Media Library Folder & File Manager Security Vulnerabilities
Searchor CLI's Search vulnerable to Arbitrary Code using Eval
An issue in Arjun Sharda's Searchor before version v.2.4.2 allows an attacker to execute arbitrary code via a crafted script to the eval() function in Searchor's src/searchor/main.py file, affecting the search feature in Searchor's CLI (Command Line Interface). Impact Versions equal...
7.6 AI Score
snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact
Summary snappy-java is a data compression library in Java. Its SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too-large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. Scope All...
7.5 CVSS
6.8 AI Score
0.001 EPSS
snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact
Summary snappy-java is a data compression library in Java. Its SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too-large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. Scope All...
6.8 AI Score
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`
Impact yt-dlp allows the user to provide shell commands to be executed at various stages in its download process through the --exec flag. This flag allows output template expansion in its argument, so that video metadata values may be used in the shell commands. The metadata fields can be combined....
7.9 AI Score
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`
Impact yt-dlp allows the user to provide shell commands to be executed at various stages in its download process through the --exec flag. This flag allows output template expansion in its argument, so that video metadata values may be used in the shell commands. The metadata fields can be combined....
7.9 AI Score
A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this...
8.8 CVSS
7.4 AI Score
A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this...
8.1 AI Score
The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code...
7.7 AI Score
A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this...
7.4 AI Score
An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this...
7.8 AI Score
An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this...
9.8 CVSS
7 AI Score
An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this...
9.8 CVSS
7 AI Score
A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this...
8.8 CVSS
8.1 AI Score
A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver file to trigger this...
7.8 AI Score
Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance...
7.1 AI Score
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application...
7 AI Score
7.1 AI Score
Security Bulletin: IBM Events Operator is affected by an openssl vulnerability
Summary Openssl is used by IBM Events Operator as part of the Operating System (CVE-2022-4304). This is a library that provides secure communication. Vulnerability Details CVEID: CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a...
5.9 CVSS
6.8 AI Score
0.001 EPSS
Security Bulletin: IBM Event Streams is affected by multiple openssl vulnerabilities
Summary Openssl is used by IBM Event Streams as part of the Operating System (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286). This is a library that provides secure communication. Vulnerability Details CVEID: CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...
7.5 CVSS
6.2 AI Score
0.002 EPSS
Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be...
7.5 CVSS
7.6 AI Score
Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals
Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. "Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military,...
7.2 AI Score
Webinar — AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks
Generative AI is a double-edged sword, if there ever was one. There is broad agreement that tools like ChatGPT are unleashing waves of productivity across the business, from IT, to customer experience, to engineering. That's on the one hand. On the other end of this fencing match: risk. From ...
6.8 AI Score
From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese
Tibetan, Uyghur, and Taiwanese individuals and organizations are the targets of a persistent campaign orchestrated by a threat actor codenamed EvilBamboo to gather sensitive information. "The attacker has created fake Tibetan websites, along with social media profiles, likely used to deploy...
6.7 AI Score
Exploit for Out-of-bounds Write in Google Chrome
CVE-2023-4863 ```bash # checkout webp git clone...
8.8 CVSS
8.7 AI Score
0.319 EPSS
The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and...
9.1 CVSS
7 AI Score
Summary The Bouncy Castle Crypto Package For Java is used by IBM Application Performance Management. The vulnerabilities below have been addressed. Vulnerability Details CVEID: CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java (bc-java) could allow a remote attacker to obtain....
9.8 CVSS
8.5 AI Score
0.009 EPSS
Summary Apache Commons FileUpload is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID: CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by...
9.8 CVSS
8.4 AI Score
0.158 EPSS
Summary Apache Log4j is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID: CVE-2020-9488 DESCRIPTION: Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation...
10 CVSS
8.7 AI Score
0.976 EPSS
Summary Apache POI is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID: CVE-2017-12626 DESCRIPTION: Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF,...
7.5 CVSS
8.2 AI Score
0.024 EPSS
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application...
7.5 CVSS
6.8 AI Score
0.000 EPSS
New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously on the same victims'...
8.4 AI Score
Sandman APT Strikes the Telecom Sector with the LuaDream Backdoor
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Sandman APT, an espionage group of unknown origins that surfaced mysteriously in August, is orchestrating a sophisticated campaign aimed squarely at telecommunications providers spanning the Middle East,...
6.9 AI Score
Critical Security Vulnerabilities Uncovered in Nagios XI
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Several security vulnerabilities have been identified in Nagios XI, a network monitoring software, which could potentially lead to privilege escalation and information disclosure. These...
8.8 CVSS
7 AI Score
0.001 EPSS
UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to 20151231. This affects an unknown part of the file /Tool/querysql.php. The manipulation leads to sql injection. It is possible to initiate the attack...
6.5 CVSS
8.2 AI Score
0.000 EPSS
UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. This vulnerability affects unknown code of the file /sysmanage/changelogo.php. The manipulation of the argument file_upload leads to unrestricted...
8.8 CVSS
7.5 AI Score
0.000 EPSS
UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. It....
8.8 CVSS
7.4 AI Score
0.000 EPSS
UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical was found in D-Link DAR-8000 up to 20151231. Affected by this vulnerability is an unknown functionality of the file /autheditpwd.php. The manipulation of the argument hid_id leads to sql injection. The...
8.8 CVSS
8.3 AI Score
0.000 EPSS
UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, has been found in D-Link DAR-8000 up to 20151231. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation of the argument sql leads to sql...
6.5 CVSS
8.1 AI Score
0.000 EPSS
UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted...
8.8 CVSS
7.3 AI Score
0.000 EPSS
UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been classified as critical. This affects an unknown part of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. It....
8.8 CVSS
7.3 AI Score
0.000 EPSS
UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to...
8.8 CVSS
7.5 AI Score
0.000 EPSS
UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to...
7.3 AI Score
0.000 EPSS
UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads....
7.3 AI Score
0.000 EPSS
Accusoft ImageGear pictwread heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1760 Accusoft ImageGear pictwread heap-based buffer overflow vulnerability September 25, 2023 CVE Number CVE-2023-35002 SUMMARY A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted...
7.7 AI Score
Accusoft ImageGear tif_processing_dng_channel_count stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1742 Accusoft ImageGear tif_processing_dng_channel_count stack-based buffer overflow vulnerability September 25, 2023 CVE Number CVE-2023-28393 SUMMARY A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of...
7.2 AI Score
Accusoft ImageGear tiff_planar_adobe out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1750 Accusoft ImageGear tiff_planar_adobe out-of-bounds write vulnerability September 25, 2023 CVE Number CVE-2023-32284 SUMMARY An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted...
7.2 AI Score
Accusoft ImageGear CreateDIBfromPict out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1729 Accusoft ImageGear CreateDIBfromPict out-of-bounds write vulnerability September 25, 2023 CVE Number CVE-2023-23567 SUMMARY A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially...
8 AI Score
Accusoft ImageGear dcm_pixel_data_decode out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1802 Accusoft ImageGear dcm_pixel_data_decode out-of-bounds write vulnerability September 25, 2023 CVE Number CVE-2023-32653 SUMMARY An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially...
7.3 AI Score
Accusoft ImageGear tif_parse_sub_IFD use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1830 Accusoft ImageGear tif_parse_sub_IFD use-after-free vulnerability September 25, 2023 CVE Number CVE-2023-39453 SUMMARY A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed...
7 AI Score
Accusoft ImageGear create_png_object heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1749 Accusoft ImageGear create_png_object heap-based buffer overflow vulnerability September 25, 2023 CVE Number CVE-2023-32614 SUMMARY A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A...
7 AI Score