Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Packages webkit2gtk - Web content engine library for GTK+ Details Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could...
6.9AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages amavisd-new - Interface between MTA and virus scanner/content filters Details It was discovered that amavisd-new incorrectly handled certain MIME email messages with multiple boundary parameters. A remote...
7.2AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages libreoffice - Office productivity suite Details Amel Bouziane-Leblond discovered that LibreOffice incorrectly handled graphic on-click bindings. If a user were tricked into clicking a graphic in a specially...
7AI Score
0.0004EPSS
Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product...
7.3AI Score
Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the...
6.7AI Score
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
6.9AI Score
Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...
7.1AI Score
Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...
5.3CVSS
7.4AI Score
CVE-2024-35238 Denial of service of Minder Server from maliciously crafted GitHub attestations
Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...
7.1AI Score
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
6.8AI Score
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
8.3CVSS
7.1AI Score
CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
6.9AI Score
Exploit for Deserialization of Untrusted Data in Vmware Spring For Apache Kafka
CVE-2023-34040 Spring Kafka Deserialization Remote Code...
7.8AI Score
0.0004EPSS
7.9AI Score
Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...
6.4AI Score
SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts
SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for...
7.4AI Score
6.8AI Score
0.0004EPSS
A flaw was found in the libarchive library. A heap-based buffer overflow in the execute_filter_e8 function in the libarchive/archive_read_support_format_rar.c file can be triggered when a specially crafted RAR archive is processed, causing a crash to the application linked to the library, and...
6.6AI Score
0.001EPSS
Threat landscape for industrial automation systems, Q1 2024
Global statistics Statistics across all threats In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of...
7.5AI Score
A week in security (May 20 – May 26)
Last week on Malwarebytes Labs: How AI will change your credit card behind the scenes Criminal record database of millions of Americans dumped online Microsoft AI "Recall" feature records everything, secures far less How to remove a user from a shared Android device How to remove a user from a...
7.3AI Score
6.5AI Score
Cross-site scripting vulnerability exists in WP Booking versions prior to 2.4.5. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the...
6.8AI Score
0.0004EPSS
Cross-site scripting vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the...
6.9AI Score
0.0004EPSS
Cross-site scripting vulnerability exists in WP Booking versions prior to 2.4.5. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the...
6.7AI Score
0.0004EPSS
Cross-site scripting vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the...
6.6AI Score
0.0004EPSS
K000139793: MacOS vulnerability CVE-2023-41993
Security Advisory Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7....
7.1AI Score
0.001EPSS
7.5AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation of the argument file leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
3.5CVSS
6.5AI Score
CVE-2024-5383 lakernote EasyAdmin upload cross site scripting
A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation of the argument file leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
6.5AI Score
CVE-2024-4443-Poc CVE-2024-4443 Business Directory Plugin –...
7.9AI Score
0.001EPSS
7.9AI Score
0.004EPSS
6.5AI Score
0.001EPSS
[SECURITY] [DLA 3821-1] libreoffice security update
Debian LTS Advisory DLA-3821-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 26, 2024 https://wiki.debian.org/LTS Package : libreoffice Version : 1:6.1.5-3+deb10u12 CVE...
6.5AI Score
[SECURITY] Fedora 40 Update: rust-zram-generator-1.1.2-11.fc40
This is a systemd unit generator that enables swap on zram. (With zram, there is no physical swap device. Part of the available RAM is used to store compressed pages, essentially trading CPU cycles for memor y.) To activate, install zram-generator-defaults...
7AI Score
[SECURITY] Fedora 40 Update: rust-varlink_generator-10.1.0-6.fc40
Rust code generator for the varlink...
7.6AI Score
[SECURITY] Fedora 40 Update: rust-names-0.14.0-2.fc40
A random name generator with names suitable for use in container instances, project names, application instances,...
7.3AI Score
[SECURITY] Fedora 40 Update: rust-cargo-readme-3.3.1-3.fc40
A cargo subcommand to generate README.md content from doc...
7.2AI Score
[SECURITY] Fedora 40 Update: rust-bitvec_helpers-3.1.4-1.fc40
BitVec based bitstream reader and...
7.3AI Score
[SECURITY] Fedora 40 Update: loupe-46.2-2.fc40
An image viewer application written with GTK 4, Libadwaita and Rust. Features: - Fast GPU accelerated image rendering with tiled rendering for SVGs - Extendable and sandboxed (expect SVG) image decoding - Support for more than 15 image formats by default - Extensive support for touchpad and...
7.4AI Score
7.3AI Score
[SECURITY] Fedora 40 Update: buildah-1.35.4-1.fc40
The buildah package provides a command line tool which can be used to * create a working container from scratch or * create a working container from an image as a starting point * mount/umount a working container's root file system for manipulation * save container's root file system layer to...
7AI Score
0.0004EPSS
Debian dla-3821 : fonts-opensymbol - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3821 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3821-1 [email protected] ...
7.1AI Score
DedeCMS 5.7.87 - Directory Traversal
Directory traversal vulnerability in DedeCMS 5.7.87 allows reading sensitive files via the $activepath...
7AI Score
0.001EPSS
JA4+ - Suite Of Network Fingerprinting Standards
JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....
7AI Score
[SECURITY] [DLA 3819-1] fossil security update
Debian LTS Advisory DLA-3819-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 25, 2024 https://wiki.debian.org/LTS Package : fossil Version : 1:2.8-1+deb10u1 CVE ID :...
6.5AI Score
[SECURITY] [DLA 3818-1] apache2 security update
Debian LTS Advisory DLA-3818-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 24, 2024 https://wiki.debian.org/LTS Package : apache2 Version : 2.4.59-1~deb10u1 CVE ID :...
5.3CVSS
7.9AI Score