#cvss
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
69% of Tumblr users are millennials.
Text
"CVSS is a shitty system"
Esettanulmányok arról, hogy készül a virsli CVSS (Common Vulnerability Scoring System), a cURL vezető fejlesztőjének előadásában.
@muszeresz
#curl#daniel stenberg#cve#common vulnerabilities and exposures#cna#cve numbering authority#mitre#cvss#Common Vulnerability Scoring System#nvd#national vulnerability database#ghsa db#GitHub Security Advisory Databas#hackerone#CVE-2022-42915#CVE-2023-27536#CVE-2020-19909
7 notes
·
View notes
Text
VulnCon Day 2 Errata & Taking Ben Edwards to Task
Today was the second day of VulnCon 2025, a conference whose stated purpose is “to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.” While the purpose is to develop “forward leaning” ideas, the reality is that sometimes…
#Benjamin Edwards#CVSS#EPSS#Errata#KEV#Shelby Cunningham#VulnCon#Vulnerability Disclosure#Vulnerability Ecosystem#Vulnerability Statistics
0 notes
Text
Vulnérabilité RCE critique non authentifiée (CVSS 9.9) dans les systèmes GNU/Linux
Une vulnérabilité de sécurité critique a été découverte dans les systèmes GNU/Linux, permettant une exécution de code à distance (RCE) sans authentification. Cette faille, identifiée par le chercheur en sécurité Simone Margaritelli, a été évaluée avec un score de 9,9 sur 10 dans le système de notation CVSS (Common Vulnerability Scoring System), confirmant ainsi sa gravité.
Vulnérabilité RCE critique non authentifiée (CVSS 9.9) dans les systèmes GNU/Linux - LaRevueGeek.com
#Vulnérabilité#RCE#GNU/Linux#Sécurité#Critique#Authentification#Code à distance#Failles#CVSS#Vulnérabilité critique
0 notes
Text
Why malware matters most: 6 ways to foil software threats faster
Here are six reasons why shifting focus away from vulnerability management and toward battling malware should be a top priority for application security teams. https://tinyurl.com/25xkm9yx
0 notes
Text
the store substituted the gummy tums i wanted for what looks like massive sad skittles what the fuck am i supposed to do with these
#im scared to try them#im sure theyre not bad but also idk man#i dont trust tums to make anything solid good. going off of how normal tums are literal chalk#idk why i didnt just go to a drug store there are two cvss and a walgreens extremely close to my house#and the radio is on and the radioman is speaking
1 note
·
View note
Text
Fast n’ Dirty
Summary: Joel’s gotta crush on the girl that works nights at the CVS. He swears it’s nothin, that he’s just a guy lookin’ out for a nice girl in the rougher part of town. He’s lying.
tw: kinda pervy Joel. slight stalker-ish behavior? not really, Joel just frequents that CVS a lot..but on purpose? sex products, rough sex, meanie!Joel, degrading dirty talk, oral (m receiving), serious objectification, tit play, lactation kink, guys Joel’s a freak here but so is reader so yay. I did edit this but it’s also 4am here and I haven’t slept. if there’s any edits to make, I’ll fix them later 🫶🏼
wc: 3,952
—
Joel knows you work nights at the CVS just outside Arvin county, at the crossing of Milton and Pell Circle. He drives past it almost everyday on the way to different sites.
None of it was intentional. Joel never meant to be creepy. It was accidental, instinctual, the way he remembered your schedule. It wasn’t weird. You were just younger, and pretty, and they never seemed to schedule you during the day. It put Joel on edge. If he noticed your schedule it meant someone else could too.
Joel was just looking out for you. That’s what he tells himself. It’s not the whole truth though. Not with the way he finds reasons, excuses, to stop by. Water, beer, batteries he doesn’t need. Like it’s not your face that slips up behind his eyelids when he finally lays down in his bed and his dick gets hard. Messy hair, paint chipped fingernails, and red lipstick that somehow looks out of place, too much for a girl who works at CVS, but perfect on you.
Yeah, Joel felt like a perv. Every time. He felt guilty, until the night he found out you were just as depraved as him.
—
Joel could feel that familiar itch as he drove home tonight. It snuggled up close and warm behind his belly button. Desire seemed to drag its nails along Joel’s bones, sharp and simmering.
You weren’t supposed to be working tonight.
It was his chance to buy what he needed.
Neon letters shine bright as hell across the parking lot, reflecting off the leftover puddles of rain. Joel strolls in with heavy boots.
