Lucene search
K

3944 matches found

CISA
CISA
added 2023/02/14 12:0 a.m.132 views

Citrix Releases Security Updates for Workspace Apps, Virtual Apps and Desktops

Citrix has released security updates to address high-severity vulnerabilities CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483 in Citrix Workspace Apps, Virtual Apps and Desktops. A local user could exploit these vulnerabilities to take control of an affected system. CISA...

1.8AI score0.00265EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.3 views

WordPress Plugin ExpressTech Quiz And Survey Master 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS7.7AI score0.00384EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/02/12 12:0 a.m.8 views

WordPress Quiz And Survey Master Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.0.7 Fixed in 8.0.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46862 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bcb98ded3ded Credits Oliver K...

8.8CVSS6.6AI score0.00384EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/12 12:0 a.m.29 views

Quiz And Survey Master < 8.0.8 - Text Message Setting Update via CSRF

The plugin does not have CSRF check when updating the Quiz Text Message Setting, which could allow attackers to make logged admin perform such actions via a CSRF attack...

8.8CVSS8.2AI score0.00384EPSS
Exploits0Affected Software1
CISA
CISA
added 2023/02/09 12:0 a.m.15 views

OpenSSL Releases Security Advisory

OpenSSL has released a security advisory to address multiple vulnerabilities affecting OpenSSL versions 3.0.0, 2.2.2, and 1.0.2. An attacker could exploit some of these vulnerabilities to obtain sensitive information. CISA encourages users and administrators to review the OpenSSL advisory and mak...

2.4AI score
Exploits0References1
CISA
CISA
added 2023/02/08 12:0 a.m.77 views

CISA and FBI Release ESXiArgs Ransomware Recovery Guidance

Today, CISA and the Federal Bureau of Investigation FBI released a joint Cybersecurity Advisory, ESXiArgs Ransomware Virtual Machine Recovery Guidance. This advisory describes the ongoing ransomware campaign known as “ESXiArgs.” Malicious cyber actors may be exploiting known vulnerabilities in...

1.7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/08 12:0 a.m.7 views

PT-2023-6742 · WordPress · Quiz/Survey Master

Name of the Vulnerable Software and Affected Versions: The Quiz And Survey Master for WordPress versions up to, and including, 8.0.8 Description: The issue is related to a missing capability check on the function associated with the qsm remove file fd question AJAX action. This allows...

10CVSS9.1AI score0.02034EPSS
Exploits5References10
Spring Security Advisories
Spring Security Advisories
added 2023/02/07 12:0 a.m.18 views

This Week in Spring - February 7th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's Tuesday, February 7th, 2023, as I write this and I'm so very glad to be talking to you. How're you doin'? Some housekeeping: I'll be doing more live streams over on my YT channel - join me and we'll talk shop. I'm going...

0.1AI score
Exploits0
CISA
CISA
added 2023/02/07 12:0 a.m.10 views

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on February 7, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical...

2.7AI score
Exploits0References1
CISA
CISA
added 2023/02/07 12:0 a.m.10 views

CISA Releases ESXiArgs Ransomware Recovery Script

CISA has released a recovery script for organizations that have fallen victim to ESXiArgs ransomware. The ESXiArgs ransomware encrypts configuration files on vulnerable ESXi servers, potentially rendering virtual machines VMs unusable. CISA recommends organizations impacted by ESXiArgs evaluate t...

1.1AI score
Exploits0References1
Schneier on Security
Schneier on Security
added 2023/02/03 10:2 p.m.12 views

Friday Squid Blogging: Studying the Colossal Squid

A survey of giant squid science. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.9AI score
Exploits0
CISA
CISA
added 2023/02/02 12:0 a.m.7 views

Cisco Releases Security Advisories for Multiple Products

Cisco released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. This...

2.3AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/01/27 6:15 p.m.2 views

CVE-2022-48010

LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into...

5.4CVSS6AI score0.00483EPSS
Exploits1References2
Patchstack
Patchstack
added 2023/01/27 12:0 a.m.16 views

WordPress Survey Maker Plugin <= 3.2.0 is vulnerable to Broken Access Control

Software Survey Maker Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-22697 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e4e10a4b468a Credits Fariq Fadillah Gusti Insani...

6.5AI score0.00619EPSS
Exploits0References2Affected Software1
CISA
CISA
added 2023/01/27 12:0 a.m.48 views

ISC Releases Security Advisories for Multiple Versions of BIND 9

The Internet Systems Consortium ISC has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain BIND 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system...

2.5AI score0.5017EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/27 12:0 a.m.4 views

PT-2023-15547 · Unknown · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey version 5.4.15 Description: A stored cross-site scripting XSS issue was discovered in the component "/index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts". This issue allows attackers to execute arbitrary web...

5.4CVSS5.6AI score0.00483EPSS
Exploits1References9
CNNVD
CNNVD
added 2023/01/27 12:0 a.m.3 views

LimeSurvey 跨站脚本漏洞

LimeSurvey formerly known as PHPSurveyor is an open source online survey program by the Limesurvey team, which supports survey program development, questionnaire distribution, and data collection. A cross-site scripting vulnerability exists in LimeSurvey version v5.4.15, which stems from its...

5.4CVSS5.6AI score0.00483EPSS
Exploits1References2
CISA
CISA
added 2023/01/26 12:0 a.m.20 views

CISA Releases Eight Industrial Control Systems Advisories

CISA released eight Industrial Control Systems ICS advisories on January 26, 2023.These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

1.8AI score
Exploits0References8
CISA
CISA
added 2023/01/25 12:0 a.m.17 views

VMware Releases Security Updates for VMware vRealize Log Insight

VMware released security updates to address multiple vulnerabilities in VMware vRealize Log Insight. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0001 and apply th...

2.5AI score
Exploits0References1
CISA
CISA
added 2023/01/24 12:0 a.m.11 views

Apple Releases Security Updates for Multiple Products 

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page for the following products and app...

2.2AI score
Exploits0References9
Rows per page
Query Builder