Alleged Iranian threat actors leak the code of their CodeRAT malware
The author of the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub. The...
Daily Vulnerability Trends: Sun Sep 04 2022
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-28799The TikTok application before 23.7.3 for Android allows account takeover. A crafted...
Security Affairs newsletter Round 382
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
HackerOne Bug Bounty Disclosure: password-disclosure-in-initial-setup-of-mail-appbyanna_larch
Programme HackerOne Nextcloud Nextcloud Submitted by anna_larch anna_larch Report Password disclosure in initial setup of Mail App Full Report A...
HackerOne Bug Bounty Disclosure: brute-force-protections-don’t-workbynickvergessen
Programme HackerOne Nextcloud Nextcloud Submitted by nickvergessen nickvergessen Report Brute force protections don't work Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: federated-share-accepting/declining-is-not-logged-in-audit-logbyrtod
Programme HackerOne Nextcloud Nextcloud Submitted by rtod rtod Report Federated share accepting/declining is not logged in audit log Full Report...
HackerOne Bug Bounty Disclosure: unauthenticated-ssrf-in-3rd-party-module-“cerdic/csstidy”byeg42
Programme HackerOne Nextcloud Nextcloud Submitted by eg42 eg42 Report Unauthenticated SSRF in 3rd party module "cerdic/csstidy" Full Report A considerable...
HackerOne Bug Bounty Disclosure: weak/auto-fill-passwordbyharrisoft
Programme HackerOne MTN Group MTN Group Submitted by harrisoft harrisoft Report Weak/Auto Fill Password Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: path-traversal-vulnerability-in-grafana-8-x-allows-“-local-file-read-“bya-heybati
Programme HackerOne MTN Group MTN Group Submitted by a-heybati a-heybati Report path traversal vulnerability in Grafana 8.x allows " local...
Google rolled out emergency fixes to address actively exploited Chrome zero-day
Google rolled out emergency fixes to address a vulnerability in the Chrome web browser that is being actively exploited in...
ApacheTomcatScanner – A Python Script To Scan For Apache Tomcat Server Vulnerabilities
A python script to scan for Apache Tomcat server vulnerabilities. FeaturesMultithreaded workers to search for Apache tomcat servers.Multiple target source...
Apache OFBiz code execution | CVE-2022-25813
NAME Apache OFBiz code execution Platforms Affected:Apache OFBiz 18.12.05Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Apache OFBiz could allow a remote attacker to...
Node.js lit-payment-form module code execution |
NAME Node.js lit-payment-form module code execution Platforms Affected:Node.js lit-payment-formRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js lit-payment-form module could allow a remote attacker...
Node.js priv-depen module code execution |
NAME Node.js priv-depen module code execution Platforms Affected:Node.js priv-depenRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js priv-depen module could allow a remote attacker...
PowerCMS command execution | CVE-2022-33941
NAME PowerCMS command execution Platforms Affected:Alfasado PowerCMS 5.19 Alfasado PowerCMS 4.49 Alfasado PowerCMS 3.295Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION PowerCMS could allow...
Node.js sketch-pexels module code execution |
NAME Node.js sketch-pexels module code execution Platforms Affected:Node.js sketch-pexelsRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js sketch-pexels module could allow a remote attacker...
Apache Airflow session hijacking | CVE-2022-38054
NAME Apache Airflow session hijacking Platforms Affected:Apache Airflow 2.2.4 Apache Airflow 2.3.3Risk Level:9.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Apache Airflow could allow a...
Node.js osds module code execution |
NAME Node.js osds module code execution Platforms Affected:Node.js osdsRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js osds module could allow a remote attacker...
Node.js request-slack-invite module code execution |
NAME Node.js request-slack-invite module code execution Platforms Affected:Node.js request-slack-inviteRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js request-slack-invite module could allow a remote attacker...
Apache OFBiz code execution | CVE-2022-29063
NAME Apache OFBiz code execution Platforms Affected:Apache OFBiz 18.12.05Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Apache OFBiz could allow a remote attacker to...
Node.js pqc.js module code execution |
NAME Node.js pqc.js module code execution Platforms Affected:Node.js pqc.jsRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js pqc.js module could allow a remote attacker...
Node.js s3-state-action module code execution |
NAME Node.js s3-state-action module code execution Platforms Affected:Node.js s3-state-actionRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js s3-state-action module could allow a remote attacker...
Node.js nsmalkasm module code execution |
NAME Node.js nsmalkasm module code execution Platforms Affected:Node.js nsmalkasmRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js nsmalkasm module could allow a remote attacker...
Node.js node-network-listener module code execution |
NAME Node.js node-network-listener module code execution Platforms Affected:Node.js node-network-listenerRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js node-network-listener module could allow a remote attacker...
