Bleach Anime Forum – 143,711 breached accounts
HIBP In 2015, the now defunct independent forum for the Bleach Anime series suffered a data breach that exposed 144k...
Year: 2023
US-CERT Vulnerability Summary for the Week of November 20, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- after_effectsAdobe After Effects version 24.0.2 (and earlier) and 23.6 (and...
MaccaroniC2 – A PoC Command And Control Framework That Utilizes The Powerful AsyncSSH
MaccaroniC2 is a proof-of-concept Command and Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client...
DynastyPersist – A Linux Persistence Tool!
A Linux persistence tool! A powerful and versatile Linux persistence script designed for various security assessment and testing scenarios. This...
HiddenDesktop – HVNC For Cobalt Strike
Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session...
CSV Feeds PRO module for PrestaShop information disclosure | CVE-2023-46355
NAME__________CSV Feeds PRO module for PrestaShop information disclosurePlatforms Affected:PrestaShop CSV Feeds PRO module for PrestaShop 2.5.2 PrestaShop CSV Feeds PRO...
Pandora FMS file upload | CVE-2023-41812
NAME__________Pandora FMS file uploadPlatforms Affected:Artica Pandora FMS 773 Artica Pandora FMS 700Risk Level:5.6Exploitability:UnprovenConsequences:File Manipulation DESCRIPTION__________Pandora FMS could allow a remote...
WP Shortcodes Plugin — Shortcodes Ultimate for WordPress cross-site scripting | CVE-2023-6225
NAME__________WP Shortcodes Plugin — Shortcodes Ultimate for WordPress cross-site scriptingPlatforms Affected:WordPress WPB Show Core Plugin for WordPress 2.2Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting...
Anyscale RAY server-side request forgery | CVE-2023-48023
NAME__________Anyscale RAY server-side request forgeryPlatforms Affected:Anyscale RAY 2.6.3 Anyscale RAY 2.8.0Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Anyscale RAY is vulnerable to server-side request...
WP Shortcodes Plugin for WordPress information disclosure | CVE-2023-6226
NAME__________WP Shortcodes Plugin for WordPress information disclosurePlatforms Affected:WordPress WPB Show Core Plugin for WordPress 2.2Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________WP Shortcodes Plugin...
Chamilo LMS command execution | CVE-2023-4222
NAME__________Chamilo LMS command executionPlatforms Affected:Chamilo Chamilo LMS 1.11.23Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Chamilo LMS could allow a remote authenticated attacker to execute...
Cryptography package for Python denial of service | CVE-2023-49083
NAME__________Cryptography package for Python denial of servicePlatforms Affected:Python Cryptographic Authority cryptography 41.0.5Risk Level:5.3Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Cryptography package for Python is...
NETGEAR NMS300 privilege escalation |
NAME__________NETGEAR NMS300 privilege escalationPlatforms Affected:NETGEAR NMS300Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________NETGEAR NMS300 could allow a local authenticated attacker to gain elevated privileges...
BookingPress Plugin for WordPress file upload | CVE-2023-6219
NAME__________BookingPress Plugin for WordPress file uploadPlatforms Affected:WordPress WPB Show Core Plugin for WordPress 2.2Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________BookingPress Plugin for WordPress...
Zyxel products denial of service | CVE-2023-4397
NAME__________Zyxel products denial of servicePlatforms Affected:Zyxel USG FLEX 50(W) / USG20(W)-VPN ZLD 5.00 Zyxel ATP series 5.37 Zyxel USG FLEX...
Zyxel products denial of service | CVE-2023-4398
NAME__________Zyxel products denial of servicePlatforms Affected:Zyxel USG FLEX 5.20 Zyxel USG FLEX 50(W) 4.16 Zyxel USG20(W)-VPN 4.16 Zyxel ATP series...
Chamilo LMS command execution | CVE-2023-4221
NAME__________Chamilo LMS command executionPlatforms Affected:Chamilo Chamilo LMS 1.11.23Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Chamilo LMS could allow a remote authenticated attacker to execute...
Okta: October data breach affects all customer support system users
Okta's investigation into the breach of its Help Center environment last month revealed that the hackers obtained data belonging to...
How Continuous Pen Testing Protects Web Apps from Emerging Threats
As the demand for anytime, anywhere access to services and information increases, our dependency on web-based applications deepens. From business...
Japanese Space Agency JAXA hacked in summer cyberattack
The Japan Aerospace Exploration Agency (JAXA) was hacked in a cyberattack over the summer, which may have put sensitive space-related...
Black Basta ransomware made over $100 million from extortion
Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims...
SIM swapper gets 8 years in prison for account hacks, crypto theft
Amir Hossein Golshan, 25, was sentenced to eight years in prison by a Los Angeles District Court and ordered to...
US seizes Sinbad crypto mixer used by North Korean Lazarus hackers
The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool...
Hackers breach US water facility via exposed Unitronics PLCs
CISA (Cybersecurity & Infrastructure Security Agency) is warning that threat actors breached a U.S. water facility by hacking into Unitronics...
