Lucene search
K
AvleonovRecent

389 matches found

Information Security Automation
Information Security Automation
added 2025/03/10 8:49 p.m.6 views

Should a VM specialist be aware of what is happening in the Darknet?

Should a VM specialist be aware of what is happening in the Darknet? Of course. At least roughly. Otherwise, he'll fall for the "nobody’s attacking us" myth. The reality is that every organization is under attack all the time. It's like commercial fishing with trawlers. Anything that gets caught ...

7.4AI score
Exploits0
Information Security Automation
Information Security Automation
added 2025/02/27 10:32 a.m.22 views

About Authentication Bypass – PAN-OS (CVE-2025-0108) vulnerability

About Authentication Bypass - PAN-OS CVE-2025-0108 vulnerability. PAN-OS is the operating system used in all Palo Alto Network NGFWs. This vulnerability allows an unauthenticated attacker to gain access to the PAN-OS management web interface. The attacker can then "invoke certain PHP scripts",...

5.9CVSS8.6AI score0.98338EPSS
Exploits22
Information Security Automation
Information Security Automation
added 2025/02/25 10:19 a.m.23 views

February Linux Patch Wednesday

FebruaryLinux Patch Wednesday. There are 561 vulnerabilities in total. 338 in Linux Kernel. Formally, there is one vulnerability with a sign of exploitation in the wild: RCE - 7-Zip CVE-2025-0411. But it is about Windows MoTW and, naturally, is not exploitable on Linux. There are public exploits...

8.7CVSS7.7AI score0.89472EPSS
Exploits45
Information Security Automation
Information Security Automation
added 2025/02/18 5:28 p.m.27 views

New episode “In The Trend of VM” (#11): vulnerabilities that became trending in December and the final report on trending vulnerabilities for 2024

New episode "In The Trend of VM" 11: vulnerabilities that became trending in December and the final report on trending vulnerabilities for 2024. I made this episode exclusively for the Telegram channel @avleonovcom "Vulnerability Management and More". Video on YouTube, LinkedIn Post on Habr rus...

9.5CVSS7.8AI score0.78198EPSS
Exploits24
Information Security Automation
Information Security Automation
added 2025/02/12 10:1 p.m.18 views

February Microsoft Patch Tuesday

February Microsoft Patch Tuesday. 89 CVEs, 33 added since January. Two with signs of exploitation in the wild: EoP - Windows Ancillary Function Driver for WinSock CVE-2025-21418 EoP - Windows Storage CVE-2025-21391 There are no vulnerabilities with public exploits, but there are 7 with private...

9.9CVSS7.6AI score0.29778EPSS
Exploits0
Information Security Automation
Information Security Automation
added 2025/02/06 4:31 p.m.22 views

About Elevation of Privilege – Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335) vulnerability

About Elevation of Privilege - Windows Hyper-V NT Kernel Integration VSP CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 vulnerability. These three vulnerabilities were disclosed as part of Microsoft's January Patch Tuesday and share the same description. They were found in a component used for...

7.8CVSS7.6AI score0.09798EPSS
Exploits5
Information Security Automation
Information Security Automation
added 2025/02/04 12:32 p.m.23 views

About Remote Code Execution – Microsoft Configuration Manager (CVE-2024-43468) vulnerability

About Remote Code Execution - Microsoft Configuration Manager CVE-2024-43468 vulnerability. This vulnerability is from the October 2024 MSPT. Microsoft Configuration Manager ConfigMgr is used to manage large groups of computers, providing remote control, patch management, software distribution,...

9.8CVSS8.8AI score0.60661EPSS
Exploits3
Information Security Automation
Information Security Automation
added 2025/01/28 12:22 p.m.20 views

About Remote Code Execution – 7-Zip (CVE-2025-0411) vulnerability

About Remote Code Execution - 7-Zip CVE-2025-0411 vulnerability. 7-Zip is a popular, free, open-source archiver widely used by organizations as a standard tool for managing archives. The vulnerability is a bypass of the Mark-of-the-Web mechanism. If you download and run a suspicious executable fi...

