Aggregator
友情转发:智驾汽车电子数据取证与分析培训班正在报名 | 中汽研主办弘德网协办
5 months 1 week ago
友情转发:智驾汽车电子数据取证与分析培训班正在报名 | 中汽研主办弘德网协办
5 months 1 week ago
友情转发:智驾汽车电子数据取证与分析培训班正在报名 | 中汽研主办弘德网协办
5 months 1 week ago
友情转发:智驾汽车电子数据取证与分析培训班正在报名 | 中汽研主办弘德网协办
5 months 1 week ago
Resurgence of In-The-Wild Activity Targeting Critical ServiceNow Vulnerabilities
5 months 1 week ago
GreyNoise has identified a notable resurgence of in-the-wild activity targeting three ServiceNow vulnerabilities: "Resurgence of in-the-wild Activity targeting critical ServiceNow vulns. Overwhelming majority of traffic hitting Israel.
ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns
5 months 1 week ago
Trend Zero Day Initiative™ (ZDI) uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373 (aka ZDI-25-148), a Windows .lnk file vulnerability that enables hidden command execution.
Peter Girnus
[webapps] Chamilo LMS 1.11.24 - Remote Code Execution (RCE)
5 months 1 week ago
Chamilo LMS 1.11.24 - Remote Code Execution (RCE)
SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware
5 months 1 week ago
Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks.
Adam O'Connor
破局证券IT困境,威努特超融合引领数字化转型新浪潮
5 months 1 week ago
助力证券行业构建安全、高效、敏捷的数字化基础设施。
破局证券IT困境,威努特超融合引领数字化转型新浪潮
5 months 1 week ago
助力证券行业构建安全、高效、敏捷的数字化基础设施。
UK NHS API Flaw Exposes Critical Mobile Security Risks
5 months 1 week ago
A recent vulnerability discovered in an UK National Health Service HS API has once again highlighted the risks associated with insecure mobile application programming interfaces (APIs). The flaw reportedly allowed unauthorized access to sensitive patient data, raising serious concerns about the security of healthcare applications.
The post UK NHS API Flaw Exposes Critical Mobile Security Risks appeared first on Security Boulevard.
Ted Miracco
CVE-2024-20400 | Cisco TelePresence Video Communication Server Expressway Web-based Management Interface redirect (cisco-sa-expressway-redirect-KJsFuXgj)
5 months 1 week ago
A vulnerability, which was classified as problematic, has been found in Cisco TelePresence Video Communication Server Expressway. This issue affects some unknown processing of the component Web-based Management Interface. The manipulation leads to open redirect.
The identification of this vulnerability is CVE-2024-20400. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-38870 | Zoho ManageEngine OpManager up to 128103/128237/128249 Reports cross site scripting
5 months 1 week ago
A vulnerability was found in Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition up to 128103/128237/128249. It has been declared as problematic. This vulnerability affects unknown code of the component Reports. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2024-38870. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-40641 | projectdiscovery nuclei up to 3.3.0 os command injection
5 months 1 week ago
A vulnerability, which was classified as critical, was found in projectdiscovery nuclei up to 3.3.0. This affects an unknown part. The manipulation leads to os command injection.
This vulnerability is uniquely identified as CVE-2024-40641. Local access is required to approach this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-28796 | IBM ClearQuest up to 9.1.0.6 Web UI intended cross site scripting (XFDB-286833)
5 months 1 week ago
A vulnerability was found in IBM ClearQuest up to 9.1.0.6. It has been rated as problematic. Affected by this issue is the function intended of the component Web UI. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2024-28796. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
谷歌发布开源版OSV扫描工具,助力漏洞检测
5 months 1 week ago
谷歌发布开源版OSV-Scanner V2,全面升级漏洞检测功能,支持多种依赖项和容器镜像扫描,帮助开发者快速识别和修复关键安全漏洞。
CVE-2024-40119 | Nepstech NTPL-Xpon1GFEVN 2.0.1 Password Change cross-site request forgery
5 months 1 week ago
A vulnerability, which was classified as problematic, was found in Nepstech NTPL-Xpon1GFEVN 2.0.1. Affected is an unknown function of the component Password Change Handler. The manipulation leads to cross-site request forgery.
This vulnerability is traded as CVE-2024-40119. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-39124 | Roundup up to 2.3.x _generic.help.html classhelpers cross site scripting
5 months 1 week ago
A vulnerability has been found in Roundup up to 2.3.x and classified as problematic. Affected by this vulnerability is the function classhelpers of the file _generic.help.html. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2024-39124. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-43971 | ACG-faka 1.1.7 Index.php encode cross site scripting
5 months 1 week ago
A vulnerability was found in ACG-faka 1.1.7. It has been classified as problematic. This affects an unknown part of the file Index.php. The manipulation of the argument encode leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2023-43971. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com