Akira Ransomware Victim: Bauwerk Boen Group
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: Mozilla Releases Security Updates for Firefox and Thunderbird
Mozilla Releases Security Updates for Firefox and Thunderbird Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird....
CISA: Adobe Releases Security Updates for ColdFusion
Adobe Releases Security Updates for ColdFusion On Nov. 14, 2023, Adobe released security updates addressing vulnerabilities affecting unpatched ColdFusion software....
CISA: CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development
CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development Today, in a landmark collaboration, the U.S. Cybersecurity...
CISA: CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed
CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed Today, the Cybersecurity and Infrastructure Security...
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Releases First Secure by Design Alert
CISA Releases First Secure by Design Alert Today, CISA published guidance on How Software Manufacturers Can Shield Web Management Interfaces...
CISA: CISA Releases Four Industrial Control Systems Advisories
CISA Releases Four Industrial Control Systems Advisories CISA released four Industrial Control Systems (ICS) advisories on November 28, 2023. These...
CISA: Exploitation of Unitronics PLCs used in Water and Wastewater Systems
Exploitation of Unitronics PLCs used in Water and Wastewater Systems CISA is responding to active exploitation(link is external) of Unitronics...
CISA: CISA Releases Four Industrial Control Systems Advisories
CISA Releases Four Industrial Control Systems Advisories CISA released four Industrial Control Systems (ICS) advisories on November 30, 2023. These...
Absis cross-site scripting | CVE-2023-49029
NAME__________Absis cross-site scriptingPlatforms Affected:absis absis 2017-10-19Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Absis is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Klive SQL injection | CVE-2023-49030
NAME__________Klive SQL injectionPlatforms Affected:32ns klive 2019-1-19Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Klive is vulnerable to SQL injection. A remote attacker could send specially...
Zyxel ATP and USG FLEX series devices denial of service | CVE-2023-37926
NAME__________Zyxel ATP and USG FLEX series devices denial of servicePlatforms Affected:Zyxel ATP series 5.10 Zyxel ATP series 5.37 Zyxel USG...
aio-libs aiohttp CRLF injection | CVE-2023-49081
NAME__________aio-libs aiohttp CRLF injectionPlatforms Affected:aio-libs aiohttp 3.8.6Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________aio-libs aiohttp is vulnerable to CRLF injection, caused by improper input...
CarrierWave cross-site scripting | CVE-2023-49090
NAME__________CarrierWave cross-site scriptingPlatforms Affected:CarrierWave CarrierWave 2.2.4 CarrierWave CarrierWave 3.0.4Risk Level:6.8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________CarrierWave is vulnerable to cross-site scripting, caused by improper...
Zyxel ATP and USG FLEX series devices information disclosure | CVE-2023-35136
NAME__________Zyxel ATP and USG FLEX series devices information disclosurePlatforms Affected:Zyxel ATP series 5.10 Zyxel ATP series 5.37 Zyxel USG FLEX...
Oro OroCalendarBundle information disclosure | CVE-2023-32063
NAME__________Oro OroCalendarBundle information disclosurePlatforms Affected:Oro OroCalendarBundle 4.2.0 Oro OroCalendarBundle 4.2.5Risk Level:5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Oro OroCalendarBundle could allow a remote authenticated attacker...
Oro OroCommerce information disclosure | CVE-2023-32065
NAME__________Oro OroCommerce information disclosurePlatforms Affected:OroCommerce OroCommerce 4.1.0 OroCommerce OroCommerce 4.2.0 OroCommerce OroCommerce 5.0.0 OroCommerce OroCommerce 4.1.13 OroCommerce OroCommerce 4.2.10 OroCommerce...
Oro OroCommerce information disclosure | CVE-2023-32064
NAME__________Oro OroCommerce information disclosurePlatforms Affected:OroCommerce OroCommerce 4.1.0 OroCommerce OroCommerce 4.2.0 OroCommerce OroCommerce 5.0.0 OroCommerce OroCommerce 4.1.13 OroCommerce OroCommerce 4.2.10 OroCommerce...
Oro OroPlatform information disclosure | CVE-2023-32062
NAME__________Oro OroPlatform information disclosurePlatforms Affected:Oro OroPlatform 4.2.0 Oro OroPlatform 4.1.0 Oro OroPlatform 3.1.0Risk Level:5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Oro OroPlatform could allow a...
Absis cross-site scripting | CVE-2023-49028
NAME__________Absis cross-site scriptingPlatforms Affected:absis absis 2017-10-19Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Absis is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
aio-libs aiohttp CRLF injection | CVE-2023-49082
NAME__________aio-libs aiohttp CRLF injectionPlatforms Affected:aio-libs aiohttp 3.8.6Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________aio-libs aiohttp is vulnerable to CRLF injection, caused by improper input...
GitLab Community and Enterprise Edition security bypass | CVE-2023-3964
NAME__________GitLab Community and Enterprise Edition security bypassPlatforms Affected:GitLab Enterprise Edition 16.4.0 GitLab Enterprise Edition 16.5.0 GitLab Community Edition 16.5.0 GitLab...