Walking through those automatic doors always felt strange. There was a certain air about a CVS. Just like gas stations in the middle of the night or washed out grocery stores with squeaky floors.
Eerily clean and tidy. CVSs feel like stepping into the back rooms, always looking frozen in time. Carpet thin and stiff and always freshly vacuumed. Even without the lines, anyone could smell the burning plastic of that dinosaur they made you push around.
It’s empty in here. Only the sound of his steps and the low hum of electricity follow Joel throughout the store. He sinks his fingers into the cut out on a case of beer, hauls it around end caps stacked with candy and graduation teddy bears. Joel doesn’t stop till he gets to a certain isle.
He isn’t weird about it. Joel’s a grown ass man. Hell, teetering the line of old. This isn’t the first time he’s bought adult products before. His eyes trail over the different packages of lube, flicker over to the condoms.
He could call someone. There’s a few old numbers buried down a list in his phone. Joel doesn’t want that though. Doesn’t want the cheap corny banter, the glasses of wine he’d have to force down or the small talk.
Joel wants fast and dirty.
But that wasn’t happening…
“You can’t go wrong with KY.”
Joel jumps out of his skin, whips around at the sound of your voice. Your voice.
He stares. The red company polo shirt is one size too big, baggy on you. A messy fraying braid sweeps over your shoulder, beat to hell chucks on your feet. Red lipstick.
You weren’t supposed to be working tonight.
Joel’s voice comes out a little flat, like he’s confused. He is. He ask, “What?”
You laugh a little, nodding towards the shelves and explaining, “KY Jelly’s brand. It’s a classic for a reason.”
You keep talking when Joel doesn’t, even when he turns back around to look at the too many boxes. His brain is rebooting.
“We have other stuff too. Toys. They’re mostly for women though. Vibrators and bunnies. They’d be a great surprise for any girl.”
“There’s no girl.”
Joel’s eyes are on you again. His reply comes too fast, a little harsh. He clears his throat and tries again.
“There’s no girl. I was just here for uh..”
He trails off after nodding towards the lube, looks to the carpeted floor. Too many images and words flash through his brain. He damn well just admitted he’s planning on going home to jerk off.
When you giggle, Joel looks up again. It’s the sweetest sound he’s ever heard in his life. Like peaches and graham cracker pie crust. Sweet tea in red plastic cups. There’s a soft pink hue painting your cheeks and a smile on your face.
“Still got a lot of options. Lots of couples like the warming gels but they can be just as much fun..alone. Just depends on what you like, and if you’re using a toy that calls for a certain base. Water. Silicone.”
Your eyes come back to Joel. There’s a teasing tone to your words, and it makes Joel wanna laugh. Just the fact that you’re standing here teaching him about lube like he’s not fifteen years your senior. He shouldn’t do it. Shouldn’t poke or extend this conversation any further.
“What do you recommend?”
Too late. He watches as the pretty pink color deepens on the high points of your cheeks, how your eyelashes flutter at the question, at the way his voice dips low. You lift a hand and flick at the tab of an empty row.
“Personally, Astroglide,” you say with a shrug, trying to act casual.
Joel hums, liking the way you squirm. Silence stretches between you for a long moment. When you speak again, it’s not what Joel expects.
“I’m sure we have more in the back. It’s just - I won’t be able to reach the box it’s in. If you wanna follow me, we can get it for you.”
Joel knows he shouldn’t. Knows it’s a bad fucking idea. Even with that glint in your eye, that tone in your voice, Joel doesn’t let his mind go there.
He does follow you though. Sets the case of beer by the hall that leads to the bathroom, employee break room. Your ratty sneakers come to a stop in front of another plain, boring colored door. The tension is palpable as you slide a key into the lock.
The room is dark when the door swings open, until you flip a switch that bathes the small space in a dimmer fluorescent lighting. You step in and Joel follows, eyes running along the shelves of big boxes with peeling labels. He still believes you, still thinks he’s just here to reach what you can’t and he’ll just buy the lube you recommended, go home and become a bigger pervert than ever.
That’s the last thought he has before the air is knocked from him. Before you’re on him. Your hands shove him backwards, tripping him up by surprise, his boots stumbling. Joel’s back slams into the smooth surface of the door, closing it. Your mouth is on his, greedy and fast.
It takes Joel a second to process what’s happening. Your warm lips on his, tiny kitten nails scratching at his neck and beard. You pull at him, straining on your tippy toes to even reach his mouth. Joel groans low and filthy when you sink your sharp teeth into his bottom lip.
