XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT
With its widespread use among businesses and individual users, ChatGPT is a prime target for attackers looking to access sensitive information. In this blog post, I'll walk you through my discovery of two cross-site scripting (XSS) vulnerabilities in ChatGPT and a few other vulnerabilities. When...
6.3AI Score
Joomla! < 4.2.8 - Unauthenticated Information Disclosure...
5.3CVSS
6.9AI Score
0.932EPSS
Debian dla-3735 : golang-github-opencontainers-runc-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3735 advisory. runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization...
6.5AI Score
Exploit for Vulnerability in Microsoft
CVE-2024-21413 This Python script is used to abuse the...
9.8CVSS
9.8AI Score
0.009EPSS
9.8CVSS
7AI Score
0.913EPSS
SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2024:0485-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0485-1 advisory. jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. (CVE-2023-31582) Note that Nessus has not tested for these...
7.4AI Score
Hacking Microsoft and Wix with Keyboard Shortcuts
Browser vendors continuously tweak and refine browser functionalities to improve security. Implementing same-site cookies is a prime example of vendors’ efforts to mitigate Cross-Site Request Forgery (CSRF) attacks. However, not all security measures are foolproof. In their quest to combat...
6.6AI Score
TinyTurla Next Generation - Turla APT spies on Polish NGOs
Cisco Talos has identified a new backdoor authored and operated by the Turla APT group, a Russian cyber espionage threat group. This new backdoor we're calling "TinyTurla-NG" (TTNG) is similar to Turla's previously disclosed implant, TinyTurla, in coding style and functionality implementation....
8.3AI Score
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.9AI Score
0.034EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.7AI Score
0.022EPSS
Fedora 38 : xen (2024-4b2cf8c375)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4b2cf8c375 advisory. Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to...
5AI Score
9.8CVSS
9.6AI Score
0.913EPSS
Fedora 39 : xen (2024-e527e6fd08)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e527e6fd08 advisory. Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to...
5AI Score
9.8CVSS
7.4AI Score
0.879EPSS
Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue...
3.1CVSS
6.8AI Score
0.0004EPSS
Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue...
3.1CVSS
7.4AI Score
0.0004EPSS
Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue...
3.1CVSS
7.1AI Score
0.0004EPSS
Destroying OAuth Applications doesn't notify Streaming of Access Tokens being destroyed in mastodon
Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue...
6.9AI Score
0.0004EPSS
Update 23.4 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 2 (Application Build 23.4.15715, Platform Build 23.0.15712) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes a vulnerability. For...
8CVSS
7.9AI Score
0.002EPSS
Update Rollup 70 for Azure Site Recovery -KB5034599
Update Rollup 70 for Azure Site Recovery -KB5034599 Important: 9.58 version for mobility agent and configuration server was made live for Classic VMware/Physical to Azure scenario, during the 9.57 deployment. This version has not been released for any other scenario. The download links have been...
9.3CVSS
9AI Score
0.001EPSS
Cumulative Update 14 for Exchange Server 2019 (KB5035606)
Cumulative Update 14 for Exchange Server 2019 (KB5035606) Important: This regularly scheduled cumulative update contains all the security fixes of the security updates in February and previous security updates. Cumulative Update 14 for Microsoft Exchange Server 2019 was released on February 13,...
9.8CVSS
10AI Score
0.087EPSS
Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
8AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer...
9.8CVSS
7.4AI Score
0.001EPSS
Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS
Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
5.1AI Score
0.0004EPSS
Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS
Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
5.7AI Score
0.0004EPSS
Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
7.9AI Score
0.0004EPSS
Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This...
9.9CVSS
6.8AI Score
0.0004EPSS
Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This...
9.9CVSS
6.8AI Score
0.0004EPSS
Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This...
9.9CVSS
6.8AI Score
0.0004EPSS
Insufficient authorization allowing elevated access to resources in pixelfed
Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This...
6.5AI Score
0.0004EPSS
The architecture of SAST tools: An explainer for developers
In today's age of shifting left--an approach to coding that integrates security checks earlier into the software development lifecycle (SDLC)--developers are expected to be proficient at using security tools. This additional responsibility can be overwhelming for developers who don't specialize in....
8.1CVSS
8.2AI Score
0.001EPSS
The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9AI Score
0.0004EPSS
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.8AI Score
0.0004EPSS
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.8AI Score
0.0004EPSS
The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
6AI Score
0.0004EPSS
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.8AI Score
0.0004EPSS
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.8AI Score
0.0004EPSS
Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting in New Chart
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting
The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Summary When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of...
9.9CVSS
9.2AI Score
0.0004EPSS
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Summary When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of...
9.9CVSS
9.2AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.533.3] - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185208] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143229] - sched/rt:...
9.8CVSS
10AI Score
0.001EPSS
Insert PHP Code Snippet < 1.3.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.4CVSS
5.4AI Score
0.0004EPSS
7.4AI Score
A flaw was found in Apache Solr. The /admin/info/properties endpoint, which publishes the Solr process' Java system properties, is only setup to hide system properties that have "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and...
7.5CVSS
6.9AI Score
0.001EPSS
Metasploit Weekly Wrap-Up 02/09/2024
Go go gadget Fortra GoAnywhere MFT Module This Metasploit release contains a module for one of 2024's hottest vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in Fortra GoAnywhere MFT allows for unauthenticated attackers to access the InitialAccountSetup.xhtml endpoint...
9.8CVSS
8.6AI Score
0.539EPSS
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...
7.5CVSS
7.1AI Score
0.001EPSS
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original...
7.5CVSS
6.9AI Score
0.001EPSS
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original...
7.5CVSS
6.9AI Score
0.001EPSS