CISA: Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094
Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094 CISA and the open source community are responding to...
Month: April 2024
CISA: CISA Publishes New Webpage Dedicated to Providing Resources for High-Risk Communities
CISA Publishes New Webpage Dedicated to Providing Resources for High-Risk Communities Today, CISA published a new dedicated High-Risk Communities webpage...
CISA: Cisco Releases Security Updates for Multiple Products
Cisco Releases Security Updates for Multiple Products Cisco released security updates to address vulnerabilities in Cisco IOS, IOS XE, and...
CISA: Apple Released Security Updates for Safari and macOS
Apple Released Security Updates for Safari and macOS Apple released security updates to address a vulnerability (CVE-2024-1580) in Safari and macOS....
US-CERT Vulnerability Summary for the Week of March 25, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
HackerOne Bug Bounty Disclosure: using-branded-hashtag-feature-user-partnered-with-account-manager-can-view-videos-uploaded-by-a-private-tiktok-account-if-item-id-is-known-dxcoder
Company Name: TikTok Company HackerOne URL: https://hackerone.com/tiktok Submitted By:dxcoderLink to Submitters Profile:https://hackerone.com/dxcoder Report Title:Using Branded Hashtag Feature User Partnered with...
Sliver C2 Detected – 159[.]203[.]173[.]117:31337
The Information provided at the time of posting was detected as "Sliver C2". Depending on when you are viewing this...
CovenantC2 Detected – 64[.]176[.]80[.]227:7443
The Information provided at the time of posting was detected as "Covenant C2". Depending on when you are viewing this...
Sliver C2 Detected – 45[.]33[.]103[.]13:31337
The Information provided at the time of posting was detected as "Sliver C2". Depending on when you are viewing this...
Sliver C2 Detected – 42[.]96[.]32[.]189:31337
The Information provided at the time of posting was detected as "Sliver C2". Depending on when you are viewing this...
Sliver C2 Detected – 194[.]58[.]33[.]246:31337
The Information provided at the time of posting was detected as "Sliver C2". Depending on when you are viewing this...
Sliver C2 Detected – 159[.]223[.]219[.]19:31337
The Information provided at the time of posting was detected as "Sliver C2". Depending on when you are viewing this...
PHPGurukul Emergency Ambulance Hiring Portal cross-site request forgery | CVE-2024-3089
NAME__________PHPGurukul Emergency Ambulance Hiring Portal cross-site request forgeryPlatforms Affected:PHPGurukul Emergency Ambulance Hiring Portal 1.0Risk Level:4.3Exploitability:HighConsequences:Gain Access DESCRIPTION__________PHPGurukul Emergency Ambulance Hiring...
PHPGurukul Emergency Ambulance Hiring Portal cross-site scripting | CVE-2024-3091
NAME__________PHPGurukul Emergency Ambulance Hiring Portal cross-site scriptingPlatforms Affected:PHPGurukul Emergency Ambulance Hiring Portal 1.0Risk Level:2.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________PHPGurukul Emergency Ambulance Hiring Portal...
IBM WebSphere Application Server information disclosure | CVE-2023-50313
NAME__________IBM WebSphere Application Server information disclosurePlatforms Affected:IBM WebSphere Application Server 8.5 IBM WebSphere Application Server 9.0Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________IBM WebSphere...
DJI drone code execution | CVE-2023-51456
NAME__________DJI drone code executionPlatforms Affected:DJI Mavic 3 01.01.0000 Pro DJI Mavic 3 01.01.0000 DJI Mavic 3 01.01.0000 Classic DJI Mavic...
DJI drone code execution | CVE-2023-51455
NAME__________DJI drone code executionPlatforms Affected:DJI Mavic 3 01.01.0000 Pro DJI Mavic 3 01.01.0000 DJI Mavic 3 01.01.0000 Classic DJI Mavic...
DJI drone denial of service | CVE-2023-51453
NAME__________DJI drone denial of servicePlatforms Affected:DJI Mavic 3 01.01.0000 Pro DJI Mavic 3 01.01.0000 DJI Mavic 3 01.01.0000 Classic DJI...
DJI drone code execution | CVE-2023-51454
NAME__________DJI drone code executionPlatforms Affected:DJI Mavic 3 01.01.0000 Pro DJI Mavic 3 01.01.0000 DJI Mavic 3 01.01.0000 Classic DJI Mavic...
PHPGurukul Emergency Ambulance Hiring Portal cross-site scripting | CVE-2024-3090
NAME__________PHPGurukul Emergency Ambulance Hiring Portal cross-site scriptingPlatforms Affected:PHPGurukul Emergency Ambulance Hiring Portal 1.0Risk Level:2.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________PHPGurukul Emergency Ambulance Hiring Portal...
DJI drone denial of service | CVE-2023-51452
NAME__________DJI drone denial of servicePlatforms Affected:DJI Mavic 3 01.01.0000 Pro DJI Mavic 3 01.01.0000 DJI Mavic 3 01.01.0000 Classic DJI...
Google Chrome security bypass | CVE-2024-3156
NAME__________Google Chrome security bypassPlatforms Affected:Google Chrome 123.0Risk Level:6.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Google Chrome could allow a remote attacker to bypass security restrictions,...
Adobe Experience Manager cross-site scripting | CVE-2024-20799
NAME__________Adobe Experience Manager cross-site scriptingPlatforms Affected:Adobe Experience Manager 6.5.19.0Risk Level:5.4Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Adobe Experience Manager is vulnerable to cross-site scripting, caused...
IOSiX IO-1020 default account | CVE-2024-31069
NAME__________IOSiX IO-1020 default accountPlatforms Affected:IOSiX IO-1020 359 IOSiX IO-1020 358Risk Level:7.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________IOSiX IO-1020 contains a default password in the...
