About the security content of iOS 17 and iPadOS 17
About the security content of iOS 17 and iPadOS 17 This document describes the security content of iOS 17 and iPadOS 17. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
9.8CVSS
8.7AI Score
0.005EPSS
About the security content of watchOS 10
About the security content of watchOS 10 This document describes the security content of watchOS 10. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....
9.8CVSS
8.6AI Score
0.005EPSS
LLM Summary of My Book Beyond Fear
Claude (Anthropic's LLM) was given this prompt: Please summarize the themes and arguments of Bruce Schneier's book Beyond Fear. I'm particularly interested in a taxonomy of his ethical arguments--please expand on that. Then lay out the most salient criticisms of the book. Claude's reply: Here's a.....
7AI Score
Exploit for Out-of-bounds Read in Linux Linux Kernel
Linux kernel release 4.x http://kernel.org/ These are the...
7.1CVSS
6.4AI Score
0.0004EPSS
Linux kernel release 4.x http://kernel.org/ These are the...
7.1CVSS
6.9AI Score
0.0005EPSS
Incorrect calculation of totalSupply(), balanceOf() in rUSDY.sol if the rate is unlinked from $1
Lines of code https://github.com/code-423n4/2023-09-ondo/blob/main/contracts/usdy/rUSDY.sol#L226-L228 Vulnerability details Impact In rUSDY.sol, the functions totalSupply(), balanceOf() are calculated. totalSupply()...
6.5AI Score
GraphQL Vulnerabilities and Common Attacks: What You Need to Know
GraphQL is a powerful query language for APIs that has gained popularity in recent years for its flexibility and ability to provide a great developer experience. However, with the rise of GraphQL usage comes the potential for security vulnerabilities and attacks. In this blog post, we will...
8.5AI Score
Exploit for Use After Free in Linux Linux Kernel
Linux kernel release 4.x http://kernel.org/ These are the...
7.1CVSS
6.4AI Score
0.0004EPSS
Exploitation of Juniper Networks SRX Series and EX Series Devices
On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices: CVE-2023-36846 Affects the SRX Series A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an...
5.3CVSS
8.4AI Score
0.966EPSS
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book...
5.4CVSS
5.8AI Score
0.001EPSS
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book...
5.4CVSS
5.7AI Score
0.001EPSS
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book...
5.4CVSS
7.5AI Score
0.001EPSS
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book...
5.4CVSS
5.7AI Score
0.001EPSS
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address...
5.3CVSS
5.2AI Score
0.0005EPSS
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address...
5.3CVSS
5.2AI Score
0.0005EPSS
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address...
5.3CVSS
5.2AI Score
0.0005EPSS
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book...
6AI Score
0.001EPSS
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address...
5.5AI Score
0.0005EPSS
Navigating Legacy Infrastructure: A CISO's Actionable Strategy for Success
Every company has some level of tech debt. Unless you're a brand new start-up, you most likely have a patchwork of solutions that have been implemented throughout the years, often under various leadership teams with different priorities and goals. As those technologies age, they can leave your...
6.9AI Score
December’s Reimagining Democracy Workshop
Imagine that we've all--all of us, all of society--landed on some alien planet, and we have to form a government: clean slate. We don't have any legacy systems from the US or any other country. We don't have any special or unique interests to perturb our thinking. How would we govern ourselves?...
6.5AI Score
Chrome will soon start removing extensions that may be unsafe
Retroactive removals are finally on the way for malicious Chrome browser extensions. Beginning with Chrome 117, Chrome will "proactively highlight to users when an extension they have installed is no longer in the Chrome web store". Previously, if you installed an extension which was subsequently.....
6.8AI Score
books-bubbles.com Cross Site Scripting vulnerability OBB-3575578
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
libcaca.so is vulnerable to Illegal Memory Access. The vulnerability exists in common-image.h because the size of the w and h parameters are not properly handled which allows an attacker to access memory and cause an application...
8.8CVSS
6.7AI Score
0.004EPSS
libcaca.so is vulnerable to Denial Of Service (DoS) Through Divide By Zero. The vulnerability exists due to a floating point exception in caca_dither_bitmap function at dither.c which allows an attacker to cause an application...