7CVSS7.8AI score0.67071EPSS
Exploits8
Information Security Automation
Information Security Automation
added 2025/01/27 8:34 p.m.24 views

About Authentication Bypass – FortiOS (CVE-2024-55591) vulnerability

About Authentication Bypass - FortiOS CVE-2024-55591 vulnerability. A critical flaw allows remote attackers to gain super-admin privileges via crafted requests to the Node.js websocket module. Affected systems include Fortinet devices running FortiOS e.g., FortiGate NGFW and FortiProxy. On Januar...

9.8CVSS7.6AI score0.98259EPSS
Exploits9
Information Security Automation
Information Security Automation
added 2025/01/23 8:14 a.m.21 views

About Remote Code Execution – Windows OLE (CVE-2025-21298) vulnerability

About Remote Code Execution - Windows OLE CVE-2025-21298 vulnerability. The vulnerability is from the January Microsoft Patch Tuesday. OLE Object Linking and Embedding is a technology for linking and embedding objects into other documents and objects, developed by Microsoft. A common use of this...

9.8CVSS7.8AI score0.80912EPSS
Exploits6
Information Security Automation
Information Security Automation
added 2025/01/20 3:2 p.m.33 views

I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies

I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies. Last year, 74 vulnerabilities were classified as trending to compare the scale, just over 40,000 were added to NVD in 2024. All trending vulnerabilities are found in Western commercial products and...

9.8CVSS9AI score0.99999EPSS
Exploits82
Information Security Automation
Information Security Automation
added 2025/01/19 1:26 a.m.27 views

January Linux Patch Wednesday

JanuaryLinux Patch Wednesday. Out of 424 total vulnerabilities, 271 are in the Linux Kernel. None show signs of exploitation in the wild, but 9 have public exploits. RCE - Apache Tomcat CVE-2024-56337. Based on the description, the vulnerability affects "case-insensitive file systems" like Window...

9.8CVSS7.4AI score0.21985EPSS
Exploits21
Information Security Automation
Information Security Automation
added 2025/01/16 11:46 a.m.25 views

The Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) has become more critical

The Elevation of Privilege - Windows Common Log File System Driver CVE-2024-49138 has become more critical. Just as I wrote that nothing had been heard about this vulnerability for a month since it was first published in Microsoft's December Patch Tuesday, a public exploit for it appeared on...

7.8CVSS7.3AI score0.25414EPSS
Exploits4
Information Security Automation
Information Security Automation
added 2025/01/15 9:29 a.m.20 views

What has become known about the Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) vulnerability from the December Microsoft Patch Tuesday a month later?

What has become known about the Elevation of Privilege - Windows Common Log File System Driver CVE-2024-49138 vulnerability from the December Microsoft Patch Tuesdaya month later? Almost nothing. This is a vulnerability in a standard Windows component, available in all versions starting with...

7.8CVSS7.2AI score0.25414EPSS
Exploits4
Information Security Automation
Information Security Automation
added 2025/01/14 11:22 p.m.36 views

January Microsoft Patch Tuesday

January Microsoft Patch Tuesday. 170 CVEs, 10 of them were added since December MSPT. 3 exploited in the wild: EoP - Windows Hyper-V NT Kernel Integration VSP CVE-2025-21333, CVE-2025-21334, CVE-2025-21335. No details yet. No vulnerabilities have public exploits. 5 have private ones: Security...

9.8CVSS7.6AI score0.80912EPSS
Exploits11
Information Security Automation
Information Security Automation
added 2025/01/13 10:4 a.m.21 views

About Elevation of Privilege – Windows Kernel Streaming WOW Thunk Service Driver (CVE-2024-38144) vulnerability

About Elevation of Privilege - Windows Kernel Streaming WOW Thunk Service Driver CVE-2024-38144 vulnerability. The vulnerability is from the August Microsoft Patch Tuesday. It wasn't highlighted in reviews; all we knew was that a local attacker could gain SYSTEM privileges. Three and a half month...

