In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change when CPU is running from it works in vast majority of cases, now and then it causes instability. This leads to system crashes and other.....
7.2AI Score
CVE-2024-5588 itsourcecode Learning Management System processscore.php sql injection
A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched...
7.6AI Score
CVE_2024_24919 Vulnerability Scanner This Java tool scans a...
6.3AI Score
0.019EPSS
CVE_2024_24919 Vulnerability Scanner This Java tool scans a...
6.3AI Score
0.019EPSS
[SECURITY] Fedora 39 Update: glances-4.0.5-2.fc39
Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interf ace It can also work in client/server mode. Remote monitoring could be...
0.0004EPSS
[SECURITY] Fedora 39 Update: rust-uu_unlink-0.0.23-3.fc39
unlink ~ (uutils) remove a (file system) link to...
[SECURITY] Fedora 39 Update: rust-uu_ln-0.0.23-3.fc39
ln ~ (uutils) create a (file system) link to...
[SECURITY] Fedora 39 Update: rust-uu_link-0.0.23-4.fc39
link ~ (uutils) create a hard (file system) link to...
[SECURITY] Fedora 39 Update: rust-resctl-bench-2.2.5-3.fc39
resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, test ing resource control end-to-end requires scenarios involving realistic...
[SECURITY] Fedora 40 Update: glances-4.0.5-2.fc40
Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interf ace It can also work in client/server mode. Remote monitoring could be...
0.0004EPSS
Reaper - Proof Of Concept On BYOVD Attack
Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate, vulnerable driver into a target system, which allows attackers to exploit the driver to perform malicious actions. Reaper was...
7.5AI Score
7AI Score
0.004EPSS
7.1AI Score
0.013EPSS
7.1AI Score
0.008EPSS
6.3AI Score
0.019EPSS
CVE-2024-33996 moodle: broken access control when setting calendar event type
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish...
7AI Score
New! Insight Agent Support for ARM-based Windows in InsightVM
We are pleased to introduce Insight Agent support of ARM-based Windows 11 devices for both vulnerability and policy assessment within InsightVM. Customers with Windows 11 devices powered by ARM processors can now take advantage of the great performance and lower power requirements of these chips...
7.1AI Score
6.5AI Score
0.019EPSS
A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as...
7.6AI Score
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as...
7.8AI Score
7.5AI Score
6.2AI Score
0.019EPSS
7.4AI Score
7.5AI Score
(RHSA-2024:3529) Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578) ...
6.7AI Score
0.003EPSS
(RHSA-2024:3528) Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166) kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176) kernel: nf_tables: use-after-free vulnerability...
6.7AI Score
0.003EPSS
CVE-2024-36108 Multiple Broken Function-Level Authorization vulnerabilities in casgate
casgate is an Open Source Identity and Access Management system. In affected versions casgate allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR #201 which is pending merge. An attacker could use id...
7.2AI Score
Ars0N-Framework - A Modern Framework For Bug Bounty Hunting
Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...
7AI Score
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....
7.4AI Score
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF005. Vulnerability Details ** CVEID: CVE-2024-29025 DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a...
7AI Score
0.0004EPSS
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...
9.8CVSS
8.6AI Score
CVE-2024-23692 Rejetto HTTP File Server 2.3m Unauthenticated RCE
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...
8.1AI Score
XML External Entity (XXE) Injection
symfony/serializer is vulnerable to XML External Entity (XXE) injection. This vulnerability is due to the failure to disable external entities when parsing XML using the XMLEncoder component, which allows an attacker to include arbitrary files from the file system by exploiting the XXE injection...
7.8AI Score
G DATA Total Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...
7.5AI Score
This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within.....
7.1CVSS
6.7AI Score
7.4AI Score
This vulnerability allows local attackers to escalate privileges on affected installations of VMWare Workstation. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
9.3CVSS
7.5AI Score
Amazon Linux 2 : git (ALAS-2024-2548)
The version of git installed on the remote host is prior to 2.40.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2548 advisory. Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4,...
7.5AI Score
According to its self-reported version, Cisco Firepower Threat Defense (FTD) Software is affected by a vulnerability. Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to...
7.1AI Score
7.1AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
7.4AI Score
7.1AI Score
0.001EPSS
7.1AI Score
0.001EPSS
Progress Software Telerik Reporting Register Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software Telerik Reporting. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Register method. The issue results from the.....
9.8CVSS
7AI Score
G DATA Total Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...
7.5AI Score
7.4AI Score