Month: January 2024

Mercari App for Android URL redirect | CVE-2024-23388

January 25, 2024

NAME__________Mercari App for Android URL redirectPlatforms Affected:Mercari Mercari App for Android 5.77.0Risk Level:3.3Exploitability:UnprovenConsequences:Other DESCRIPTION__________Mercari App for Android could allow a...

Jenkins Qualys Policy Compliance Scanning Connector Plugin information disclosure | CVE-2023-6147

January 25, 2024

NAME__________Jenkins Qualys Policy Compliance Scanning Connector Plugin information disclosurePlatforms Affected:Jenkins Qualys Policy Compliance Scanning Connector Plugin 1.0.5Risk Level:7.1Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins...

Jenkins GitLab Branch Source Plugin security bypass | CVE-2024-23901

January 25, 2024

NAME__________Jenkins GitLab Branch Source Plugin security bypassPlatforms Affected:Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3Risk Level:5.4Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Jenkins GitLab Branch Source Plugin...

Apache Airflow information disclosure | CVE-2023-50944

January 25, 2024

NAME__________Apache Airflow information disclosurePlatforms Affected:Apache Airflow 2.8.0Risk Level:2.7Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apache Airflow could allow a remote authenticated attacker to obtain sensitive...

Jenkins Log Command Plugin information disclosure | CVE-2024-23904

January 25, 2024

NAME__________Jenkins Log Command Plugin information disclosurePlatforms Affected:Jenkins Log Command Plugin 1.0.2Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins Log Command Plugin could allow a...

Cisco Unity Connection cross-site scripting | CVE-2024-20305

January 25, 2024

NAME__________Cisco Unity Connection cross-site scriptingPlatforms Affected:Risk Level:4.8Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Cisco Unity Connection is vulnerable to cross-site scripting, caused by improper validation...

Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches security bypass | CVE-2024-20263

January 25, 2024

NAME__________Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches security bypassPlatforms Affected:Cisco Business 250 Series smart switches...

Two-factor Authentication module for Drupal security bypass |

January 25, 2024

NAME__________Two-factor Authentication module for Drupal security bypassPlatforms Affected:Drupal Two-factor Authentication module for Drupal tfa 8.x-1.0Risk Level:5.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Two-factor Authentication module...

Jenkins GitLab Branch Source Plugin cross-site request forgery | CVE-2024-23902

January 25, 2024

NAME__________Jenkins GitLab Branch Source Plugin cross-site request forgeryPlatforms Affected:Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins GitLab Branch Source...

Month: January 2024

Mercari App for Android URL redirect | CVE-2024-23388

Jenkins Qualys Policy Compliance Scanning Connector Plugin information disclosure | CVE-2023-6147

Jenkins GitLab Branch Source Plugin security bypass | CVE-2024-23901

Apache Airflow information disclosure | CVE-2023-50944

Jenkins Log Command Plugin information disclosure | CVE-2024-23904

Cisco Unity Connection cross-site scripting | CVE-2024-20305

Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches security bypass | CVE-2024-20263

Two-factor Authentication module for Drupal security bypass |

Jenkins GitLab Branch Source Plugin cross-site request forgery | CVE-2024-23902

Squid-Cache Squid denial of service | CVE-2024-23638

Kasseika Ransomware Using BYOVD Trick to Disarm Security Pre-Encryption

New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

Global Fintech Firm Equilend Offline After Recent Cyberattack

Hpe Russian Hackers Breached Its Security Teams Email Accounts

Uk Says Ai Will Empower Ransomware Over The Next Two Years

Vextrio Tds Inside A Massive 70 000 Domain Cybercrime Operation

How To Secure Ad Passwords Without Sacrificing End User Experience

Tesla Hacked 24 Zero Days Demoed At Pwn2own Automotive 2024

Over 5 300 Gitlab Servers Exposed To Zero Click Account Takeover Attacks

AI Set to Supercharge Ransomware Threat, Says NCSC

Exploit Code Released For Critical Fortra GoAnywhere Bug

Browser Phishing Threats Grew 198% Last Year

X Makes Passkeys Available for US-Based Users

[QILIN] – Ransomware Victim: Zimmerman & Frachtman PA Law Firm

[QILIN] – Ransomware Victim: Calvert Home Mortgage Investment

[QILIN] – Ransomware Victim: LBCO Contracting LTD

Unveiling Blockchain Security: Safeguarding the Digital Ledger

A Fifth of UK Enterprises Uncertain About NIS2 Compliance Requirements

You may have missed