Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-10473 |
Description: The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.
EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-0854 |
Description: URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
CVSS: MEDIUM (5.4) EPSS Score: 0.06%
November 29th, 2024 (5 months ago)
|
|
CVE-2023-0142 |
Description: Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.
CVSS: MEDIUM (6.5) EPSS Score: 0.08%
November 29th, 2024 (5 months ago)
|
|
Description: Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges.
"These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality,
November 28th, 2024 (5 months ago)
|
|
|
Description: The Tor Project has put out an urgent call to the privacy community asking volunteers to help deploy 200 new WebTunnel bridges by the end of the year to fight government censorship. [...]
November 28th, 2024 (5 months ago)
|
|
|
Description: Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is
November 28th, 2024 (5 months ago)
|
|
|
Description: Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems.
The package, named @0xengine/xmlrpc, was originally published on October 2, 2023 as a JavaScript-based XML-RPC
November 28th, 2024 (5 months ago)
|
|
|
Description: Major UK healthcare provider Wirral University Teaching Hospital (WUTH), part of the NHS Foundation Trust, has suffered a cyberattack that caused a systems outage leading to postponing appointments and scheduled procedures. [...]
November 28th, 2024 (5 months ago)
|
|
|
Description: A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024.
"Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday. "The technique
November 28th, 2024 (5 months ago)
|
|
|
Description: New presentation includes voiceover and insights on ransomware attack on the British Library.
November 28th, 2024 (5 months ago)
|