That’s when he grabs your face, pushing you away. He doesn’t let go though. His fingers dig into the bones of your jaw, what Joel would normally claim just shy of too hard, but you lean into it.
“What are you doing?”
It’s a deep whisper. His eyes find yours. Wild and wide, eager but scared. Joel growls when you don’t respond, gets in your face and actually jerks you a little.
He ask again, meaner this time, “What the fuck are you doing?”
You gasp, “I - I don’t know. I just wanted..I thought..”
“Thought what? Huh?”
Joel’s chest heaves, and you sink those cute nails into his forearm and whimper. Red lipstick smeared across your mouth, cheeks pushed together and fattened by Joel’s grip. You whimper and Joel’s mind breaks.
“I just thought..there’s a gas station across the street, Joel..’n probably fourteen more between here and your house..but you stop here…I - I wanted..”
That’s all it takes. The way you call him out so softly and confess in the same breath. Joel doesn’t let himself think twice. You want him. You’ve known he wants you. It’s the last thread pulled, the first domino pushed. Joel’s mouth captures yours.
The kiss isn’t gentle or sweet. It’s all teeth and the rough scrape of Joel’s beard. Joel keeps up the pace you set when you first jumped him, just guides that eager little fire of yours with more finesse. He squeezes your jaw, pops that pretty mouth open and licks into it.
You taste like sour candy. The kind that’s coated in that granular jaw stingy sugary powder. Joel licks it from your teeth, sucks the taste of it from your tongue. He won’t pull away. Just pushes deeper into the feeling of his lungs tightening and burning.
That rushing relief, the first gasp of cool air filling his chest comes when you just drop. Ungraciously and hard. Joel hears the way your knees knock against the floor. It takes Joel by surprise, wants to assume you’ve just slipped, but that’s impossible with the way your fingers start ripping at the worn leather belt around his waist.
Joel doesn’t get a chance to speak. Not before you’re untucking his shirt, shoving it up his belly. Your wet mouth slides over his skin, fingers still pulling and parting denim. You look up at him then. Eyes blown, you huff, “Need to suck your cock, Joel.”
Something deep in his guts kick, dick jerking hard in his pants. He’s leaking already. Joel groans loudly, head falling back against the door with a thud. An angry growl slips from his throat when you yank his jeans and briefs the rest of the way down. You’re fucking desperate, not even giving him a minute to undress.
Joel reaches down, winding your braid around his fist and tugging your neck back. Dark eyes and meaner words fall from his mouth, “Fuck..look at you..”
But you’re not looking at Joel anymore, not in the eyes anyway. Yours, glassy and glazed over, are locked on the cock bobbing in front of your face. Joel’s. Thicker than he is long. Six and a half, but heavy. Dark at the base, a pretty mauve shaded tip. Wet. Pretty balls too, covered in the corse hair of Joel’s pubes. He’s bushy but trimmed. There’s a few grays peeking through and you downright fucking salivate at the sight. You don’t look scared. You look hungry and it makes Joel’s blood pump faster, something angry and dark shuffling beneath the rug in his mind.
Joel grabs himself, watches your face as you watch the way he strokes his length. Root to tip. That look in your eyes, like you need his dick to breathe, breeds a need to ruin you within Joel. He doesn’t ask but he doesn’t need to tell you either. Your jaw is already falling open, mouth wide. With a tight grip on your hair, he tilts his hips forward, resting the leaking tip against your bottom lip.
“Whore,” Joel whispers, spits.
You whine. It only makes you wetter, more desperate, Joel’s meanness. You pull against the tight grasp on your braid as you try to fall onto his cock. Joel gives. He lets go and it’s instant, the wet heat of your mouth, He can’t stop himself from pushing deep, giving a single hard thrust sooner than you’re ready for. The sounds of your choking are filthy. Cheeks bulging, muscles constricting when Joel’s tip punches the back of your throat.
“Fuuuck,” Joel growls. He lets up, lets you use the added spit to set your own pace. Trails of mulberry red mark the skin of his cock as your lips slide. You knock his hand away, fingers slipping around the width, stroking in time with the bobs of your head. It’s rhythmic and messy, drool leaking from the corners of your mouth, soaking every inch of Joel and his balls, your chin.
You push down hard. Nose buried in the hair at the base, choking yourself, letting Joel feel and hear the way you gag around him. For the first time, the sound he makes is broken and strangled. “Shit..shit shit shit,” Joel gasp.