8.8CVSS7.2AI score0.32347EPSS
Exploits0
Information Security Automation
Information Security Automation
added 2025/01/11 12:41 p.m.27 views

About Authentication Bypass – Hunk Companion WordPress plugin (CVE-2024-11972) vulnerability

About Authentication Bypass - Hunk Companion WordPress plugin CVE-2024-11972 vulnerability. ThemeHunk company develops commercial themes for WordPress CMS. And the Hunk Companion plugin is designed to complement and enhance the functionality of these themes. The plugin has over 10,000...

10CVSS7.4AI score0.54754EPSS
Exploits9
Information Security Automation
Information Security Automation
added 2025/01/09 2:28 p.m.10 views

Aggregators of actively discussed vulnerabilities

Aggregators of actively discussed vulnerabilities. Alexander Redchits updated his list of services that highlight TOP CVE vulnerabilities and uploaded it with descriptions to teletype in Russian. Now there are 11 of them: 1. Intruder's Top CVE Trends & Expert Vulnerability Insights 2. Cytidel Top...

7.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2025/01/08 9:47 p.m.22 views

About Remote Code Execution – Apache Struts (CVE-2024-53677) vulnerability

About Remote Code Execution - Apache Struts CVE-2024-53677 vulnerability. Apache Struts is an open source software framework for building Java web applications. It allows developers to separate the application's business logic from the user interface. Due to its scalability and flexibility, Apach...

9.5CVSS8AI score0.78198EPSS
Exploits15
Information Security Automation
Information Security Automation
added 2025/01/08 1:58 a.m.22 views

About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)

About Remote Code Execution - Windows Lightweight Directory Access Protocol LDAP CVE-2024-49112. The vulnerability is from the December Microsoft Patch Tuesday. Three weeks later, on January 1, researchers from SafeBreach released a write-up on this vulnerability, labeled as LDAPNightmare , and a...

9.8CVSS7.8AI score0.70906EPSS
Exploits3
Information Security Automation
Information Security Automation
added 2025/01/02 7:34 p.m.37 views

New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches

New episode "In The Trend of VM" 10: 8 trending vulnerabilities of November, zero budget VM and who should look for patches. The competition for the best question on the topic of VM continues. Video on YouTube, LinkedIn Post on Habr rus Digest on the PT website Content: 00:29 Spoofing - Windows...

5.9CVSS7.6AI score0.99698EPSS
Exploits41
Information Security Automation
Information Security Automation
added 2024/12/10 11:19 p.m.35 views

December Microsoft Patch Tuesday

December Microsoft Patch Tuesday. 89 CVEs, of which 18 were added since November MSPT. 1 vulnerability with signs of exploitation in the wild: EoP - Windows Common Log File System Driver CVE-2024-49138. There are no details about this vulnerability yet. Strictly speaking, there was another...

9.8CVSS6.8AI score0.70906EPSS
Exploits7
Information Security Automation
Information Security Automation
added 2024/12/04 1:21 p.m.28 views

About Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039) vulnerability

About Elevation of Privilege - Windows Task Scheduler CVE-2024-49039 vulnerability. It was released on November Microsoft Patch Tuesday and showed signs of exploitation in the wild right away. To exploit the vulnerability, an authenticated attacker runs a specially crafted application on the targ...

8.8CVSS7.1AI score0.13719EPSS
Exploits1
Information Security Automation
Information Security Automation
added 2024/12/03 5:22 p.m.21 views

About Elevation of Privilege – needrestart (CVE-2024-48990) vulnerability

About Elevation of Privilege - needrestart CVE-2024-48990 vulnerability. On November 19, Qualys released a security bulletin about five privilege escalation vulnerabilities in the needrestart utility CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003 used in Ubuntu...

