHRD CTMS that stems from a reflective cross-site scripting issue that could lead to arbitrary JavaScript code execution...

6.1CVSS6.6AI score0.00245EPSS
Exploits0References3
hivepro
hivepro
added 2022/04/26 12:22 p.m.58 views

What will be the consequence of this disputed vulnerability in 7-ZIP?

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The zero-day vulnerability in 7- Zip software, tracked as CVE-2022-29072 is marked as disputed by the National Vulnerability DatabaseNVD, and sparked discussions over its consequences. This started when a researcher published ...

7.2CVSS0.4AI score0.01523EPSS
Exploits8
hivepro
hivepro
added 2022/04/17 9:38 p.m.65 views

Google Chrome issues an emergency update to address the third zero-day of year 2022

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A zero-day vulnerability has been discovered in Google Chrome versions prior to 100.0.4896.127. A type of confusion vulnerability tracked as CVE-2022-1364, is said to be exploited in the wild. This vulnerability affects the V8...

1.9AI score0.1372EPSS
Exploits2
hivepro
hivepro
added 2022/04/05 12:57 p.m.252 views

Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon

THREAT LEVEL: Red For a detailed advisory, download the pdf file here Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. This threat actor is primarily targeting firms in the...

9.3CVSS0.3AI score0.99999EPSS
Exploits351
hivepro
hivepro
added 2022/04/02 12:38 a.m.21 views

Actively exploited vulnerability affects Trend Micro Apex Central

THREAT LEVEL: Amber For a detailed advisory, download the pdf file here Trend Micro Apex Central on-premise and as a Service has a zero-day vulnerability. This arbitrary file upload vulnerability if successfully exploited, could allow an unauthenticated remote attacker to upload any file, resulti...

1.2AI score
Exploits0
hivepro
hivepro
added 2022/03/30 1:10 p.m.53 views

DOS Vulnerability discovered in SonicWall Next-Generation Firewall

THREAT LEVEL: Amber For a detailed advisory, download the pdf file here SonicWall, a manufacturer of security hardware discovered a flaw in their SonicOS security operating system that allows denial of service DoS attacks and could lead to remote code execution RCE. The identified vulnerability...

7.5CVSS1.2AI score0.57324EPSS
Exploits3
hivepro
hivepro
added 2022/03/29 12:17 p.m.151 views

Muhstik botnet adds another vulnerability exploit to its arsenal

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Muhstik malware has begun attacking Redis Servers by exploiting a recently reported vulnerability, CVE-2022-0543. This flaw can be found in several Redis Debian packages. The attack began on March 11, 2022, and was carried out...

10CVSS0.7AI score0.99993EPSS
Exploits89
hivepro
hivepro
added 2022/03/25 2:16 p.m.223 views

North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...

9.1AI score0.23546EPSS
Exploits0
hivepro
hivepro
added 2022/03/17 2:17 p.m.54 views

OpenSSL exposed to Denial-of-service vulnerability causing Infinite Loop

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A security flaw exists in OpenSSL software library that could lead to a denial-of-service DoS condition when parsing certificates. The vulnerability, identified as CVE-2022-0778, arises from parsing a malformed certificate...

5CVSS0.6AI score0.70561EPSS
Exploits2
hivepro
hivepro
added 2022/03/17 5:55 a.m.24 views

Attackers Escape Kubernetes Containers using “cr8escape” Vulnerability in CRI-O

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. A flaw in CRI-O, an open-source Linux implementation of Kubernetes Container Runtime Interface CRI, was discovered that may allow an attacker to gain remote control of servers and potentially poison the container with attack...

2.9AI score0.18561EPSS
Exploits0
hivepro
hivepro
added 2022/03/12 9:45 a.m.9 views

Mustang Panda targets European diplomats using enhanced PlugX backdoor

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Mustang Panda, a Chinese cyberespionage group, has been targeting European diplomats with a revised version of the PlugX backdoor in an ongoing campaign linked to the ongoing conflict in Ukraine. The group, also known as...

0.3AI score
Exploits0
hivepro
hivepro
added 2022/02/07 2:23 p.m.21 views

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

0.1AI score
Exploits0
Rows per page
Query Builder