New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw
The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass...
CISA: Guidance: Assembling a Group of Products for SBOM
Guidance: Assembling a Group of Products for SBOM Today, CISA published Guidance on Assembling a Group of Products created by the Software...
CISA: Updated: New Software Updates and Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways
Updated: New Software Updates and Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways Note: CISA...
CISA: Juniper Networks Releases Security Bulletin for J-Web in Junos OS SRX Series and EX Series
Juniper Networks Releases Security Bulletin for J-Web in Junos OS SRX Series and EX Series Juniper Networks released a security...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Releases Eight Industrial Control Systems Advisories
CISA Releases Eight Industrial Control Systems Advisories CISA released eight Industrial Control Systems (ICS) advisories on January 30, 2024. These...
CISA: Juniper Networks Releases Security Bulletin for Juniper Secure Analytics
Juniper Networks Releases Security Bulletin for Juniper Secure Analytics Juniper Networks released a security bulletin to address multiple vulnerabilities affecting...
CISA: CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers
CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers Today, CISA and the...
CISA: Moby and Open Container Initiative Release Critical Updates for Multiple Vulnerabilities Affecting Docker-related Components
Moby and Open Container Initiative Release Critical Updates for Multiple Vulnerabilities Affecting Docker-related Components Moby and the Open Container Initiative...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Releases Two Industrial Control Systems Advisories
CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on February 1, 2024. These...
HackerOne Bug Bounty Disclosure: hackerone-saml-signup-domain-enforcement-bypass-results-in-unauthorized-access-to-hackerone-pullrequest-organization–xacb
Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:0xacbLink to Submitters Profile:https://hackerone.com/0xacb Report Title:HackerOne SAML signup domain enforcement bypass results...
HackerOne Bug Bounty Disclosure: account-creation-with-invalid-email-addresses-email-is-accepting-and-d-a-line-termination-chars-resett-r
Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:resett3rLink to Submitters Profile:https://hackerone.com/resett3r Report Title:Account creation with invalid email addresses /...
TablePress server-side request forgery | CVE-2024-23825
NAME__________TablePress server-side request forgeryPlatforms Affected:TablePress TablePress 2.2.4Risk Level:3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________TablePress is vulnerable to server-side request forgery, caused by improper filtering...
GoReleaser information disclosure | CVE-2024-23840
NAME__________GoReleaser information disclosurePlatforms Affected:GoReleaser GoReleaser 1.23.0Risk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________GoReleaser could allow a local authenticated attacker to obtain sensitive information, caused...
Emerson Rosemount GC370XA, GC700XA, GC1500XA information disclosure | CVE-2023-43609
NAME__________Emerson Rosemount GC370XA, GC700XA, GC1500XA information disclosurePlatforms Affected:Emerson Rosemount GC370XA Emerson Rosemount GC700XA Emerson Rosemount GC1500XARisk Level:6.9Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Emerson Rosemount...
SEO Panel cross-site request forgery | CVE-2024-22643
NAME__________SEO Panel cross-site request forgeryPlatforms Affected:SEO Panel SEO Panel 4.10.0Risk Level:6.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________SEO Panel is vulnerable to cross-site request forgery,...
Discourse cross-site scripting | CVE-2024-23834
NAME__________Discourse cross-site scriptingPlatforms Affected:Discourse Discourse 2.1.4 Discourse Discourse 3.2.0.beta4Risk Level:6.3Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Discourse is vulnerable to cross-site scripting, caused by improper...
SEO Panel server-side request forgery | CVE-2024-22648
NAME__________SEO Panel server-side request forgeryPlatforms Affected:SEO Panel SEO Panel 4.10.0Risk Level:5.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________SEO Panel is vulnerable to server-side request forgery,...
facileManager cross-site scripting | CVE-2024-24571
NAME__________facileManager cross-site scriptingPlatforms Affected:facileManager facileManager 4.5.0Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________facileManager is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Bref weak security | CVE-2024-24753
NAME__________Bref weak securityPlatforms Affected:Bref Bref 2.1.12Risk Level:4.8Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Bref could provide weaker than expected security, caused by multiple...
SEO Panel information disclosure | CVE-2024-22646
NAME__________SEO Panel information disclosurePlatforms Affected:SEO Panel SEO Panel 4.10.0Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________SEO Panel could allow a remote attacker to obtain...
HCL BigFix ServiceNow Data Flow code execution | CVE-2023-37518
NAME__________HCL BigFix ServiceNow Data Flow code executionPlatforms Affected:HCL BigFix ServiceNow Data Flow 1.2Risk Level:6.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________HCL BigFix ServiceNow Data Flow...
facileManager SQL injection | CVE-2024-24572
NAME__________facileManager SQL injectionPlatforms Affected:facileManager facileManager 4.5.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________facileManager is vulnerable to SQL injection. A remote authenticated attacker could send...
