Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks.
December 10th, 2024 (5 months ago)
|
|
|
Description: A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-12369
https://access.redhat.com/security/cve/CVE-2024-12369
https://bugzilla.redhat.com/show_bug.cgi?id=2331178
https://github.com/advisories/GHSA-4v5x-9m47-cqr2
December 10th, 2024 (5 months ago)
|
|
|
Description: Ivanti warned customers on Tuesday about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. [...]
December 10th, 2024 (5 months ago)
|
|
|
Description: Microsoft has released the KB5048652 cumulative update for Windows 10 22H2, which contains six fixes, including a fix that prevented Windows 10 from activating when you change a device's motherboard. [...]
December 10th, 2024 (5 months ago)
|
|
|
Description: Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. [...]
December 10th, 2024 (5 months ago)
|
|
|
Description: Because the streaming service website offers no content restrictions, attackers are able to hijack and manipulate live streams.
December 10th, 2024 (5 months ago)
|
|
|
Description: Microsoft has released the Windows 11 KB5048667 and KB5048685 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]
December 10th, 2024 (5 months ago)
|
|
|
Description: Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-21542
https://github.com/spotify/luigi/issues/3301
https://github.com/spotify/luigi/commit/b5d1b965ead7d9f777a3216369b5baf23ec08999
https://github.com/spotify/luigi/releases/tag/v3.6.0
https://security.snyk.io/vuln/SNYK-PYTHON-LUIGI-7830489
https://github.com/advisories/GHSA-8qch-vj6m-2694
December 10th, 2024 (5 months ago)
|
|
|
Description: Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-55586
https://github.com/CSIRTTrizna/CVE-2024-55586
https://github.com/nette/database/releases
https://www.csirt.sk/nette-framework-vulnerability-permits-sql-injection.html
https://github.com/advisories/GHSA-f626-677r-j5vq
December 10th, 2024 (5 months ago)
|
|
|
Description: The Federal Trade Commission (FTC) is distributing over $72 million in Epic Game Fortnite refunds for the company's use of dark patterns to trick players into making unwanted purchases. [...]
December 10th, 2024 (5 months ago)
|