Month: April 2023

Samba security bypass | CVE-2023-0225

April 1, 2023

NAME__________Samba security bypassPlatforms Affected:Samba Samba 4.17.0 Samba Samba 4.18.0Risk Level:5.4Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Samba could allow a remote authenticated attacker to bypass...

Nextcloud Server denial of service | CVE-2023-28644

April 1, 2023

NAME__________Nextcloud Server denial of servicePlatforms Affected:Nextcloud Nextcloud Server 25.0.2Risk Level:5.7Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Nextcloud Server is vulnerable to a denial of...

Nextcloud Server and Nextcloud Enterprise Server information disclosure | CVE-2023-28835

April 1, 2023

NAME__________Nextcloud Server and Nextcloud Enterprise Server information disclosurePlatforms Affected:Nextcloud Nextcloud Server 24.0.9 Nextcloud Nextcloud Server 25.0.3 Nextcloud Nextcloud Server 25.0.0...

Nextcloud Server security bypass | CVE-2023-28643

April 1, 2023

NAME__________Nextcloud Server security bypassPlatforms Affected:Nextcloud Nextcloud Server 25.0.0Risk Level:5.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Nextcloud Server could allow a remote authenticated attacker to bypass...

Samba information disclosure | CVE-2023-0922

April 1, 2023

NAME__________Samba information disclosurePlatforms Affected:Samba Samba 4.1.1 Samba Samba 4.1.0 Samba Samba 4.0.9 Samba Samba 4.0.8 Samba Samba 4.0.7 Samba Samba...

Irssi denial of service | CVE-2023-29132

April 1, 2023

NAME__________Irssi denial of servicePlatforms Affected:Irssi Irssi 1.3.0Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Irssi is vulnerable to a denial of service, caused by...

Samba information disclosure | CVE-2023-0614

April 1, 2023

NAME__________Samba information disclosurePlatforms Affected:Samba Samba 4.1.1 Samba Samba 4.1.0 Samba Samba 4.0.9 Samba Samba 4.0.8 Samba Samba 4.0.7 Samba Samba...

Vira-Investing Investment Tracking System information disclosure | CVE-2023-1014

April 1, 2023

NAME__________Vira-Investing Investment Tracking System information disclosurePlatforms Affected:Risk Level:5.8Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Vira-Investing Investment Tracking System could allow a remote attacker to obtain...

QNAP QTS, QNAP QuTS hero, QNAP QuTScloud, QNAP QVP (QVR Pro appliances), and QNAP QVR command execution | CVE-2023-23355

April 1, 2023

NAME__________QNAP QTS, QNAP QuTS hero, QNAP QuTScloud, QNAP QVP (QVR Pro appliances), and QNAP QVR command executionPlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Gain Access...

Vira-Investing Investment Tracking System cross-site scripting | CVE-2023-1013

April 1, 2023

NAME__________Vira-Investing Investment Tracking System cross-site scriptingPlatforms Affected:Risk Level:6.1Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Vira-Investing Investment Tracking System is vulnerable to cross-site scripting, caused by...

Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation

April 1, 2023

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting...

Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk!

April 1, 2023

Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress....

Daily Vulnerability Trends: Sat Apr 01 2023

April 1, 2023

Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2023-21839Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component:...

Karakurt Ransomware Victim: OptionMetrics

April 1, 2023

KARAKURT RANSOMWARE NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of...

Consumer lender TMX discloses data breach impacting 4.8 million people

April 1, 2023

TMX Finance and its subsidiaries TitleMax, TitleBucks, and InstaLoan have collectively disclosed a data breach that exposed the personal data...

15 million public-facing services vulnerable to CISA KEV flaws

April 1, 2023

Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV...

Hackers exploit bug in Elementor Pro WordPress plugin with 11M installs

April 1, 2023

Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin used by over eleven million websites....

Sundry Files – 274,461 breached accounts

April 1, 2023

HIBP In January 2022, the now defunct file upload service Sundry Files suffered a data breach that exposed 274k unique...

Leaked Reality – 114,907 breached accounts

April 1, 2023

HIBP In January 2022, the now defunct uncensored video website Leaked Reality suffered a data breach that exposed 115k unique...

Month: April 2023

Samba security bypass | CVE-2023-0225

Nextcloud Server denial of service | CVE-2023-28644

Nextcloud Server and Nextcloud Enterprise Server information disclosure | CVE-2023-28835

Nextcloud Server security bypass | CVE-2023-28643

Samba information disclosure | CVE-2023-0922

Irssi denial of service | CVE-2023-29132

Samba information disclosure | CVE-2023-0614

Vira-Investing Investment Tracking System information disclosure | CVE-2023-1014

QNAP QTS, QNAP QuTS hero, QNAP QuTScloud, QNAP QVP (QVR Pro appliances), and QNAP QVR command execution | CVE-2023-23355

Vira-Investing Investment Tracking System cross-site scripting | CVE-2023-1013

Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation

Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk!

Daily Vulnerability Trends: Sat Apr 01 2023

Karakurt Ransomware Victim: OptionMetrics

Consumer lender TMX discloses data breach impacting 4.8 million people

15 million public-facing services vulnerable to CISA KEV flaws

Hackers exploit bug in Elementor Pro WordPress plugin with 11M installs

Sundry Files – 274,461 breached accounts

Leaked Reality – 114,907 breached accounts

Advanced Email Attacks Target Manufacturing Sector: Rise of Phishing and BEC

Ransomware Groups Driving 40% of Cyber-Attacks in 2024: Key Insights

MITRE Reveals Top 25 Most Critical Software Flaws of 2024

Microsoft Disrupts Phishing Operations by Seizing 240 Fraudulent Websites

Black Friday Spam Emails: 77% Identified as Scams in 2024

You may have missed