#web

Just days after we uncovered a campaign targeting Google Ads accounts, a similar attack has surfaced, this time aimed at Microsoft...

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed.

DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.

The rate of evolution has been glacial, but tools now understand cloud environments and can target Web applications.

Palo Alto, USA, 30th January 2025, CyberNewsWire

Palo Alto, USA, 30th January 2025, CyberNewsWire

The addition of Solvo CSPM to CYE Hyver aims to address the need for multicloud vulnerability monitoring and risk assessment.

An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP. The effort has targeted the following domains - www.cracked.io www.nulled.to www.mysellix.io www.sellix.io www.starkrdp.io Visitors to these websites are now greeted by a seizure banner that says they were confiscated

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: UNEM Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Argument Injection, Heap-based Buffer Overflow, Improper Certificate Validation, Use of Hard-coded Password, Improper Restriction of Excessive Authentication Attempts, Cleartext Storage of Sensitive Information, Incorrect User Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial of service, execute unintended commands, access sensitive information, or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: UNEM: Versions R15A and prior UNEM: R15B (CVE-2024-28022, CVE-2024-28024, CVE-2024-28020) UNEM: R15B PC4 (CVE-2024-2013, CVE-2024-2012, CVE-2024-2011, CVE-2024-28021, CVE-2024-28023) UNEM: R16A UNEM: R16B (CVE-2024-28022, CVE-2024-280...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Harmony Industrial PC, Pro-face Industrial PC Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: System Monitor application in Harmony Industrial PC: All versions System Monitor application in Pro-face Industrial PC: All versions 3.2 Vulnerability Overview 3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200 An information exposure vulnerability exists that could cause exposure of credentials when attacker has access to application on network over HTTP. CVE-2024-8884 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (C...