Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service
More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics...
Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on...
Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family
A new ransomware family called 3AM has emerged in the wild after it was detected in a single incident in...
How Cyberattacks Are Transforming Warfare
There is a new battlefield. It is global and challenging to defend. What began with a high-profile incident back in...
Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws
Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been...
Webinar: Identity Threat Detection & Response (ITDR) – Rips in Your Identity Fabric
In today's digital age, SaaS applications have become the backbone of modern businesses. They streamline operations, enhance productivity, and foster...
Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages
Microsoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as...
Apple macOS Monterey information disclosure | CVE-2023-40440
NAME__________Apple macOS Monterey information disclosurePlatforms Affected:Apple macOS Monterey 12.6.7Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple macOS Monterey could allow a remote attacker to...
Simple Download Counter plugin for WordPress cross-site scripting | CVE-2023-4838
NAME__________Simple Download Counter plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Simple Download Counter Plugin for WordPress 1.6Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Simple Download...
Cockpit CMS file upload | CVE-2023-41564
NAME__________Cockpit CMS file uploadPlatforms Affected:Cockpit-HQ Cockpit 2.6.3Risk Level:5.3Exploitability:UnprovenConsequences:File Manipulation DESCRIPTION__________Cockpit CMS could allow a remote attacker to upload arbitrary files,...
Argo CD denial of service | CVE-2023-40584
NAME__________Argo CD denial of servicePlatforms Affected:Argo Project Argo CD 2.6.13 Argo Project Argo CD 2.7.11 Argo Project Argo CD 2.8.0...
Apple iOS and iPadOS code execution | CVE-2023-41990
NAME__________Apple iOS and iPadOS code executionPlatforms Affected:Apple iOS 16.2 Apple iPadOS 16.2Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Apple iOS and iPadOS could allow...
Samsung Exynos Mobile Processor and Wearable Processor denial of service | CVE-2023-37377
NAME__________Samsung Exynos Mobile Processor and Wearable Processor denial of servicePlatforms Affected:Samsung Exynos Mobile Processor Samsung Exynos Wearable ProcessorRisk Level:2Exploitability:UnprovenConsequences:Denial of...
Apple macOS Big Sur information disclosure | CVE-2023-40442
NAME__________Apple macOS Big Sur information disclosurePlatforms Affected:Apple macOS Big Sur 11.7.8Risk Level:3.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple macOS Big Sur could allow a...
Microsoft Visual Studio privilege escalation | CVE-2023-36759
NAME__________Microsoft Visual Studio privilege escalationPlatforms Affected:Microsoft Visual Studio 2019 16.11 Microsoft Visual Studio 2022 17.2 Microsoft Visual Studio 2022 17.4...
Samsung Exynos Mobile Processor, Automotive Processor, and Modem denial of service | CVE-2023-37368
NAME__________Samsung Exynos Mobile Processor, Automotive Processor, and Modem denial of servicePlatforms Affected:Samsung Exynos Mobile Processor Samsung Automotive Processor Samsung ModemRisk...
Adobe Experience Manager cross-site scripting | CVE-2023-38215
NAME__________Adobe Experience Manager cross-site scriptingPlatforms Affected:Adobe Experience Manager Cloud Service (CS) Adobe Experience Manager 6.5.18.0Risk Level:5.4Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Adobe Experience Manager...
NVIDIA BlueField Data Processing Unit privilege escalation | CVE-2023-25519
NAME__________NVIDIA BlueField Data Processing Unit privilege escalationPlatforms Affected:NVIDIA BlueField Data Processing UnitRisk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________NVIDIA BlueField Data Processing Unit could...
SAP BusinessObjects Business Intelligence Platform information disclosure | CVE-2023-37489
NAME__________SAP BusinessObjects Business Intelligence Platform information disclosurePlatforms Affected:SAP BusinessObjects Business Intelligence Platform 430Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________SAP BusinessObjects Business Intelligence Platform...
SAP NetWeaver information disclosure | CVE-2023-41367
NAME__________SAP NetWeaver information disclosurePlatforms Affected:SAP NetWeaver 7.50Risk Level:5.8Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________SAP NetWeaver could allow a remote attacker to obtain sensitive information,...
Blood Bank & Donor Management cross-site scripting | CVE-2023-41575
NAME__________Blood Bank & Donor Management cross-site scriptingPlatforms Affected:PHPGurukul Blood Bank & Donor Management 2.2Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Blood Bank & Donor...
Crow response splitting | CVE-2023-26142
NAME__________Crow response splittingPlatforms Affected:Crow Crow 1.0+5Risk Level:6.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Crow is vulnerable to HTTP response splitting attacks, caused by a CRLF...
Siemens QMS Automotive security bypass | CVE-2023-40728
NAME__________Siemens QMS Automotive security bypassPlatforms Affected:Siemens QMS AutomotiveRisk Level:7.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Siemens QMS Automotive could allow a local attacker to bypass...
Microsoft Windows Kernel privilege escalation | CVE-2023-38139
NAME__________Microsoft Windows Kernel privilege escalationPlatforms Affected:Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 x32 Microsoft Windows...
