EDrhyme Co.,Ltd Security Vulnerabilities

Shanghai Zhongyun Digital Win Cloud Computing Technology Co., Ltd Shanghai Old Cadre APP has Logic Flaw Vulnerability

Shanghai Old Cadre app is a senior activity software specially created for some party members and old cadres in Shanghai. Shanghai Zhongyun Digital Win Cloud Computing Technology Co. Shanghai Old Cadre App has a logic flaw vulnerability that can be exploited by attackers to cause SMS...

Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea

The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer. The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures" from infected...

Malicious input can provoke XSS when preserving comments

Impact There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in....

BullGuard Antivirus Detection (Windows SMB Login)

Detects the installed version of BullGuard Anti-Virus. The script logs in via smb, searches...

BullGuard Backup Detection (Windows SMB Login)

Detects the installed version of BullGuard Backup. The script logs in via smb, searches...

CVE-2023-43996

An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...

Command Execution Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-03256)

Beijing Yisaitong Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the Yisetong Electronic Document Security Management System, which can be exploited by an attacker to....

BullGuard Internet Security Detection (Windows SMB Login)

Detects the installed version of BullGuard Internet Security. The script logs in via smb, searches...

BullGuard Premium Protection Detection (Windows SMB Login)

Detects the installed version of BullGuard Premium Protection. The script logs in via smb, searches...

Massive utility scam campaign spreads via online ads

For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam, where crooks pretend to be your utility company so they can threaten...

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its....

Command Injection Vulnerability in DIR-822+ V1.0.2 of AUO Electronic Equipment (Shanghai) Co.

DIR-822 is a wireless router from D-Link, a Chinese company. A command injection vulnerability exists in the AUO Electronic Devices (Shanghai) Co. DIR-822+ version V1.0.2, which stems from the SetStaticRouteSettings function failing to correctly filter constructor command special characters,...

Stable Channel Update for ChromeOS / ChromeOS Flex

The Stable channel is being updated to OS version: 15699.58.0 Browser version: 121.0.6167.159 for most ChromeOS devices. If you find new issues, please let us know one of the following ways File a bug Visit our ChromeOS communities General: Chromebook Help Community Beta Specific: ChromeOS Beta...

Softing edgeConnector

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Low attack complexity Vendor: Softing Equipment: edgeConnector Vulnerabilities: Cleartext Transmission of Sensitive Information, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create conditions that...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2264)

The remote host is missing an update for the Huawei...

Ransomware Double-Dip: Re-Victimization in Cyber Extortion

**Between crossovers - Do threat actors play dirty or desperate? ** In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether....

Huawei EulerOS: Security Advisory for openssl1.1.0f (EulerOS-SA-2019-2254)

The remote host is missing an update for the Huawei...

CVE-2023-51059

An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web...

Design/Logic Flaw

An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1274)

The remote host is missing an update for the Huawei...

SQL Injection Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-03265)

Beijing Yisaitong Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A SQL injection vulnerability exists in the Yisetong electronic document security management system, which can be exploited by attackers to...

U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation

The U.S. Department of Justice (DoJ) on Monday unsealed indictments against seven Chinese nationals for their involvement in a hacking group that targeted U.S. and foreign critics, journalists, businesses, and political officials for about 14 years. The defendants include Ni Gaobin (倪高彬), Weng...

Huawei EulerOS: Security Advisory for openssl110h (EulerOS-SA-2019-2218)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DSA-1237)

The remote host is missing an update for the...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 181 vulnerabilities disclosed in 143...

A Cyber Insurance Backstop

In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after the devastating NotPetya cyberattack in 2017. The malware ultimately infected more than 40,000 of.....

About the security content of iOS 17.4 and iPadOS 17.4

About the security content of iOS 17.4 and iPadOS 17.4 This document describes the security content of iOS 17.4 and iPadOS 17.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2216)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl110f (EulerOS-SA-2019-2430)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2019-2098)

The remote host is missing an update for the Huawei...

How Public AI Can Strengthen Democracy

With the world's focus turning to misinformation, manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But we're learning that AI has a democracy problem, too. Both challenges must be addressed for the sake of democratic...

Debian: Security Advisory (DSA-1233)

The remote host is missing an update for the...

Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2020-1061)

The remote host is missing an update for the Huawei...

CVE-2022-4964

Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not...

Debian: Security Advisory (DSA-2971-1)

The remote host is missing an update for the...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2464)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1221)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2097)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1063)

The remote host is missing an update for the Huawei...

Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability

Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability Summary: | Product | Grav CMS | | ----------------------- |...

Ubuntu: Security Advisory (USN-395-1)

The remote host is missing an update for...

Grav Server-side Template Injection (SSTI) via Twig Default Filters

Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection (SSTI) via Insufficient Validation in filterFilter Summary: | Product | Grav CMS | |...

talent500.co Cross Site Scripting vulnerability OBB-3757667

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-48352

In phasecheckserver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48355

In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...

CVE-2023-48358

In drm driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...

Debian: Security Advisory (DLA-1932-1)

The remote host is missing an update for the...

CVE-2023-48356

In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...

CVE-2023-48354

In telephone service, there is a possible improper input validation. This could lead to local information disclosure with no additional execution privileges...

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2016-1061)

The remote host is missing an update for the Huawei...