He pulls on the root of your braid, having to use actual force to pull you off. He’s too close too soon and you’re not letting up. It’s messy when he does pull out completely. Spit links the two of you together, and Joel grabs himself again, smacking your right cheek, and then your left.
It’s dirty and mean, the way he starts thrusting against your face, like you’re just there for him to grind his dick against something. You can’t hold back the whine that slips free, your pussy pulsing in time with your heartbeat. The sound of his voice draws you back.
Joel grunts, tip gliding over your mouth. His voice comes out heavy, “Fuck..you like this, don’t you?”
Your answer is the way your eyes find his, your tongue slipping out flat. Joel’s cock jerks in his hand. He groans, slapping his length against your tongue, leaving it coated and sticky.
You slowly close your lips around the head again, taking it no further. The view Joel has is pure sin. Your eyes never leave his, filled with a fake sweetness and complete obedience as you suckle on the tip like it’s candy.
“Fuck..don’t..don’t look at me like that,” Joel rasp.
You simply hum around him, keeping your wide glassy eyes on his, tongue flickering over the nerve beneath the head. Joel gasp. He snaps.
Joel leans down instantly, large hands engulfing your cheeks, mouth sealing over yours as he drags you to your unsteady feet.
“Let me fuck you. Please let me fuck you,” Joel begs against your lips. He doesn’t mind the taste of himself, the pre or spit.
He spins you, placing your back to his chest. Joel’s teeth bite down on your neck, stinging. He purrs in your ear, “Let me fuck you, pretty girl.”
You whine from your already sore throat, “Joel..I want to but I didn’t..I haven’t shaved.”
Joel could laugh. He really could. He takes that want of yours as a yes and slips his hand down your pants. His fingertips meet soft hair, brushing over the lips of your pussy until he’s cupping it in his big palm. Joel noses at your ear, voice rough, “You think I care about this?”
“I don’t give a fuck about this,” Joel whispers, fingers teasingly running over your pubes, the seam of your slit without ever dipping in. You whine, skin burning hot. Joel bites down again before he ask, “You gonna give me what’s mine, baby? Can I fuck this sweet little cunt?”
“Yes, yes yes,” you gasp. Your head falls back, mouth open when he finally finally dips those calloused fingers into you. Soaked. Drenched. Joel groans, dragging it from your opening to your clit. That sticky cream coats the hair on your lips, making a mess between your legs.
Before you can blink, Joel’s dragging everything down. When he stands back up behind you, he’s pushing the material of your company shirt up, yanking the thin scrape of lace that is your bralette down. The tiny mounds of your breast are exposed, nipples hard. Barely a handful but Joel squeezes them all the same, wets his fingers and tweaks your nipples until you’re squeaking.
“I could feed off these, couldn’t I, baby? Suck on these pretty tits until they’re leaking? Milk you every morning?”
Joel chuckles behind you. His dirty words are a distraction as he lines himself up. In the next breath, he’s shoving in, punching the air from your lungs and every thought from your mind. A ragged scream. Kitten nails digging deep enough to leave marks. Joel’s thick cock stretches your pussy to the max, bulging your belly.
He has to pause, balls sitting snug against your ass. It’s too good. Too warm, too soft. The gummy walls of your cunt suck Joel’s cock straight to the hilt, like she finally got what she needs, and she’s not letting go. Nasty thoughts flash through Joel’s mind.
BreedherBreedherBreedher.
He shakes his head, gives those cute tits a squeeze and runs his palm down your sternum, watching the blissed out struggle on your face. He hums sweetly, “Breathe baby, breathe.”
You do. A guttural shaky one, but you do. When Joel feels you relax, he leans in, licking and kissing along your jaw. Eyes half closed, you eventually melt into Joel’s embrace.
His next words are a contradiction. Soft and tender, but words that promise the opposite. Joel whispers, “Listen to me..’m..’m not gonna be gentle. Alrigh? I need you fast and hard..rough. I need to wreck this cunt. Need you screamin’. Gimme me a word. One word. If you say it, we stop.”
Your mind whirls. You hiccup softly, “Cinnamon.”
Joel hums, kissing your jaw again. “Alrigh’. You say cinnamon, we what..?”
“We stop,” you answer instantly.
A laugh vibrates from Joel’s chest, bleeds in through your back. His smile is sharp.
“Good girl.”
