Lucene search
+L

138 matches found

BDU FSTEC
BDU FSTEC
added 2023/10/13 12:0 a.m.6 views

The vulnerability of the Contact Form Generator plugin, which is designed for creating contact forms on WordPress websites, allows a hacker to perform XSS attacks.

The vulnerability of the Contact Form Generator plugin, which is designed for creating contact forms on WordPress websites, exists due to the lack of security measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotel...

6.4CVSS6.7AI score0.01231EPSS
Exploits3References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/11 9:25 a.m.34 views

Security Bulletin: Vulnerability in Python Cryptographic Authority cryptography affects IBM Process Mining . CVE-2023-38325

Summary There is a vulnerability in Python Cryptographic Authority cryptography that could allow a remote authenticated attacker to launch attacks on the system . The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerabili...

7.5CVSS7.2AI score0.00726EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/06 12:0 a.m.4 views

PT-2023-24837 · Soar Cloud · Soar Cloud Ltd. Hr Portal

Name of the Vulnerable Software and Affected Versions: Soar Cloud Ltd. HR Portal affected versions not specified Description: The issue concerns a weak Password Recovery Mechanism for Forgotten Password in the Soar Cloud Ltd. HR Portal. The reset password link sent out through e-mail remains vali...

7.8CVSS7.5AI score0.00169EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2023/08/23 12:0 a.m.6 views

The vulnerability of the WebShare component of the Google Chrome browser for Android allows a hacker to manipulate the URL bar content.

The vulnerability of the WebShare component of the Google Chrome browser for Android is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to manipulate the URL input using a specially created HTML page...

5CVSS5.4AI score0.00657EPSS
Exploits0References6Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/08 10:22 p.m.62 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.12 and earlier

Summary This fix upgrades to node 18.16.1. Vulnerability Details CVEID:CVE-2023-30584 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass when verifying file permissions. By sending a specially crafted request, an attacker could...

7.7CVSS7.8AI score0.03906EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/05 2:52 p.m.103 views

Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-35890)

Summary IBM WebSphere Application Server could provide weaker than expected security. This has been addressed in the Remediation/Fixes section. Vulnerability Details CVEID:CVE-2023-35890 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security, caused by the...

5.5CVSS5.1AI score0.00122EPSS
Exploits0Affected Software1
NVD
NVD
added 2023/05/24 12:15 a.m.17 views

CVE-2023-31761

Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack...

7.5CVSS7.7AI score0.00285EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/23 12:0 a.m.11 views

CVE-2023-31763

Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack...

7.3AI score0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/23 12:0 a.m.23 views

CVE-2023-31761

Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack...

7.9AI score0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/23 12:0 a.m.36 views

CVE-2023-31763

Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack...

7.9AI score0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/23 12:0 a.m.26 views

CVE-2023-31759

Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack...

7.9AI score0.00286EPSS
Exploits0References2
CVE
CVE
added 2023/05/23 12:0 a.m.83 views

CVE-2023-31763

CVE-2023-31763 affects the AGShome Smart Alarm v1.0 transmitter. The vulnerability stems from weak security in the transmitter, enabling a code replay attack that could give an attacker full access to the system. The NVD/CVE records indicate a base score of 7.5 (HIGH) with AV:A, AC:H, PR:N, UI:N,...

7.5CVSS7.7AI score0.00285EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/10 12:0 a.m.13 views

The vulnerability of Google Chrome’s Picture-in-Picture (PiP) technology, which allows attackers to carry out phishing attacks.

The vulnerability of Google Chrome’s Picture-in-Picture PiP technology is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to carry out phishing attacks using a specially created HTML page...

5CVSS5.8AI score0.00801EPSS
Exploits0References9Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/04/07 12:0 a.m.8 views

The vulnerability of Google Chrome browser extensions, which allows a violator to disclose protected information

The vulnerability of Google Chrome’s browser extensions is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information...

7.5CVSS6.7AI score0.00712EPSS
Exploits0References8Affected Software3
CNNVD
CNNVD
added 2022/12/01 12:0 a.m.7 views

IBM WebSphere Automation 授权问题漏洞

IBM WebSphere Automation is an operations platform from International Business Machines IBM. automates operational activities to proactively mitigate security risks and accelerate threat remediation. A security vulnerability exists in IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps...

6.5CVSS6.5AI score0.00168EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/11/03 12:0 a.m.4 views

CVE-2022-41710

Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy or at least not strict enough and/or does not...

6.6AI score0.00365EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/20 6:47 p.m.65 views

Security Bulletin: IBM Sterling Order Management Netty 4.1.34 vulnerablity

Summary Netty could provide various potential exploitable entry points icnluding weaker than expected security, netty-codec is vulnerable to a denial of service, and HTTP request smuggling Vulnerability Details CVEID:CVE-2019-20445 DESCRIPTION: Netty could provide weaker than expected security,...

9.1CVSS8.2AI score0.25448EPSS
Exploits4Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/02 12:0 a.m.5 views

PT-2022-14068 · Unknown · Keep My Notes

Name of the Vulnerable Software and Affected Versions: Keep My Notes version 1.80.147 Description: The issue allows an attacker with physical access to the victim's device to bypass the application's password/pin lock, accessing user data due to inadequate security controls that fail to prevent...

4.6CVSS4.6AI score0.00415EPSS
Exploits1References5
CISA
CISA
added 2022/05/17 12:0 a.m.18 views

Weak Security Controls and Practices Routinely Exploited for Initial Access

The cybersecurity authorities of the United States, Canada, New Zealand, the Netherlands, and the United Kingdom have issued a joint Cybersecurity Advisory CSA on 10 routinely exploited weak security controls, poor configurations, and bad practices that allow malicious actors to compromise...

1.7AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/12 1:13 a.m.266 views

Security Bulletin: Vulnerability in Flask and Python affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2021-33026, CVE-2022-0391)

Summary Elevation of privileges vulnerability in Flask and weaker than expected security in Python can affect IBM Spectrum Protect Plus Microsoft® File Systems backup and restore. Vulnerability Details CVEID: CVE-2021-33026 DESCRIPTION: Flask-Caching extension for Flask could allow a local...

9.8CVSS8.1AI score0.08325EPSS
Exploits4Affected Software1
Rows per page
Query Builder