CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA Adds Three Known Exploited Vulnerabilities to Catalog CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
US-CERT Vulnerability Summary for the Week of March 18, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
HackerOne Bug Bounty Disclosure: creation-of-bounties-through-customer-api-leads-to-private-email-disclosure–verw-tch
Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:0verw4tchLink to Submitters Profile:https://hackerone.com/0verw4tch Report Title:Creation of bounties through Customer API leads...
HackerOne Bug Bounty Disclosure: view-any-user-email-using-the-team-s-audit-log-section–verw-tch
Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:0verw4tchLink to Submitters Profile:https://hackerone.com/0verw4tch Report Title:View any user email using the Team's...
CISA: CISA Releases Four Industrial Control Systems Advisories
CISA Releases Four Industrial Control Systems Advisories CISA released four Industrial Control Systems (ICS) advisories on March 26, 2024. These...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
Akira Ransomware Victim: Calida
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Akira Ransomware Victim: European Centre for Compensation
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Akira Ransomware Victim: Vita IT
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Sentrifugo cross-site scripting | CVE-2024-29877
NAME__________Sentrifugo cross-site scriptingPlatforms Affected:Sentrifugo Sentrifugo 3.2Risk Level:7.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Sentrifugo is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Advantech WebAccess/SCADA SQL injection | CVE-2024-2453
NAME__________Advantech WebAccess/SCADA SQL injectionPlatforms Affected:Advantech WebAccess/SCADA 9.1.5URisk Level:6.4Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Advantech WebAccess/SCADA is vulnerable to SQL injection. A remote authenticated attacker...
GitHub Enterprise Server cross-site request forgery | CVE-2024-2748
NAME__________GitHub Enterprise Server cross-site request forgeryPlatforms Affected:GitHub Enterprise Server 3.12.0Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________GitHub Enterprise Server is vulnerable to cross-site request...
Sentrifugo cross-site scripting | CVE-2024-29879
NAME__________Sentrifugo cross-site scriptingPlatforms Affected:Sentrifugo Sentrifugo 3.2Risk Level:7.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Sentrifugo is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Logpoint cross-site scripting | CVE-2024-29865
NAME__________Logpoint cross-site scriptingPlatforms Affected:Logpoint Logpoint 7.0.1Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Logpoint is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Sentrifugo cross-site scripting | CVE-2024-29878
NAME__________Sentrifugo cross-site scriptingPlatforms Affected:Sentrifugo Sentrifugo 3.2Risk Level:7.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Sentrifugo is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Datalust Seq privilege escalation | CVE-2024-29866
NAME__________Datalust Seq privilege escalationPlatforms Affected:Datalust SeqRisk Level:7.2Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Datalust Seq could allow a remote authenticated attacker to gain elevated privileges...
JetBrains TeamCity privilege escalation | CVE-2024-29880
NAME__________JetBrains TeamCity privilege escalationPlatforms Affected:JetBrains TeamCityRisk Level:4.2Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________JetBrains TeamCity could allow a local authenticated attacker to gain elevated privileges...
Simple File Manager Web App file upload | CVE-2024-2849
NAME__________Simple File Manager Web App file uploadPlatforms Affected:Sourcecodester Simple File Manager Web App 1.0Risk Level:6.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Simple File...
Microsoft .NET Framework information disclosure | CVE-2024-29059
NAME__________Microsoft .NET Framework information disclosurePlatforms Affected:Microsoft Microsoft .NET Framework 4.8 4.8.0 Microsoft Microsoft .NET Framework 3.5 AND 4.8 4.8.0 Microsoft...
EmbedPress plugin for WordPress cross-site scripting | CVE-2024-2468
NAME__________EmbedPress plugin for WordPress cross-site scriptingPlatforms Affected:WordPress WordPress WordPress EmbedPress Plugin for WordPress 3.9.5 WordPress EmbedPress Plugin for WordPress 3.9.8Risk...
Sourcecodester PHP Task Management System SQL injection | CVE-2024-29302
NAME__________Sourcecodester PHP Task Management System SQL injectionPlatforms Affected:SourceCodester PHP Task Management System 1.0Risk Level:5.4Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Sourcecodester PHP Task Management System...
WiX Toolset security bypass | CVE-2024-29188
NAME__________WiX Toolset security bypassPlatforms Affected:WiX Toolset WiX Toolset 4.0.4Risk Level:7.9Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________WiX Toolset could allow a local authenticated attacker to...
Microsoft Edge (Chromium-based) spoofing | CVE-2024-29057
NAME__________Microsoft Edge (Chromium-based) spoofingPlatforms Affected:Microsoft Microsoft Edge (Chromium-based) 1.0.0Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Microsoft Edge (Chromium-based) could allow a remote attacker to...
