NAME__________Pay cross-site scriptingPlatforms Affected:Pay Pay 6.3.1Risk Level:7.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Pay is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
NAME__________Oracle Java SE, Oracle GraalVM Enterprise Edition unspecifiedPlatforms Affected:Oracle Java SE 8u361 Oracle Java SE 8u361-perf Oracle Java SE 11.0.18...
NAME__________Cisco SD-WAN vManage Software file deletionPlatforms Affected:Cisco SD-WAN vManage softwareRisk Level:4.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Cisco SD-WAN vManage Software could allow a local...
NAME__________Discourse denial of servicePlatforms Affected:Discourse Discourse 3.0.1 Discourse Discourse 3.1.0.beta2Risk Level:4.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Discourse is vulnerable to a denial of...
NAME__________Drupal core security bypassPlatforms Affected:Drupal Drupal 10.0.7 Drupal Drupal 9.4.13 Drupal Drupal 7.95 Drupal Drupal 9.5.7Risk Level:4.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Drupal core...
NAME__________Cisco BroadWorks Network Server denial of servicePlatforms Affected:Cisco BroadWorks Network ServerRisk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Cisco BroadWorks Network Server is vulnerable...
NAME__________Oracle Java SE, Oracle GraalVM Enterprise Edition unspecifiedPlatforms Affected:Oracle Java SE 8u361 Oracle Java SE 8u361-perf Oracle Java SE 11.0.18...
NAME__________OpenSSL denial of servicePlatforms Affected:OpenSSL OpenSSL 3.0.0 OpenSSL OpenSSL 3.1.0 OpenSSL OpenSSL 3.0.8Risk Level:3.7Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________OpenSSL is vulnerable to...
NAME__________VMware Aria Operations for Logs command executionPlatforms Affected:VMware Aria Operations for Logs 8.12 VMware Aria Operations for Logs 8.10.2 VMware...
NAME__________LIQUID SPEECH BALLOON plugin for WordPress cross-site request forgeryPlatforms Affected:Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________LIQUID SPEECH BALLOON plugin for WordPress is vulnerable...
NAME__________Apache DolphinScheduler security bypassPlatforms Affected:Apache DolphinScheduler 3.0.0 Apache DolphinScheduler 3.1.1Risk Level:7.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Apache DolphinScheduler could allow a remote attacker to...
NAME__________Eclipse Jetty denial of servicePlatforms Affected:Eclipse Jetty 9.4.50 Eclipse Jetty 10.013 Eclipse Jetty 11.0.13Risk Level:5.3Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Eclipse Jetty is...
NAME__________Apache StreamPark security bypassPlatforms Affected:Apache StreamPark 1.0.0Risk Level:7.1Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Apache StreamPark could allow a remote authenticated attacker to bypass security...
NAME__________Eclipse Jetty information disclosurePlatforms Affected:Eclipse Jetty 9.4.50 Eclipse Jetty 10.013 Eclipse Jetty 11.0.13Risk Level:4.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Eclipse Jetty could allow a...
NAME__________NEXT ENGINE Integration Plugin plugin for EC-CUBE 2.0 series security bypassPlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________NEXT ENGINE Integration Plugin plugin for...
NAME__________Perl HTTP::Tiny module man-in-the-middlePlatforms Affected:Perl HTTP::Tiny 2.34Risk Level:6.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Perl HTTP::Tiny module is vulnerable to a man-in-the-middle attack, caused by...
NAME__________Snyk Advisor website cross-site scriptingPlatforms Affected:Snyk Advisor websiteRisk Level:4.3Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Snyk Advisor website is vulnerable to cross-site scripting, caused by...
Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by...
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2023-2033Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a...
An investigation into last month's 3CX supply chain attack discovered that it was caused by another supply chain compromise where...
London-based professional outsourcing giant Capita has published an update on the cyber-incident that impacted it at the start of the...
Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an...
VMware addressed a critical vRealize Log Insight security vulnerability that allows remote attackers to gain remote execution on vulnerable appliances....
Google’s Threat Analysis Group (TAG) has been monitoring and disrupting Russian state-backed cyberattacks targeting Ukraine’s critical infrastructure in 2023. Google...