7.8CVSS7.5AI score0.19924EPSS
Exploits16
Information Security Automation
Information Security Automation
added 2024/12/03 4:25 p.m.22 views

About Path Traversal – Zyxel firewall (CVE-2024-11667) vulnerability

About Path Traversal - Zyxel firewall CVE-2024-11667 vulnerability. A directory traversal vulnerability in the web management interface of Zyxel firewall could allow an attacker to download or upload files via a crafted URL. The vulnerability affects Zyxel ZLD firmware versions from 5.00 to 5.38,...

9.8CVSS7.2AI score0.03017EPSS
Exploits0
Information Security Automation
Information Security Automation
added 2024/11/29 11:0 p.m.19 views

About Elevation of Privilege – PAN-OS (CVE-2024-9474) vulnerability

About Elevation of Privilege - PAN-OS CVE-2024-9474 vulnerability. An attacker with PAN-OS administrator access to the management web interface can perform actions on the Palo Alto device with root privileges. Linux commands can be injected via unvalidated input in script. The need for...

5.9CVSS9.7AI score0.99698EPSS
Exploits18
Information Security Automation
Information Security Automation
added 2024/11/28 12:57 p.m.23 views

New episode “In The Trend of VM” (#9): 4 trending vulnerabilities of October, scandal at The Linux Foundation, social “attack on the complainer”, “Ford’s method” for motivating IT specialists to fix vulnerabilities

New episode "In The Trend of VM" 9: 4 trending vulnerabilities of October, scandal at The Linux Foundation, social "attack on the complainer", "Ford's method" for motivating IT specialists to fix vulnerabilities. The competition for the best question on the topic of VM continues. Video on YouTube...

10CVSS7.6AI score0.44382EPSS
Exploits12
Information Security Automation
Information Security Automation
added 2024/11/27 3:23 p.m.21 views

About Authentication Bypass – PAN-OS (CVE-2024-0012) vulnerability

About Authentication Bypass - PAN-OS CVE-2024-0012 vulnerability. An unauthenticated attacker with network access to the Palo Alto device web management interface could gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other...

5.9CVSS7.2AI score0.99698EPSS
Exploits15
Information Security Automation
Information Security Automation
added 2024/11/20 10:15 p.m.19 views

November Linux Patch Wednesday

November Linux Patch Wednesday. I was happy in October that the number of vulnerabilities was gradually decreasing to an acceptable level, and in November I got a peak again. A total of 803 vulnerabilities. Of these, 567 are in the Linux Kernel. Kind of crazy. 2 vulnerabilities in Chromium with...

9.1CVSS7.4AI score0.01602EPSS
Exploits5
Information Security Automation
Information Security Automation
added 2024/11/19 9:26 p.m.33 views

About Remote Code Execution – FortiManager “FortiJump” (CVE-2024-47575) vulnerability

About Remote Code Execution - FortiManager "FortiJump" CVE-2024-47575 vulnerability. FortiManager is a centralized solution for configuring, enforcing policies, updating, and monitoring Fortinet network devices. The vulnerability was released on October 23. A missing authentication for critical...

9.8CVSS10AI score0.94761EPSS
Exploits7
Information Security Automation
Information Security Automation
added 2024/11/19 8:19 a.m.10 views

On November 13, NIST NVD finally admitted the obvious: they had failed to process the CVE analysis backlog before the end of the fiscal year (September 30)

On November 13, NIST NVD finallyadmittedthe obvious: they had failed to process the CVE analysis backlog before the end of the fiscal year September 30. This is actually visible in their own statistics. At the moment, there are 19860 identifiers in the backlog. This week, 1136 new CVEs were...

7.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2024/11/16 12:9 p.m.8 views

Qualys released QScanner – a console vulnerability scanner for container images

QualysreleasedQScanner - a console vulnerability scanner for container images. Feed it an image and get a list of vulnerabilities a la Trivy. It supports: " Local Runtimes: Scan images from Docker, Containerd, or Podman. Local Archives: Analyze Docker images or OCI layouts from local files. Remot...

