Lucene search
+L

71 matches found

ptsecurity
ptsecurity
added 2026/05/21 12:0 a.m.35 views

PT-2026-52217

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.3 Description Incomplete Server-Side Request Forgery SSRF protection exists within the webhook and migration allow-list filtering. SSRF is a flaw that allows an attacker to induce the server-side application to mak...

9.6CVSS7.2AI score0.00464EPSS
Exploits1References15
hackread
hackread
added 2026/04/18 2:25 p.m.7 views

ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers

Hackers are exploiting a 5-year-old ShowDoc vulnerability CVE-2025-0520 to deploy web shells, enabling RCE and full server takeover worldwide...

9.4CVSS6AI score0.00976EPSS
Exploits0
cnnvd
cnnvd
added 2026/03/10 12:0 a.m.8 views

OneUptime 安全漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.21 contained security vulnerabilities. These vulnerabilities stemmed from bypasses in authorization and tenant isolation, which could...

9.9CVSS5.8AI score0.00494EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/03/06 12:0 a.m.10 views

chartbrew 代码问题漏洞

Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.4 contained code vulnerabilities. These vulnerabilities stemmed from allowing the upload of files without verifying their types or content. This could lead to the...

6.3CVSS5.7AI score0.00211EPSS
Exploits1References3
krebs
krebs
added 2025/11/24 6:44 p.m.17 views

Is Your Android TV Streaming Box Part of a Botnet?

On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix , ESPN and Hulu , all for a one-time fee of around $400. But security experts...

7AI score
Exploits0
github
github
added 2025/09/23 12:29 a.m.9 views

Our plan for a more secure npm supply chain

Open source software is the bedrock of the modern software industry. Its collaborative nature and vast ecosystem empower developers worldwide, driving efficiency and progress at an unprecedented scale. This scale also presents unique vulnerabilities that are continually tested and under attack by...

7.1AI score
Exploits0
schneier
schneier
added 2025/09/15 11:5 a.m.6 views

Lawsuit About WhatsApp Security

Attaullah Baig, WhatsApp's former head of security, has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission. The lawsuit, alleging violations of the whistleblower...

6.7AI score
Exploits0
wizblog
wizblog
added 2025/09/04 4:39 p.m.3 views

From Compromised Keys to Phishing Campaigns: Inside a Cloud Email Service Takeover

Exposed cloud credentials become the launchpad for mass phishing, highlighting email services as a prime target in cloud exploitation campaigns...

7AI score
Exploits0
thn
thn
added 2025/08/19 6:36 a.m.9 views

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

The maintainers of the Python Package Index PyPI repository have announced that the package manager now checks for expired domains to prevent supply chain attacks. "These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gai...

8.1AI score
Exploits0
cnvd
cnvd
added 2025/07/04 12:0 a.m.3 views

Multiple Advantech products have unspecified vulnerabilities

Advantech WISE-4060LAN is an industrial automation controller from Advantech, Taiwan, China. A security vulnerability exists in multiple Advantech products, which can be exploited by attackers to cause brute force exploits and account takeovers...

5CVSS5.8AI score0.0043EPSS
Exploits0References1
thn
thn
added 2025/06/25 4:56 p.m.16 views

nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery

New research has uncovered continued risk from a known security weakness in Microsoft's Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service SaaS applications. Identity security company Semperis, in an analysis of 104 SaaS applications,...

7.5AI score
Exploits0
malwarebytes
malwarebytes
added 2025/06/19 1:58 p.m.18 views

Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online

When organizations, good or bad, start hoarding collections of login credentials the numbers quickly add up. Take the 184 million logins for social media accounts we reported about recently. Now try to imagine 16 billion! Researchers at Cybernews have discovered 30 exposed datasets containing fro...

7AI score
Exploits0
redhatcve
redhatcve
added 2025/02/05 7:41 p.m.11 views

CVE-2022-39427

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

8.8CVSS7AI score0.00349EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/12/06 12:0 a.m.5 views

PT-2024-30386 · WordPress · Sweet Date

Name of the Vulnerable Software and Affected Versions: Sweet Date versions 3.7.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Sweet Date WordPress theme, which could expose thousands of sites to potential takeovers. This vulnerability may allow...

9.8CVSS9.2AI score0.0076EPSS
Exploits0References12
hackread
hackread
added 2024/09/04 11:29 p.m.12 views

New Supply Chain Attack “Revival Hijack” Risks Massive PyPI Takeovers

JFrog's cybersecurity researchers have identified a new PyPI attack technique called "Revival Hijack," which exploits package deletion policies. Over 22,000 packages are at risk, potentially impacting thousands of users. Stay informed!...

7.3AI score
Exploits0
zdt
zdt
added 2024/06/14 12:0 a.m.227 views

Boelter Blue System Management 1.3 - SQL Injection Vulnerability

Exploit Title: SQL Injection Vulnerability in Boelter Blue System Management version 1.3 Google Dork: inurl:"Powered by Boelter Blue" Exploit Author: CBKB DeadlyData, R4d1x Vendor Homepage: https://www.boelterblue.com Software Link:...

9.1CVSS9.4AI score0.02241EPSS
Exploits3
exploitdb
exploitdb
added 2024/06/14 12:0 a.m.473 views

Boelter Blue System Management 1.3 - SQL Injection

Exploit Title: SQL Injection Vulnerability in Boelter Blue System Management version 1.3 Google Dork: inurl:"Powered by Boelter Blue" Date: 2024-06-04 Exploit Author: CBKB DeadlyData, R4d1x Vendor Homepage: https://www.boelterblue.com Software Link:...

9.1CVSS9.2AI score0.02241EPSS
Exploits3
thn
thn
added 2024/03/05 3:34 a.m.49 views

Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers

A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems. The flaws, tracked as CVE-2024-27198 CVSS score: 9.8 and CVE-2024-27199 CVSS score: 7.3, have been addressed in...

9.8CVSS7.7AI score0.99991EPSS
Exploits25
prion
prion
added 2024/02/05 10:15 p.m.30 views

Directory traversal

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead ...

5.8CVSS6.8AI score0.01312EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2024/02/05 9:21 p.m.34 views

CVE-2024-0221 Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead ...

9.1CVSS9.1AI score0.01312EPSS
Exploits0References4
Rows per page
Query Builder