Month: August 2023

SevenRooms – 1,205,385 breached accounts

August 25, 2023

HIBP In December 2022, over 400GB of data belonging to restaurant customer management platform SevenRooms was posted for sale to...

US-CERT Vulnerability Summary for the Week of August 14, 2023

August 24, 2023

High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infofoldingathome -- client_advanced_controlAn issue was discovered in FoldingAtHome Client Advanced Control GUI...

cfe80c7360936da78bd9ee617f0b780b3c3e6ff6a45119cce9c58b5b66f6d369

Holehe – Tool To Check If The Mail Is Used On Different Sites Like Twitter, Instagram And Will Retrieve Information On Sites With The Forgotten Password Function

August 24, 2023

Holehe Online Version Summary Efficiently finding registered accounts from emails. Holehe checks if an email is attached to an account...

HackerOne Bug Bounty Disclosure: b-improper-access-control-on-linkedin-page-b-cybergoddess

August 24, 2023

Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'cybergoddess'Link to Submitters Profile:https://hackerone.com/b'cybergoddess' Report Title:b'Improper access control on Linkedin Page'Report Link:https://hackerone.com/reports/1587246Date...

HackerOne Bug Bounty Disclosure: b-a-unverified-user-can-post-newsletter-which-is-not-allowed-through-application-ui-b-tushar

August 24, 2023

Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'tushar6378'Link to Submitters Profile:https://hackerone.com/b'tushar6378' Report Title:b'A Unverified User Can Post Newsletter (Which...

HackerOne Bug Bounty Disclosure: b-cache-poisoning-allows-redirection-on-js-files-b-youstin

August 24, 2023

Company Name: b'Glassdoor' Company HackerOne URL: https://hackerone.com/glassdoor Submitted By:b'youstin'Link to Submitters Profile:https://hackerone.com/b'youstin' Report Title:b'Cache Poisoning allows redirection on JS files'Report...

HackerOne Bug Bounty Disclosure: b-idor-allows-an-attacker-to-delete-anyone-s-featured-photo-b-adilnbabras

August 24, 2023

Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'adilnbabras'Link to Submitters Profile:https://hackerone.com/b'adilnbabras' Report Title:b"IDOR allows an attacker to delete anyone's...

HackerOne Bug Bounty Disclosure: b-an-attacker-can-flag-draft-job-posts-and-can-disclose-the-draft-job-posts-details-similar-to-resolved-report-b-tushar

August 24, 2023

HackerOne Bug Bounty Disclosure: b-attackers-can-use-trial-premium-only-by-paying-idr-from-the-original-price-of-idr-per-month-b-find-me-here

August 24, 2023

Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'find_me_here'Link to Submitters Profile:https://hackerone.com/b'find_me_here' Report Title:b'Attackers can use TRIAL Premium only by...

CISA: CISA Releases Six Industrial Control Systems Advisories

August 24, 2023

CISA Releases Six Industrial Control Systems Advisories CISA released six Industrial Control Systems (ICS) advisories on August 24, 2023. These...

20b985b8be79cb2e1935f79ac74fb05a81bd6465f8e97783eb19bdd7465f9c8b

DarkGate reloaded via malvertising and SEO poisoning campaigns

August 24, 2023

In July 2023, we observed a malvertising campaign that lured potential victims to a fraudulent site for a Windows IT management...

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37436

August 24, 2023

NAME__________HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injectionPlatforms Affected:HPE Aruba Networking EdgeConnect SD-WAN Orchestrator 9.0 HPE Aruba Networking EdgeConnect SD-WAN...

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37434

August 24, 2023

NAME__________HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injectionPlatforms Affected:HPE Aruba Networking EdgeConnect SD-WAN Orchestrator 9.0 HPE Aruba Networking EdgeConnect SD-WAN...

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37429

August 24, 2023

NAME__________HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injectionPlatforms Affected:HPE Aruba Networking EdgeConnect SD-WAN Orchestrator 9.0 HPE Aruba Networking EdgeConnect SD-WAN...