It’s the last soft moment between you. That last kiss to your skin was a switch flipping. Joel quickly spins you around, shoving you over a large stack of boxes. They’re steady, filled with heavy computer paper and placing your pretty cunt at the perfect level.
The snap of his hips is instant. Earth shattering. You’d scream if you could. Fingers scrambling, clutching. You can’t find a good grip with the way Joel has you thrown over the boxes. You feel like a rag doll, limp and shaky, just something warm and wet for him to use.
A sharp slap to your ass triggers that desperate inhale of air. You finally scream, choked and broken, mixing with the steady sound of Joel’s moans. He doesn’t slow down, only growls above the sound of his hips slamming into yours, “This what you wanted? My fat cock splitting this pretty cunt open?”
“Yesyes yes Joel, fuck..wanted it,” you cry.
Another slap to your ass, a harsh tug to one your nipples. A groan comes deep from Joel’s belly. “Fuckin’ dirty girl..dreamin’ about your pussy gettin’ used?”
Joel feels the way you squeeze his dick. He laughs. His thrusts only speed up, pushing more broken sounds from your mouth. Joel watches the way he bullies his cock into your pussy, and how she just takes it. Already puffy and swollen.
He smirks, voice teasing, “She likes this..being used. Stuffed full..Tell me what you are.”
“A whore..’m a whore.”
Joel rewards you with the touch of his fingertips to your clit. He taunts you, “Who’s whore, baby? Hm? Bet you do this every shift, let just anybody see and use this little cunt?”
“No nono..jus’ you Joel..’s yours.”
Joel moans, leaning over your back. His free fingers find your nipples. He chuckles again, voice sweetly mocking, words mean. “These cute little mosquito bites mine too, baby?”
Shame rolls through your belly. You nod, face burning, eyes watering. Joel’s fingers haven’t stopped tracing sweet circles on your clit. Your release comes suddenly, skipping like a pebble over the lake of fire in your belly and crashing into you.
“Fuckfuckkfuck,” you sob. The first tears fall.
Joel gasp brokenly, forehead falling to your shoulder. The aftershocks of your orgasm, each flutter of your walls, it kicks Joel closer to the edge. He barely gets out, “Fuck fuck ‘m gonna cum..where?”
“Inside,” you whisper.
That almost breaks Joel. His hips stutter mid thrust, balls pulling tight. “Baby..I can’t. Can’t..”
“Cum inside me, Joel. Pleasepleaseplease please cum in-inside me,” you cry, more tears spilling hot and fast. The sight ruins him. Your tears, the tight grip of your sore pussy. Joels body decides for him, decides that dumping a load in your young cunt can be a problem, a ghost to haunt his conscience, for another day. He thrust deep and cums hard, balls pumping, painting your tender walls white and thick.
You both stay still for a long time, exhausted bodies draped over the boxes. Joel eventually lifts himself off your back. His voice comes quick though.
“Don’t move,” he says on a heavy breath. It’s only a few seconds. You hear shuffling, his belt, silence…a click. When you look back over your shoulder, Joel’s crouched down, phone level with your exposed pussy. He took a picture of your puffy cunt, his cum drooling out and soaking the cardboard you’re laying across.
The act sends your tummy flipping. You should say something, object. You don’t. The fact that Joel has a picture of your ruined pussy in his phone turns you on more than it should. The fact that he didn’t ask, the objectification, like your pussy is just free to take photos of, like your pussy belongs to him…
“Come here, sweetheart.”
His voice pulls you back to the present, those hands pulling you upright. Thighs shaking, slick running down to your ankles, Joel chuckles at the sight.
The flannel he never even took off, he takes it off now. The fabric is rough on your skin but it’s Joel’s tender wipes that keep you from protesting. He cleans you throughly, getting only a little side tracked, fingertips exploring, running through your folds again just because.
After a few tired giggles and batting Joel’s hands away, a dirty whisper that he was very serious about milking your tits, you’re both dressed again. Joel kisses you one last time before opening the supply closet door. Sweet and deep. He really looks at you, like he’s memorizing your face.
The goodbye is..other worldly. He picks up his abandoned case of beer, and with a bottle of astroglide, Joel checks out with the dirtiest, cockiest grin on his face. You watch as Joel walks out of the automatic doors before locking them. He’s all you can think about as you close for the night, him and the last little bit of his cum leaking out of you.
