Spacecolon Toolset Fuels Global Surge in Scarab Ransomware Attacks
A malicious toolset dubbed Spacecolon is being deployed as part of an ongoing campaign to spread variants of the Scarab...
Syrian Threat Actor EVLF Unmasked as Creator of CypherRAT and CraxsRAT Android Malware
A Syrian threat actor named EVLF has been outed as the creator of malware families CypherRAT and CraxsRAT. "These RATs...
TPLink Smart bulb Tapo series L530 and Tapo Application information disclosure | CVE-2023-38906
NAME__________TPLink Smart bulb Tapo series L530 and Tapo Application information disclosurePlatforms Affected:TPLink Smart bulb Tapo series L530 1.0.0 TPLink Tapo...
IBM Robotic Process Automation information disclosure | CVE-2023-40370
NAME__________IBM Robotic Process Automation information disclosurePlatforms Affected:IBM Robotic Process Automation 21.0.0 IBM Robotic Process Automation 21.0.7.1Risk Level:3.7Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________IBM Robotic...
TPLink Smart bulb Tapo series L530 and Tapo Application information disclosure | CVE-2023-38909
NAME__________TPLink Smart bulb Tapo series L530 and Tapo Application information disclosurePlatforms Affected:TPLink Smart bulb Tapo series L530 1.0.0 TPLink Tapo...
Puma HTTP request smuggling | CVE-2023-40175
NAME__________Puma HTTP request smugglingPlatforms Affected:Puma Puma 5.6.6 Puma Puma 6.3.0Risk Level:7.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Puma is vulnerable to HTTP request smuggling, caused...
EnterpriseDB Postgres Advanced Server UTL_ENCODE information disclosure |
NAME__________EnterpriseDB Postgres Advanced Server UTL_ENCODE information disclosurePlatforms Affected:EnterpriseDB Postgres Advanced Server 11.21 EnterpriseDB Postgres Advanced Server 12.16 EnterpriseDB Postgres Advanced...
Typora directory traversal | CVE-2023-2316
NAME__________Typora directory traversalPlatforms Affected:Typora Typora 1.6.0 Typora Typora 1.5.0Risk Level:6.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Typora could allow a remote attacker to traverse directories...
TPLink Smart bulb Tapo series L530 and Tapo Application information disclosure | CVE-2023-38908
NAME__________TPLink Smart bulb Tapo series L530 and Tapo Application information disclosurePlatforms Affected:TPLink Smart bulb Tapo series L530 1.0.0 TPLink Tapo...
Veilid denial of service | CVE-2023-40711
NAME__________Veilid denial of servicePlatforms Affected:Veilid Veilid 0.1.8Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Veilid is vulnerable to a denial of service, caused by...
Cockpit cross-site scripting | CVE-2023-4451
NAME__________Cockpit cross-site scriptingPlatforms Affected:Cockpit-HQ Cockpit 2.6.3Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Cockpit is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
IBM Robotic Process Automation privilege escalation | CVE-2023-38734
NAME__________IBM Robotic Process Automation privilege escalationPlatforms Affected:IBM Robotic Process Automation 21.0.0 IBM Robotic Process Automation 23.0.0 IBM Robotic Process Automation...
3CX privilege escalation | CVE-2023-27362
NAME__________3CX privilege escalationPlatforms Affected:3CX Phone Management System 18Risk Level:7Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________3CX could allow a local authenticated attacker to gain elevated...
Sourceforge DoorGets CMS information disclosure |
NAME__________Sourceforge DoorGets CMS information disclosurePlatforms Affected:Sourceforge DoorGets CMS 7.0Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Sourceforge DoorGets CMS could allow a remote attacker to...
EnterpriseDB Postgres Advanced Server UTL_FILE security bypass |
NAME__________EnterpriseDB Postgres Advanced Server UTL_FILE security bypassPlatforms Affected:EnterpriseDB Postgres Advanced Server 11.21 EnterpriseDB Postgres Advanced Server 12.16 EnterpriseDB Postgres Advanced...
IBM Robotic Process Automation information disclosure | CVE-2023-38732
NAME__________IBM Robotic Process Automation information disclosurePlatforms Affected:IBM Robotic Process Automation 21.0.0 IBM Robotic Process Automation 21.0.7Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________IBM Robotic...
EnterpriseDB Postgres Advanced Server DBMS_PROFILER security bypass |
NAME__________EnterpriseDB Postgres Advanced Server DBMS_PROFILER security bypassPlatforms Affected:EnterpriseDB Postgres Advanced Server 11.21 EnterpriseDB Postgres Advanced Server 12.16 EnterpriseDB Postgres Advanced...
EnterpriseDB Postgres Advanced Server DBMS_MVIEW security bypass |
NAME__________EnterpriseDB Postgres Advanced Server DBMS_MVIEW security bypassPlatforms Affected:EnterpriseDB Postgres Advanced Server 11.21 EnterpriseDB Postgres Advanced Server 12.16 EnterpriseDB Postgres Advanced...
20script Fara Melk Estate CMS information disclosure |
NAME__________20script Fara Melk Estate CMS information disclosurePlatforms Affected:20script Fara Melk Estate CMS 1.5.0Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________20script Fara Melk Estate CMS...
Devolutions Remote Desktop Manager security bypass | CVE-2023-4373
NAME__________Devolutions Remote Desktop Manager security bypassPlatforms Affected:Devolutions Remote Desktop Manager 2023.2.19Risk Level:4.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Devolutions Remote Desktop Manager could allow a...
EnterpriseDB Postgres Advanced Server get_url_as_text and get_url_as_bytea information disclosure |
NAME__________EnterpriseDB Postgres Advanced Server get_url_as_text and get_url_as_bytea information disclosurePlatforms Affected:EnterpriseDB Postgres Advanced Server 11.21 EnterpriseDB Postgres Advanced Server 12.16 EnterpriseDB...
IBM Robotic Process Automation information disclosure | CVE-2023-38733
NAME__________IBM Robotic Process Automation information disclosurePlatforms Affected:IBM Robotic Process Automation 21.0.0 IBM Robotic Process Automation 23.0.0 IBM Robotic Process Automation...
ASUSTOR Data Master security bypass | CVE-2023-4475
NAME__________ASUSTOR Data Master security bypassPlatforms Affected:ASUSTOR Data Master 4.0 ASUSTOR Data Master 4.1 ASUSTOR Data Master 4.2Risk Level:7.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________ASUSTOR...
Trane Thermostats command execution | CVE-2023-4212
NAME__________Trane Thermostats command executionPlatforms Affected:Trane Technologies XL824 Thermostat Firmware 5.9.8 Trane Technologies XL850 Thermostat Firmware 5.9.8 Trane Technologies XL1050 Thermostat...
