Category: alerts

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a–n/a  Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. 2025-03-04 10 CVE-2024-50704 n/a–n/a  Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute… Read more

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released an alert warning of a scam involving criminal actors masquerading as the “BianLian Group.”  The cyber criminals target corporate executives by sending extortion letters threatening to release victims’ sensitive information unless payment is received. CISA encourages organizations to review the following FBI Public Service… Read more

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info jupyterhub–ltiauthenticator  `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn’t validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only users that has configured a JupyterHub installation to use… Read more

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info a1post–A1POST.BG Shipping for Woo  Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a through 1.5.1. 2025-02-22 8.8 CVE-2025-27012 amauric–WPMobile.App  The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in… Read more

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released a joint Cybersecurity Advisory, #StopRansomware: Ghost (Cring) Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with Ghost ransomware activity identified through FBI investigations. Ghost actors… Read more

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see… Read more

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info ABB–System 800xA  A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.  An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects System 800xA:… Read more

CISA released twenty Industrial Control Systems (ICS) advisories on February 13, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-044-01 Siemens SIMATIC S7-1200 CPU Family ICSA-25-044-02 Siemens SIMATIC ICSA-25-044-03 Siemens SIPROTEC 5 ICSA-25-044-04 Siemens SIPROTEC 5 ICSA-25-044-05 Siemens SIPROTEC 5 Devices ICSA-25-044-06 Siemens RUGGEDCOM APE1808 Devices ICSA-25-044-07 Siemens… Read more

CISA and the Federal Bureau of Investigation (FBI) have released a Secure by Design Alert, Eliminating Buffer Overflow Vulnerabilities, as part of their cooperative Secure by Design Alert series—an ongoing series aimed at advancing industry-wide best practices to eliminate entire classes of vulnerabilities during the design and development phases of the product lifecycle. “Eliminating Buffer… Read more

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info .TUBE gTLD–.TUBE Video Curator  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in .TUBE gTLD .TUBE Video Curator allows Reflected XSS. This issue affects .TUBE Video Curator: from n/a through 1.1.9. 2025-02-03 7.1 CVE-2025-23799 2N–2N Access Commander  2N Access Commander version… Read more