6.5CVSS
6.7AI Score
0.003EPSS
libcaca.so is vulnerable to Integer Overflow. The vulnerability exists because the function caca_dither in dither.c does not allocate a proper size of memory for the w and h parameters in the BMP loader, causing an integer overflow for 24bpp...
8.1CVSS
7AI Score
0.003EPSS
CVE-2023-39959 Existence of calendars and address books can be checked by unauthenticated users
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for.....
3.5CVSS
6AI Score
0.001EPSS
Some functions in TokenisableRange contracts does not allow user to deadline.
Lines of code https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/TokenisableRange.sol#L200 https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/TokenisableRange.sol#L260...
6.6AI Score
If you ask Alexa, Amazon's voice assistant AI system, whether Amazon is a monopoly, it responds by saying it doesn't know. It doesn't take much to make it lambaste the other tech giants, but it's silent about its own corporate parent's misdeeds. When Alexa responds in this way, it's obvious that...
6.4AI Score
n00b’s guide to DEF CON. Surviving the Matrix of the underground
Ah, DEF CON. The world's largest hacker convention. A beacon for the diverse spectrum of cyber security enthusiasts. From code-cracking challenges to the infamous Wall of Sheep, the event is a hive of activities and opportunities. But before we dive into the world of hackerdom, let's get one thing....
7.2AI Score
Exploit for NULL Pointer Dereference in Linux Linux Kernel
Linux kernel release 4.x http://kernel.org/ These are the...
7.8CVSS
6.4AI Score
0.0004EPSS
Closing vulnerabilities in Decidim, a Ruby-based citizen participation platform
This blog post describes two security vulnerabilities in Decidim, a digital platform for citizen participation. Both vulnerabilities were addressed by the Decidim team with corresponding update releases for the supported versions in May 2023. This blog post is not directly related to election...
7.5CVSS
6.8AI Score
0.001EPSS
Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii...
6.1CVSS
6AI Score
0.001EPSS
Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii...
6.1CVSS
6.1AI Score
0.001EPSS
Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii...
6.1CVSS
6AI Score
0.001EPSS
Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii...
6.2AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)
Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities....
8.8CVSS
8.4AI Score
EPSS
Cisco Nexus 7000 Series Switches Access-Control Filtering Mechanisms Bypass (CVE-2017-3875)
An Access-Control Filtering Mechanisms Bypass vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attacker to bypass defined traffic configured within an access control list (ACL) on the affected system. More...
5.3CVSS
7AI Score
0.001EPSS
books-online.jp Cross Site Scripting vulnerability OBB-3540318
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Indico vulnerable to Cross-Site-Scripting via confirmation prompts
Impact There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least submission privileges (such as a speaker) and then someone else to attempt to delete this content. Considering that event...
5.4CVSS
6.7AI Score
0.001EPSS
Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least submission privileges (such as a speaker) and then someone....
5.4CVSS
6.8AI Score
0.001EPSS
7.1AI Score
7.4AI Score
7.1AI Score
6.8CVSS
6.7AI Score
0.001EPSS
Wisconsin Governor Hacks the Veto Process
In my latest book, A Hacker's Mind, I wrote about hacks as loophole exploiting. This is a great example: The Wisconsin governor used his line-item veto powers--supposedly unique in their specificity--to change a one-year funding increase into a 400-year funding increase. He took this wording: ...
6.9AI Score
"Free" Evil Dead Rise movie scam lurks in Amazon listings
Scammers are using a novel technique with Amazon listings to trick fans of Evil Dead into downloads they may not want, and expensive rolling payments they have no interest in. Evil Dead Rise, the breakout horror film of 2023, started with big cinema numbers and has moved on to a victory lap in...
6.9AI Score
New video provides a behind-the-scenes look at Talos ransomware hunters
Welcome to this week's edition of the Threat Source newsletter. AI-generated art is causing drama across the internet over the past few months, from Marvel TV show opening credits scenes to predatory YouTubers who claim YOU can make millions by having AI tools create children's books for you....
8.8CVSS
6.3AI Score
0.001EPSS
A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin...
5.4CVSS
5.2AI Score
0.001EPSS
Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET...
9.8CVSS
8AI Score
0.002EPSS
books-sanseido.jp Cross Site Scripting vulnerability OBB-3471441
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score