-
(I’m sorry this took so long!! I’m finishing up my summer classes so I’ve been drowning in test and essays. Hope you guys like this. Should have a shorter Tommy fic soon, and other chapter fics will be updated. 🫶🏼)
#joel miller#joel miller smut#game joel#joel miller drabble#joel miller fanfiction#joel miller fic#joel miller x reader#joel tlou#tlou hbo#tlou2#tlou#the last of us
1K notes
·
View notes
Text
Hey everyone - if you live in or are near the US , you're over the age of 12, and it's been +2 months since your last jab you're eligible for a covid booster and Novavax is finally being rolled out! It's not an mRNA vaccine and has been shown to possibly be more effective against new variants than mRNA vaccines. It doesn't have the crappy side effects the day after either! It's the safest vaccine for anyone who has had adverse effects from the covid shot before. Here's a solid compilation of studies and news on it if you want to learn more
https://www.okdoomer.io/a-little-bit-of-good-news/
It'll be more widely available in a few weeks but many CVSs, RiteAids, and Costcos are carrying it nationwide. Costco doesn't require a membership. If you call your local pharmacy and ask them if/when they'll have it that might get them to sooner. Most of these have Novavax availability on their appointment scheduler websites but it's still worth calling to check or checking in person in case they're out of date. You can also search for it on vaccines.gov. Happy to help folks look locally where y'all are if you want. Important to check if the location will take your insurance because boosters are now >$100 out of pocket if you go out of network 🙃 If you don't have insurance there is also the Bridge Access Program. To be clear, the mRNA vaccines are still very good and getting boosted before the holiday season spike is the best thing to do regardless. https://www.cdc.gov/vaccines/programs/bridge/index.html
#signal boost#boost#covid19#covid 19#covid#long covid#covid boosters#novavax inc#covid safety#covid conscious
635 notes
·
View notes
Text
The new COVID vaccine as well as Mpox vaccine are now available at some CVSs in the US! Get vaccinated if you can, it looks like it's gonna be a rough season ahead.
#YukiPri rambles#covid#vaccines#mpox#got the earliest appointment i could#mum just got back from traveling and just tested positive for covid#i am currently negative and will hopefully stay that way till i can get my booster...
51 notes
·
View notes
Quote
うわー。ヤバいヤバい。IPAが出したこれか https://www.ipa.go.jp/security/security-alert/2025/20250418-jvn.html 本脆弱性のCVSS v3深刻度:緊急、本脆弱性のCVSS v3基本値:9.8
[B! セキュリティ] IIJサイバー攻撃、「Active! mail」から侵入か - 日本経済新聞
3 notes
·
View notes
Text
The Niagara Framework
...Developed by Tridium, an independent business entity of Honeywell, the Niagara Framework is a vendor-neutral platform used to manage and control a wide range of devices from different manufacturers, such as HVAC, lighting, energy management, and security, making it a valuable solution in building management, industrial automation, and smart infrastructure environments.
It consists of two key components: Platform, which is the underlying software environment that provides the necessary services to create, manage, and run Stations, and Station, which communicates with and controls connected devices and systems.
The vulnerabilities identified by Nozomi Networks are exploitable should a Niagara system be misconfigured, causing encryption to be disabled on a network device and opening the door to lateral movement and broader operational disruptions, impacting safety, productivity, and service continuity.
The most severe of the issues are listed below -
CVE-2025-3936 (CVSS score: 9.8) - Incorrect Permission Assignment for Critical Resource
CVE-2025-3937 (CVSS score: 9.8) - Use of Password Hash With Insufficient Computational Effort
CVE-2025-3938 (CVSS score: 9.8) - Missing Cryptographic Step
CVE-2025-3941 (CVSS score: 9.8) - Improper Handling of Windows: DATA Alternate Data Stream
CVE-2025-3944 (CVSS score: 9.8) - Incorrect Permission Assignment for Critical Resource
CVE-2025-3945 (CVSS score: 9.8) - Improper Neutralization of Argument Delimiters in a Command
CVE-2025-3943 (CVSS score: 7.3) - Use of GET Request Method With Sensitive Query Strings
Nozomi Networks said it was able to craft an exploit chain combining CVE-2025-3943 and CVE-2025-3944 that could enable an adjacent attacker with access to the network to breach a Niagara-based target device, ultimately facilitating root-level remote code execution.
Specifically, the attacker could weaponize CVE-2025-3943 to intercept the anti-CSRF (cross-site request forgery) refresh token in scenarios where the Syslog service is enabled, causing the logs containing the token to be transmitted potentially over an unencrypted channel.
