Lucene search
+L

329 matches found

patchstack
patchstack
added 2023/03/02 12:0 a.m.56 views

WordPress Saan World Clock Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)

Software Saan World Clock Type Plugin Vulnerable versions = 1.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0145 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID cb720ac68691 Credits Lana Codes Required...

5.4CVSS5.9AI score0.00471EPSS
Exploits2References4Affected Software1
thn
thn
added 2023/02/14 10:12 a.m.54 views

A CISOs Practical Guide to Storage and Backup Ransomware Resiliency

One thing is clear. The "business value" of data continues to grow, making it an organization's primary piece of intellectual property. From a cyber risk perspective, attacks on data are the most prominent threat to organizations. Regulators, cyber insurance firms, and auditors are paying much...

0.2AI score
Exploits0
osv
osv
added 2023/02/13 8:15 p.m.5 views

CVE-2022-48110

CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is addin...

6.1CVSS5.7AI score0.02097EPSS
Exploits4References2
osv
osv
added 2023/02/13 8:15 p.m.7 views

UBUNTU-CVE-2022-48110

DISPUTED CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who...

6.1CVSS7.2AI score0.02097EPSS
Exploits4References4
vulnrichment
vulnrichment
added 2023/02/13 12:0 a.m.5 views

CVE-2022-48110

CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is addin...

6.5AI score0.02097EPSS
Exploits4References2
prion
prion
added 2023/02/09 8:15 p.m.22 views

Open redirect

An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirectto with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker t...

5.8CVSS5.9AI score0.01049EPSS
Exploits0References1Affected Software2
openbugbounty
openbugbounty
added 2023/02/07 7:3 p.m.14 views

jjsyw.cn Cross Site Scripting vulnerability OBB-3185823

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
thn
thn
added 2023/02/06 10:0 a.m.42 views

SaaS in the Real World: Who's Responsible to Secure this Data?

When SaaS applications started growing in popularity, it was unclear who was responsible for securing the data. Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible...

0.3AI score
Exploits0
thn
thn
added 2023/02/06 10:0 a.m.2 views

SaaS in the Real World: Who's Responsible to Secure this Data?

When SaaS applications started growing in popularity, it was unclear who was responsible for securing the data. Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible...

6.3AI score
Exploits0
spring
spring
added 2023/02/02 12:0 a.m.19 views

A Bootiful Podcast: Moderne founder Jon Schneider on OpenRewrite, modernizing code bases en masse, freedom and responsibility, and more

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Moderne @moderneinc founder Jon Schneider @jonkschneider on OpenRewrite, modernizing code bases en masse, freedom and responsibility, and more...

1AI score
Exploits0
mmpc
mmpc
added 2022/12/19 6:0 p.m.17 views

How to build a secure foundation for identity and access

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Christina Richmond, a...

0.1AI score
Exploits0
malwarebytes
malwarebytes
added 2022/12/08 1:0 p.m.12 views

5 SaaS security best practices

Just about anywhere you look, organizations are relying on Software-as-a-Service SaaS apps like Dropbox and Hubspot to help power their businesses. With more SaaS apps, however, comes increased security risks. While SaaS is without a doubt the easiest and most accessible way for businesses to rea...

7AI score
Exploits0
qualysblog
qualysblog
added 2022/11/30 8:11 p.m.19 views

Qualys Broadens Security Offerings for Oracle Cloud Infrastructure

As organizations increase their use of public cloud platforms, they encounter cloud-specific security and compliance threats, which can be challenging to address without the right tools and processes. Organizations’ cloud security difficulties lie in two main areas: Lack of visibility into their...

Exploits0
openbugbounty
openbugbounty
added 2022/11/26 11:48 p.m.15 views

hatmanntoene.de Cross Site Scripting vulnerability OBB-3073630

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
redhat
redhat
added 2022/11/15 11:55 a.m.3 views

kernel: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 Remove WARNs that sanity check that KVM never lets a triple fault for L2 escape and incorrectly end up in L1. In normal operation, the sanity check is...

5.5CVSS6.2AI score0.0029EPSS
Exploits0References5
openbugbounty
openbugbounty
added 2022/11/07 12:54 p.m.13 views

simwe.com Cross Site Scripting vulnerability OBB-3041901

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
openbugbounty
openbugbounty
added 2022/11/05 12:43 p.m.6 views

lojavilla.com.br Cross Site Scripting vulnerability OBB-3037865

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
thn
thn
added 2022/10/28 1:25 p.m.33 views

Cloud Security Made Simple in New Guidebook For Lean Teams

Cloud computing was the lifeline that kept many companies running during the pandemic. But it was a classic case of medicine that comes with serious side effects. Having anywhere, anytime access to data and apps gives companies tremendous flexibility in a fast-changing world, plus the means to...

6.9AI score
Exploits0
osv
osv
added 2022/10/06 11:14 p.m.30 views

GHSA-4993-M7G5-R9HH etcd has no minimum password length

Vulnerability type Access Control Workarounds The etcdctl and etcd API do not enforce a specific password length during user creation or user password update operations. It is the responsibility of the administrator to enforce these requirements. Detail etcd does not perform any password length...

5.8CVSS7.5AI score0.01342EPSS
Exploits0References4
openbugbounty
openbugbounty
added 2022/10/06 12:5 a.m.12 views

macdata.se Cross Site Scripting vulnerability OBB-2979099

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Rows per page
Query Builder