Lucene search
+L

119 matches found

Wolfi
Wolfi
added 2024/11/12 8:48 p.m.3 views

GHSA-X8JH-XJ3X-GX3C vulnerabilities

Vulnerabilities for packages: nushell...

7.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/10/24 8:39 p.m.19 views

CVE-2024-47883 Butterfly has path/URL confusion in resource handling leading to multiple weaknesses

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local...

9.1CVSS7.7AI score0.01602EPSS
Exploits1References2
CVE
CVE
added 2024/10/24 8:39 p.m.80 views

CVE-2024-47883

CVE-2024-47883 affects the OpenRefine fork of the MIT Simile Butterfly server. The Butterfly framework uses java.net.URL to load local resources (images/templates). Before version 1.2.6, if a file:/ URL is supplied where a relative resource name is expected, some code paths accept it and fetch th...

9.1CVSS9.4AI score0.01602EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2024/09/17 12:0 a.m.198 views

Microsoft SQL Server Masked Data Exposure

Title: SQL Server Masked Data Exposure Through Brute Force Attack Product: Database Manufacturer: Microsoft Affected Versions: SQL Server 2014, 2016,2017,2019,2022 Tested Versions: SQL Server 2014, 2016,2017,2019,2022 Risk Level: Low Security Feature: Dynamic Data Masking Author of Advisory: Emad...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/05 1:2 p.m.36 views

Researchers Uncover Flaws in Windows Smart App Control and SmartScreen

Cybersecurity researchers have uncovered design weaknesses in Microsoft's Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings. Smart App Control SAC is a cloud-powered security feature introduced by...

7.3AI score
Exploits0
HackRead
HackRead
added 2024/05/28 10:44 a.m.24 views

What is an Infosec Audit and Why Does Your Company Need One?

By Uzair Amir Uncover IT security weaknesses and ensure compliance with infosec audits. Regular audits protect your data from breaches &… This is a post from HackRead.com Read the original post: What is an Infosec Audit and Why Does Your Company Need One?...

7.4AI score
Exploits0
HackRead
HackRead
added 2024/05/28 10:44 a.m.13 views

What is an Infosec Audit and Why Does Your Company Need One?

By Uzair Amir Uncover IT security weaknesses and ensure compliance with infosec audits. Regular audits protect your data from breaches &… This is a post from HackRead.com Read the original post: What is an Infosec Audit and Why Does Your Company Need One?...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/29 10:54 a.m.9 views

Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for...

7.5AI score
Exploits0
Veracode
Veracode
added 2024/01/31 6:33 a.m.20 views

Improper Certificate Validation

meshcentral is vulnerable to Improper Certificate Validation. The vulnerability is due to the disabling of certificate verification in HTTPS connections by setting rejectUnauthorized to false, and utilizing outdated and insecure TLS versions known for security weaknesses; also use of algorithms...

9.8CVSS6.9AI score0.00467EPSS
Exploits0References4Affected Software1
Malwarebytes
Malwarebytes
added 2023/10/02 4:0 a.m.24 views

Ransomware reinfections on the rise from improper remediation

Attack. Remediate. Repeat? Speak to any organization infiltrated by ransomware--the most dangerous malware in the world--and theyll be blunt: Theyd do anything to avoid getting hit twice. But ransomware attacks have been ramping up in 2023 and reinfections are occurring all over the globe, forcin...

8.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/19 11:4 a.m.43 views

Dr. Active Directory vs. Mr. Exposed Attack Surface: Who'll Win This Fight?

Active Directory AD is among the oldest pieces of software still used in the production environment and can be found in most organizations today. This is despite the fact that its historical security gaps have never been amended. For example, because of its inability to apply any security measure...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/03 3:36 p.m.40 views

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

Two new security weaknesses discovered in several electric vehicle EV charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft. The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing th...

0.3AI score
Exploits0
hivepro
hivepro
added 2022/12/19 1:1 p.m.53 views

VMware tackles security flaws in ESXi and vRealize

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware addressed security weaknesses to address a critical-severity vulnerability affecting ESXi, Workstation, Fusion, and Cloud Foundation, as well as a critical-severity command injection flaw...

0.7AI score0.01546EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/10/06 12:0 a.m.8 views

The vulnerability of the Microsoft Advertising Universal Event Tracking (UET) plugin in the WordPress content management system allows a hacker to perform cross-site scripting attacks.

The vulnerability of the Microsoft Advertising Universal Event Tracking UET plugin for WordPress content management systems exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting...

4.8CVSS5.3AI score0.01089EPSS
Exploits2References3Affected Software1
The Hacker News
The Hacker News
added 2022/09/23 5:14 a.m.67 views

Hackers Using Malicious OAuth Apps to Take Over Email Servers

Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications deployed on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. "The threat actor launched credential stuffing attacks against high-risk accounts that didn't...

0.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/09/08 1:17 p.m.14 views

Five Steps to Integrating a Data Repository Vulnerability Assessment Into A WAF–Driven Vulnerability Management Program

A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed. There are...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/12 8:10 a.m.43 views

Fast and Secure VPN on a Budget? Private Internet Access VPN Has You Covered

Back when the internet consisted of a handful of computers networked together across a few research institutions, nobody could have imagined that it would one day form the backbone of a new digital way of life. And that probably explains why none of the researchers who thought up its core...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2022/07/07 11:31 a.m.60 views

Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol

The popular protocol for radio controlled RC aircraft called ExpressLRS can be hacked in only a few steps, according to a bulletin published last week. ExpressLRS is an open-source long range radio link for RC applications, such as first-person view FPV drones. “Designed to be the best FPV Racing...

6.9AI score
Exploits0References6
Microsoft Secure
Microsoft Secure
added 2022/05/09 1:0 p.m.2677 views

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal activities. That depth of...

10CVSS10AI score0.99999EPSS
Exploits539
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/05/09 1:0 p.m.970 views

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal activities. That depth of...

10CVSS10AI score0.99999EPSS
Exploits539
Rows per page
Query Builder