Armed with the token, the threat actor can trigger a CSRF attack and lure an administrator into visiting a specially crafted link that causes the content of all incoming HTTP requests and responses to be fully logged. The attacker then proceeds to extract the administrator's JSESSIONID session token and use it to connect to the Niagara Station with full elevated permissions and creates a new backdoor administrator user for persistent access.
In the next stage of the attack, the administrative access is abused to download the private key associated with the device's TLS certificate and conduct adversary-in-the-middle (AitM) attacks by taking advantage of the fact that both the Station and Platform share the same certificate and key infrastructure.
With control of the Platform, the attacker could leverage CVE-2025-3944 to facilitate root-level remote code execution on the device, achieving complete takeover. Following responsible disclosure, the issues have been addressed in Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
"Because Niagara often connects critical systems and sometimes bridges IoT technology and information technology (IT) networks, it could represent a high-value target," the company said....
2 notes
·
View notes
Text
Used the @cybervesna template for an FIA report on Valentine. Explanation for the SRIA rating below:
SRIA (Subject Risk and Impact Assessment):
Physical Threat: None Cyber Threat: Moderate Social Threat: None Idealism: Moderate Wealth: None Predictability: Moderate
A parody of CVSS scores for software vulnerabilities. :3 It's important to create some sort of widely accepted rating that Valentine would hate to see her evaluation for. Quite honestly the part of this report she would like the least is "minimal field experience" despite its truth.
#cyberpunk 2077#phantom liberty#finally had to decide on her middle name but it was easy when I knew it had to start with an “I” and that IDA Pro existed#implying a link to yorinobu that she would explode in real life upon hearing lmao#basically she'd hate to read this entire thing even though it's not That untrue#“appeal to natural authority” == the way myers slapping her around makes her eager to please#FIA agent knew what they were saying but still#heart-thief valentine
13 notes
·
View notes
Text
Zero-Day CVE-2024-24919 Discovered in Check Point's VPN Software
Cybersecurity software vendor Check Point has issued a critical warning to customers, urging them to update their software immediately due to a zero-day vulnerability in their Virtual Private Network (VPN) products that is actively being exploited by attackers. The vulnerability, assigned CVE-2024-24919 and a CVSS score of 8.6 (high severity), affects Check Point's CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.
VPN Exploit Targets Older Local Accounts
According to Check Point's advisory, the vulnerability involves attackers "using old VPN local accounts relying on unrecommended password-only authentication method." The company strongly recommends against relying solely on password authentication for logging into network infrastructure, emphasizing that it is an unfavorable method for ensuring the highest levels of cybersecurity.
Potential Impact and Lateral Movement
If successfully exploited, the vulnerability could grant an attacker access to sensitive information on a security gateway, as well as enable lateral movement within the network with domain administrator privileges. Threat intelligence firm Mnemonic, which was contacted by Check Point regarding the vulnerability, has confirmed that the exploit allows threat actors to retrieve all files on the local filesystem, including password hashes for local accounts, SSH keys, certificates, and other critical files.
Patches Available and Recommended Mitigations
Check Point has released patches for all affected systems, and customers are strongly advised to apply the updates as soon as possible. In addition to installing the patches, Check Point recommends hardening VPN posture by implementing multi-factor authentication (MFA) and reviewing and removing unnecessary local VPN accounts. For any necessary local accounts, additional authentication measures should be added to mitigate the risk of exploitation. The actively exploited zero-day vulnerability in Check Point's VPN products underscores the importance of promptly applying security updates and following best practices. While implementing MFA can be a hassle, the consequences of a data breach or network compromise can be far more severe. Organizations using affected Check Point products are urged to take immediate action to secure their systems and protect their valuable data and infrastructure. Read the full article
4 notes
·
View notes
Text
Zoom joins the vulnerability fray: Will VISS move the needle on AppSec?
Here's what you need to know about Zoom's Vulnerability Impact Scoring System, how it compares to EPSS — and how it can advance your application security. https://jpmellojr.blogspot.com/2024/01/zoom-joins-vulnerability-fray-will-viss.html
0 notes
Text
Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack
The Hacker News : Palo Alto Networks is warning that a critical flaw impacting its PAN-OS software used in its GlobalProtect gateways is being exploited in the wild. Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indicating maximum severity. "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature http://dlvr.it/T5QBTY Posted by : Mohit Kumar ( Hacker )
2 notes
·
View notes
Note
As someone who literally surveys so many CVSs yeah its not you they complain all the time about being over staffed on mornings due to the worker age range skewing higher than more places of employment 👍
That makes me feel a little better thank you.