7.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2024/11/12 10:48 p.m.75 views

November Microsoft Patch Tuesday

November Microsoft Patch Tuesday. 125 CVEs, 35 of which were added since October MSPT. 2 vulnerabilities with signs of exploitation in the wild: Elevation of Privilege - Windows Task Scheduler CVE-2024-49039 Disclosure/Spoofing - NTLM Hash CVE-2024-43451 No signs of exploitation, but with a priva...

9.8CVSS7.5AI score0.81817EPSS
Exploits1
Information Security Automation
Information Security Automation
added 2024/11/12 8:16 a.m.8 views

I transformed my English-language site avleonov.com

I transformed my English-language siteavleonov.com. While my Russian-language site avleonov.ru was intended as a mirror of my Telegram channel @avleonovrus, I wasn't sure how to move forward with the English-language site. I've been running it since 2016. For a long time, it was my main VM blog...

7.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2024/10/31 11:50 a.m.23 views

About Remote Code Execution – XWiki Platform (CVE-2024-31982) vulnerability

About Remote Code Execution - XWiki Platform CVE-2024-31982 vulnerability. XWiki is a free open-source wiki platform. Its main feature is simplified extensibility. XWiki is often used in corporate environments as a replacement for commercial Wiki solutions such as Atlassian Confluence. A...

10CVSS8.2AI score0.3452EPSS
Exploits4
Information Security Automation
Information Security Automation
added 2024/10/30 10:51 a.m.27 views

What is known about the Spoofing – Windows MSHTML Platform (CVE-2024-43573) vulnerability from the October Microsoft Patch Tuesday?

What is known about the Spoofing - Windows MSHTML Platform CVE-2024-43573 vulnerability from the October Microsoft Patch Tuesday? In fact, just that it is being exploited in the wild. There are no write-ups or public exploits yet. The Acknowledgements section in the Microsoft bulletin is empty. I...

8.1CVSS7AI score0.84345EPSS
Exploits0
Information Security Automation
Information Security Automation
added 2024/10/27 4:24 p.m.21 views

The severity of the Remote Code Execution – Microsoft SharePoint (CVE-2024-38094) vulnerability has increased

The severity of the Remote Code Execution - Microsoft SharePoint CVE-2024-38094 vulnerability has increased. It was fixed as part of the July Microsoft Patch Tuesday July 9. SharePoint is a popular platform for corporate portals. According to the Microsoft bulletin, аn authenticated attacker with...

7.2CVSS7.8AI score0.5318EPSS
Exploits1
Information Security Automation
Information Security Automation
added 2024/10/23 8:26 p.m.17 views

On Monday, October 21, updates for the critical Remote Code Execution – VMware vCenter (CVE-2024-38812) vulnerability were released again

On Monday, October 21, updates for the critical Remote Code Execution - VMware vCenter CVE-2024-38812 vulnerabilitywere released again. Wait, haven't fixes for this vulnerability been available since September 17th? They were, but it was not enough. " VMware by Broadcom has determined that the...

9.8CVSS7.9AI score0.54143EPSS
Exploits0
Information Security Automation
Information Security Automation
added 2024/10/22 8:7 p.m.25 views

The severity of the Elevation of Privilege – Windows Kernel-Mode Driver (CVE-2024-35250) vulnerability has increased

The severity of the Elevation of Privilege - Windows Kernel-Mode Driver CVE-2024-35250 vulnerability has increased. This vulnerability was fixed as part of the June Microsoft Patch Tuesday. As in the case of the CVE-2024-30090 vulnerability, it was discovered by a researcher with the nickname...

7.8CVSS6.8AI score0.25222EPSS
Exploits8
Information Security Automation
Information Security Automation
added 2024/10/22 11:44 a.m.24 views

The severity of the Elevation of Privilege – Microsoft Streaming Service (CVE-2024-30090) vulnerability has increased

The severity of the Elevation of Privilege - Microsoft Streaming Service CVE-2024-30090 vulnerability has increased. The vulnerability was fixed as part of the June Microsoft Patch Tuesday. At that time, no one highlighted this vulnerability. The vulnerability was discovered by a researcher with...

