Year: 2023

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

July 22, 2023

CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...

CISA: Oracle Releases Security Updates

July 22, 2023

Oracle Releases Security Updates Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for July...

CISA: Citrix Releases Security Updates for NetScaler ADC and Gateway

July 22, 2023

Citrix Releases Security Updates for NetScaler ADC and Gateway Citrix has released security updates to address vulnerabilities (CVE-2023-3519, CVE-2023-3466, and...

CISA: Atlassian Releases Security Updates

July 22, 2023

Atlassian Releases Security Updates Atlassian has released its Security Bulletin for July 2023(link is external) to address vulnerabilities in Confluence Data...

CISA: CISA Releases Cybersecurity Advisory on Threat Actors Exploiting Citrix CVE-2023-3519

July 22, 2023

CISA Releases Cybersecurity Advisory on Threat Actors Exploiting Citrix CVE-2023-3519 The Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity...

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog

July 22, 2023

CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...

CISA: CISA Releases One Industrial Control Systems Advisory

July 22, 2023

CISA Releases One Industrial Control Systems Advisory CISA released one Industrial Control Systems (ICS) advisory on July 20, 2023. This...

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

July 22, 2023

CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...

US-CERT Vulnerability Summary for the Week of July 10, 2023

July 21, 2023

High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoelra -- parkmatikImproper Neutralization of Special Elements used in an SQL Command...

HackerOne Bug Bounty Disclosure: b-password-reset-endpoint-is-not-brute-force-protected-b-rullzer

July 21, 2023

Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'rullzer'Link to Submitters Profile:https://hackerone.com/b'rullzer' Report Title:b'Password reset endpoint is not brute force...

CISA: Atlassian Releases Security Updates

July 21, 2023

Atlassian Releases Security Updates Atlassian has released its Security Bulletin for July 2023(link is external) to address vulnerabilities in Confluence Data...

Posh C2 Detected – 103[.]230[.]142[.]243:443

July 21, 2023

The Information provided at the time of posting was detected as "Posh C2". Depending on when you are viewing this...

Akira Ransomware Victim: Bright Future Electr ic, LLC

July 21, 2023

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...

Akira Ransomware Victim: Yamaha Canada Music Ltd

July 21, 2023

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...

myCred plugin for WordPress cross-site request forgery | CVE-2023-35096

July 21, 2023

NAME__________myCred plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress myCred plugin for WordPress 2.5Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________myCred plugin for WordPress is...

Recipe Maker For Your Food Blog from Zip Recipes plugin for WordPress cross-site request forgery | CVE-2023-35089

July 21, 2023

NAME__________Recipe Maker For Your Food Blog from Zip Recipes plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Recipe Maker For Your...

InfoDoc Document On-line Submission and Approval System server-side request forgery | CVE-2023-37290

July 21, 2023

NAME__________InfoDoc Document On-line Submission and Approval System server-side request forgeryPlatforms Affected:InfoDoc Document On-line Submission and Approval System 22547 InfoDoc Document...

WooCommerce Ship to Multiple Addresses plugin for WordPress cross-site request forgery | CVE-2023-36514

July 21, 2023

NAME__________WooCommerce Ship to Multiple Addresses plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress WooCommerce Shipping Multiple Addresses 3.8.5Risk Level:6.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________WooCommerce...

Open Enclave security bypass | CVE-2023-37479

July 21, 2023

NAME__________Open Enclave security bypassPlatforms Affected:Open Enclave Open Enclave SDK 0.19.2Risk Level:5.9Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Open Enclave could allow a remote attacker to...

AutomateWoo plugin for WordPress cross-site request forgery | CVE-2023-36513

July 21, 2023

NAME__________AutomateWoo plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress AutomateWoo Plugin for WordPress 5.7.5Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________AutomateWoo plugin for WordPress is...

xHTTP denial of service | CVE-2023-38434

July 21, 2023

NAME__________xHTTP denial of servicePlatforms Affected:xHTTP xHTTPRisk Level:7.5Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________xHTTP is vulnerable to a denial of service, caused...

MeterSphere directory traversal | CVE-2023-37461

July 21, 2023

NAME__________MeterSphere directory traversalPlatforms Affected:MeterSphere MeterSphere 2.10.2 LTSRisk Level:3.9Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________MeterSphere could allow a remote authenticated attacker to traverse directories on...

KOMET privilege escalation | CVE-2023-3786

July 21, 2023

NAME__________KOMET privilege escalationPlatforms Affected:AURES Technologies KOMETRisk Level:4.3Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________KOMET could allow a physical attacker to gain elevated privileges on the...

WooCommerce Brands plugin for WordPress cross-site request forgery | CVE-2023-35880

July 21, 2023

NAME__________WooCommerce Brands plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress WooCommerce Brands plugin for WordPress 1.6.49Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________WooCommerce Brands plugin...

Year: 2023

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: Oracle Releases Security Updates

CISA: Citrix Releases Security Updates for NetScaler ADC and Gateway

CISA: Atlassian Releases Security Updates

CISA: CISA Releases Cybersecurity Advisory on Threat Actors Exploiting Citrix CVE-2023-3519

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA: CISA Releases One Industrial Control Systems Advisory

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

US-CERT Vulnerability Summary for the Week of July 10, 2023

HackerOne Bug Bounty Disclosure: b-password-reset-endpoint-is-not-brute-force-protected-b-rullzer

CISA: Atlassian Releases Security Updates

Posh C2 Detected – 103[.]230[.]142[.]243:443

Akira Ransomware Victim: Bright Future Electr ic, LLC

Akira Ransomware Victim: Yamaha Canada Music Ltd

myCred plugin for WordPress cross-site request forgery | CVE-2023-35096

Recipe Maker For Your Food Blog from Zip Recipes plugin for WordPress cross-site request forgery | CVE-2023-35089

InfoDoc Document On-line Submission and Approval System server-side request forgery | CVE-2023-37290

WooCommerce Ship to Multiple Addresses plugin for WordPress cross-site request forgery | CVE-2023-36514

Open Enclave security bypass | CVE-2023-37479

AutomateWoo plugin for WordPress cross-site request forgery | CVE-2023-36513

xHTTP denial of service | CVE-2023-38434

MeterSphere directory traversal | CVE-2023-37461

KOMET privilege escalation | CVE-2023-3786

WooCommerce Brands plugin for WordPress cross-site request forgery | CVE-2023-35880

[APT73] – Ransomware Victim: boostheat[.]com

CVE Alert: CVE-2025-23059

CVE Alert: CVE-2024-45659

CVE Alert: CVE-2025-0364

CVE Alert: CVE-2025-23060

You may have missed