Netgear NMS300 command execution |

August 24, 2023

NAME__________Netgear NMS300 command executionPlatforms Affected:NETGEAR NMS300Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Netgear NMS300 could allow a remote attacker to execute arbitrary commands on...

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator server-side request forgery | CVE-2023-37440

August 24, 2023

NAME__________HPE Aruba Networking EdgeConnect SD-WAN Orchestrator server-side request forgeryPlatforms Affected:HPE Aruba Networking EdgeConnect SD-WAN Orchestrator 9.0 HPE Aruba Networking EdgeConnect...

Pandora FMS file upload | CVE-2023-24517

August 24, 2023

NAME__________Pandora FMS file uploadPlatforms Affected:Artica Pandora FMS 767Risk Level:6.4Exploitability:UnprovenConsequences:File Manipulation DESCRIPTION__________Pandora FMS could allow a remote authenticated attacker to upload...

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37432

August 24, 2023

NAME__________HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injectionPlatforms Affected:HPE Aruba Networking EdgeConnect SD-WAN Orchestrator 9.0 HPE Aruba Networking EdgeConnect SD-WAN...

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37433

August 24, 2023

NAME__________HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injectionPlatforms Affected:HPE Aruba Networking EdgeConnect SD-WAN Orchestrator 9.0 HPE Aruba Networking EdgeConnect SD-WAN...

Pandora FMS server-side request forgery | CVE-2023-24515

August 24, 2023

NAME__________Pandora FMS server-side request forgeryPlatforms Affected:Artica Pandora FMS 767Risk Level:5.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Pandora FMS is vulnerable to server-side request forgery, caused...

FileMage Gateway Windows Deployments directory traversal | CVE-2023-39026

August 24, 2023

NAME__________FileMage Gateway Windows Deployments directory traversalPlatforms Affected:FileMage Gateway Windows Deployments 1.10.8Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________FileMage Gateway Windows Deployments could allow a...

Month: August 2023

SevenRooms – 1,205,385 breached accounts

US-CERT Vulnerability Summary for the Week of August 14, 2023

Holehe – Tool To Check If The Mail Is Used On Different Sites Like Twitter, Instagram And Will Retrieve Information On Sites With The Forgotten Password Function

HackerOne Bug Bounty Disclosure: b-improper-access-control-on-linkedin-page-b-cybergoddess

HackerOne Bug Bounty Disclosure: b-a-unverified-user-can-post-newsletter-which-is-not-allowed-through-application-ui-b-tushar

HackerOne Bug Bounty Disclosure: b-cache-poisoning-allows-redirection-on-js-files-b-youstin

HackerOne Bug Bounty Disclosure: b-idor-allows-an-attacker-to-delete-anyone-s-featured-photo-b-adilnbabras

HackerOne Bug Bounty Disclosure: b-an-attacker-can-flag-draft-job-posts-and-can-disclose-the-draft-job-posts-details-similar-to-resolved-report-b-tushar

HackerOne Bug Bounty Disclosure: b-attackers-can-use-trial-premium-only-by-paying-idr-from-the-original-price-of-idr-per-month-b-find-me-here

CISA: CISA Releases Six Industrial Control Systems Advisories

DarkGate reloaded via malvertising and SEO poisoning campaigns

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37436

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37434

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37429

Netgear NMS300 command execution |

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator server-side request forgery | CVE-2023-37440

Pandora FMS file upload | CVE-2023-24517

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37432

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37433

Pandora FMS server-side request forgery | CVE-2023-24515

FileMage Gateway Windows Deployments directory traversal | CVE-2023-39026

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator cross-site scripting | CVE-2023-37439

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator command execution | CVE-2023-37427

HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37435

CVE Alert: CVE-2025-31487

CVE Alert: CVE-2025-31481

CVE Alert: CVE-2025-3174

CVE Alert: CVE-2025-31485

CVE Alert: CVE-2025-3175

You may have missed