7CVSS6.6AI score0.01965EPSS
Exploits1
Information Security Automation
Information Security Automation
added 2024/10/21 1:1 p.m.31 views

September episode of “In The Trend of VM”: 7 CVEs, fake reCAPTCHA, lebanese pagers, VM and IT annual bonuses

September episode of "In The Trend of VM": 7 CVEs, fake reCAPTCHA, lebanese pagers, VM and IT annual bonuses. Starting this month, we decided to slightly expand the topics of the videos and increase their duration. I cover not only the trending vulnerabilities of September, but also social...

9.8CVSS7.7AI score0.88193EPSS
Exploits12
Information Security Automation
Information Security Automation
added 2024/10/16 9:56 p.m.18 views

October Linux Patch Wednesday

October Linux Patch Wednesday. There are 248 vulnerabilities in total. Of these, 92 are in the Linux Kernel. 5 vulnerabilities with signs of exploitation in the wild: Remote Code Execution - CUPS CVE-2024-47176 and 4 more CUPS vulnerabilities that can also be used to enhance DoS attacks Remote Co...

9.8CVSS7.7AI score0.50174EPSS
Exploits26
Information Security Automation
Information Security Automation
added 2024/10/15 12:21 p.m.29 views

About Cross Site Scripting – Roundcube Webmail (CVE-2024-37383) vulnerability

About Cross Site Scripting - Roundcube Webmail CVE-2024-37383 vulnerability. Roundcube is a web-based email client with functionality comparable to desktop email clients such as Outlook Express or Mozilla Thunderbird. The vulnerability is caused by an error in the processing of SVG elements in th...

6.1CVSS6.7AI score0.73445EPSS
Exploits7
Information Security Automation
Information Security Automation
added 2024/10/13 9:41 a.m.30 views

Veeam B&R RCE vulnerability CVE-2024-40711 is exploited in attacks

Veeam B &R RCE vulnerability CVE-2024-40711is exploited in attacks. On September 24, there were no signs of this vulnerability being exploited in the wild. And on October 10, Sophos X-Ops reported that they had observed a series of attacks exploiting this vulnerability over the course of a month...

9.8CVSS7.4AI score0.88193EPSS
Exploits3
Information Security Automation
Information Security Automation
added 2024/03/05 6:43 p.m.81 views

February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW

February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW. Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting...

10CVSS9AI score0.99999EPSS
Exploits111
Information Security Automation
Information Security Automation
added 2024/02/01 5:7 p.m.71 views

November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review

November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review. Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a loo...

9.8CVSS10AI score0.99984EPSS
Exploits129
Information Security Automation
Information Security Automation
added 2023/11/05 6:39 p.m.174 views

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture. Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities...

10CVSS9.3AI score0.99999EPSS
Exploits153
Information Security Automation
Information Security Automation
added 2023/09/30 7:31 p.m.100 views

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM. Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went...

9.8CVSS9.3AI score0.99999EPSS
Exploits342
Information Security Automation
Information Security Automation
added 2023/08/30 4:15 p.m.206 views

August 2023: GitHub PoCs, Vulristics, Qualys First-Party, Tenable ExposureAI, SC Awards and Rapid7, Anglo-Saxon list, MS Patch Tuesday, WinRAR, Juniper

August 2023: GitHub PoCs, Vulristics, Qualys First-Party, Tenable ExposureAI, SC Awards and Rapid7, Anglo-Saxon list, MS Patch Tuesday, WinRAR, Juniper. Hello everyone! This month I decided NOT to make an episode completely dedicated to Microsoft Patch Tuesday. Instead, this episode will be an...

10CVSS8.4AI score0.99945EPSS
Exploits169
Information Security Automation
Information Security Automation
added 2023/07/28 9:37 a.m.134 views

Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs

Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs. Hello everyone! This episode will be about Microsoft Patch Tuesday for July 2023, including vulnerabilities that were added between June and July Patch Tuesdays...

9.8CVSS9.2AI score0.99083EPSS
Exploits8
Total number of security vulnerabilities389