3 notes
·
View notes
Text
Decoding CISA Exploited Vulnerabilities
Integrating CISA Tools for Effective Vulnerability Management: Vulnerability management teams struggle to detect and update software with known vulnerabilities with over 20,000 CVEs reported annually. These teams must patch software across their firm to reduce risk and prevent a cybersecurity compromise, which is unachievable. Since it’s hard to patch all systems, most teams focus on fixing vulnerabilities that score high in the CVSS, a standardized and repeatable scoring methodology that rates reported vulnerabilities from most to least serious.
However, how do these organizations know to prioritize software with the highest CVE scores? It’s wonderful to talk to executives about the number or percentage of critical severity CVEs fixed, but does that teach us anything about their organization’s resilience? Does decreasing critical CVEs greatly reduce breach risk? In principle, the organization is lowering breach risk, but in fact, it’s hard to know.
To increase cybersecurity resilience, CISA identified exploited vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) initiative was created to reduce breaches rather than theoretical risk. CISA strongly urges businesses to constantly evaluate and prioritize remediation of the Known Exploited Vulnerabilities catalog. By updating its list, CISA hopes to give a “authoritative source of vulnerabilities that have been exploited in the wild” and help firms mitigate risks to stay ahead of cyberattacks.
CISA has narrowed the list of CVEs security teams should remediate from tens-of-thousands to just over 1,000 by focusing on vulnerabilities that:
Been assigned a CVE ID and actively exploited in the wild
Have a clear fix, like a vendor update.
This limitation in scope allows overworked vulnerability management teams to extensively investigate software in their environment that has been reported to contain actively exploitable vulnerabilities, which are the most likely breach origins.
Rethinking vulnerability management to prioritize risk
With CISA KEV’s narrower list of vulnerabilities driving their workflows, security teams are spending less time patching software (a laborious and low-value task) and more time understanding their organization’s resiliency against these proven attack vectors. Many vulnerability management teams have replaced patching with testing to see if:
Software in their surroundings can exploit CISA KEV vulnerabilities.
Their compensatory controls identify and prevent breaches. This helps teams analyze the genuine risk to their organization and the value of their security protection investments.
This shift toward testing CISA KEV catalog vulnerabilities shows that organizations are maturing from traditional vulnerability management programs to Gartner-defined Continuous Threat Exposure Management (CTEM) programs that “surface and actively prioritize whatever most threatens your business.” This focus on proven risk instead of theoretical risk helps teams learn new skills and solutions to execute exploits across their enterprise.
ASM’s role in continuous vulnerability intelligence
An attack surface management (ASM) solution helps you understand cyber risk with continuous asset discovery and risk prioritization.
Continuous testing, a CTEM pillar, requires programs to “validate how attacks might work and how systems might react” to ensure security resources are focused on the most pressing risks. According to Gartner, “organizations that prioritize based on a continuous threat exposure management program will be three times less likely to suffer a breach.”
CTEM solutions strengthen cybersecurity defenses above typical vulnerability management programs by focusing on the most likely breaches. Stopping breaches is important since their average cost is rising. IBM’s Cost of a Data Breach research shows a 15% increase to USD 4.45 million over three years. As competent resources become scarcer and security budgets tighten, consider giving your teams a narrower emphasis, such as CISA KEV vulnerabilities, and equipping them with tools to test exploitability and assess cybersecurity defense robustness.
Checking exploitable vulnerabilities using IBM Security Randori
IBM Security Randori, an attack surface management solution, finds your external vulnerabilities from an adversarial perspective. It continuously validates an organization’s external attack surface and reports exploitable flaws.
A sophisticated ransomware attack hit Armellini Logistics in December 2019. After the attack, the company recovered fast and decided to be more proactive in prevention. Armellini uses Randori Recon to monitor external risk and update asset and vulnerability management systems as new cloud and SaaS applications launch. Armellini is increasingly leveraging Randori Recon’s target temptation analysis to prioritize vulnerabilities to repair. This understanding has helped the Armellini team lower company risk without affecting business operations.
In addition to managing vulnerabilities, the vulnerability validation feature checks the exploitability of CVEs like CVE-2023-7992, a zero-day vulnerability in Zyxel NAS systems found and reported by IBM X-Force Applied Research. This verification reduces noise and lets clients act on genuine threats and retest to see if mitigation or remediation worked.
Read more on Govindhtech.com
4 notes
·
View notes