Lucene search
+L

467 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2023/03/30 12:0 a.m.24 views

Google Chromium Network Service Use-After-Free Vulnerability

Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsof...

8.8CVSS8.8AI score0.24738EPSS
In wildExploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/25 12:48 a.m.21 views

Security Bulletin: Vulnerability in SSLv3 affects TS3100/TS3200 (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in TS3100/TS3200. Vulnerability Details CVE-ID : CVE-2014-3566 DESCRIPTION : Product could allow a remote attacker to obtain sensitive information...

4.3CVSS3.1AI score0.99999EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/25 12:44 a.m.51 views

Security Bulletin: Vulnerability in SSLv3 affects TS3100/TS3200 (CVE-2014-3566)

Summary Security Bulletin: Vulnerability in SSLv3 affects TS3100/TS3200 CVE-2014-3566 Vulnerability Details Security Bulletin --- Summary --- SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in...

4.3CVSS3.1AI score0.99999EPSS
Exploits7
The Hacker News
The Hacker News
added 2023/03/21 9:54 a.m.256 views

From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022

As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significa...

9.8CVSS8.7AI score0.99999EPSS
Exploits179
Vulnrichment
Vulnrichment
added 2023/03/20 3:52 p.m.13 views

CVE-2023-0937 VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS

The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1AI score0.00519EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/03/20 3:52 p.m.31 views

CVE-2023-0937 VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS

The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.2AI score0.00519EPSS
Exploits2References1
Amazon
Amazon
added 2023/03/20 12:0 a.m.71 views

Important: python-lxml

Issue Overview: A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page. This flaw allows a remote attacker to run arbitrary HTML/JS code. The...

8.2CVSS6.6AI score0.03934EPSS
Exploits1
The Hacker News
The Hacker News
added 2023/02/27 3:33 p.m.161 views

Researchers Share New Insights Into RIG Exploit Kit Malware's Operations

The RIG exploit kit EK touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. "RIG EK is a financially-motivated program that has been active since 2014," Swiss cybersecurity company PRODAFT said in an exhaustive report shared with The Hacker News...

10CVSS9AI score0.95683EPSS
Exploits99
The Hacker News
The Hacker News
added 2023/02/27 10:53 a.m.50 views

ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks

A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk VHD files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games...

0.7AI score
Exploits0
Akamai Blog
Akamai Blog
added 2023/02/24 2:0 p.m.20 views

Deliver Faster Downloads for Better Browsing, Part 4 of 5

Web browsers read HTML, CSS, and JavaScript code as well as video, images, and SVG files, then use that data to build and render a web page...

1.4AI score
Exploits0
WPVulnDB
WPVulnDB
added 2023/02/23 12:0 a.m.18 views

VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS

The plugin does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers PoC Make a logged in admin open the below URL using web browser which does not encode characters...

6.1CVSS6.1AI score0.00519EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2023/02/16 6:15 p.m.51 views

CVE-2023-25653 Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in node-jose can trigger a Denial-of-Service DoS condition, due to a...

7.5CVSS7.6AI score0.00552EPSS
Exploits0References2
CVE
CVE
added 2023/02/16 6:15 p.m.66 views

CVE-2023-25653

CVE-2023-25653 affects the node-jose library (JOSE for web browsers and Node.js) when using the non-default fallback crypto backend. The root cause is an infinite loop in ECC-related calculations due to how the modular inverse result from the jsbn library can be negative, which breaks the Barrett...

7.5CVSS7.4AI score0.00552EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/02/16 6:15 p.m.29 views

CVE-2023-25653 Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in node-jose can trigger a Denial-of-Service DoS condition, due to a...

7.5CVSS7.3AI score0.00552EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.3 views

SUSE CVE-2004-0595

The striptags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null \0 characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and...

6.8CVSS6.3AI score0.45159EPSS
Exploits3References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.5 views

SUSE CVE-2012-3992

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive POST content via...

4.3CVSS8.3AI score0.02513EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2023/01/10 12:54 p.m.22 views

Italian Users Warned of Malware Attack Targeting Sensitive Information

A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems. "The info-stealer malware steals sensitive information like system info, crypto wallet and browser histories, cookies, and credentials of crypto...

0.5AI score
Exploits0
Huntr
Huntr
added 2023/01/05 9:52 a.m.22 views

Cookie Session Not Expiring Even After Deleting the users

Description The session is not expiring in another browser if we delete the user. Proof of Concept 1. Create two users with an admin role for the POC 2. Login in two different browsers Firefox user A and Chrome user B respectively 3. Go the settings-users and delete user B from user A Firefox...

4CVSS6.3AI score0.00655EPSS
Exploits1
The Hacker News
The Hacker News
added 2022/12/21 7:12 a.m.22 views

Ukraine's DELTA Military System Users Under Attack from Info Stealing Malware

The Computer Emergency Response Team of Ukraine CERT-UA this week disclosed that users of the Delta situational awareness program received phishing emails from a compromised email account belonging to the Ministry of Defense. The attacks, which have been attributed to a threat cluster dubbed...

0.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/12/13 4:8 p.m.4 views

Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy

The Mozilla Foundation Security Advisory describes this flaw as: When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec...

6.5CVSS7.3AI score0.00744EPSS
Exploits0References6
Rows per page
Query Builder