RHEL 7 : firefox (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. firefox: Possible integer overflow to fix inside XML_Parse in Expat (CVE-2016-9063) firefox: arbitrary...
8AI Score
New Attack Against Self-Driving Car AI
This is another attack that convinces the AI to ignore road signs: Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the...
7AI Score
Blind XSS Leading to Froxlor Application Compromise
Description: A Stored Blind Cross-Site Scripting (XSS) vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. Stored Blind XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious.....
5.4AI Score
0.0004EPSS
Blind XSS Leading to Froxlor Application Compromise
Description: A Stored Blind Cross-Site Scripting (XSS) vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. Stored Blind XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious.....
5.4AI Score
0.0004EPSS
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Summary The latest version of lobe-chat(by now v0.141.2) has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/settings/agent ...
6.7AI Score
0.0004EPSS
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Summary The latest version of lobe-chat(by now v0.141.2) has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/settings/agent ...
6.9AI Score
0.0004EPSS
Important: gimp security update
The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fix(es): gimp: dds...
7.2AI Score
0.0005EPSS
Moderate: skopeo security and bug fix update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es): golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain...
5.2AI Score
0.0004EPSS
Moderate: podman security and bug fix update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in...
6.7AI Score
0.0005EPSS
An update is available for gimp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The GIMP (GNU Image Manipulation Program) is an image composition and editing...
7.8AI Score
0.0005EPSS
podman security and bug fix update
An update is available for podman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of....
7.2AI Score
0.0005EPSS
skopeo security and bug fix update
An update is available for skopeo. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The skopeo command lets you inspect images from container image registries,...
7.4AI Score
0.0004EPSS
An update is available for buildah. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The buildah package provides a tool for facilitating building OCI container.....
7.3AI Score
0.0004EPSS
Moderate: buildah bug fix update
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...
5.6AI Score
0.0004EPSS
Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Putty
CVE-2024-31497 POC This vulnerability exploits the biased...
5.6AI Score
0.002EPSS
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content Ticker', 'Woo Product Gallery', & 'Twitter Feed' widgets...
5.7AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d53c30c1-0d7b-11ef-ba02-6cc21735f730 advisory. Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table ownermore details ...
7.3AI Score
RHCOS 4 : OpenShift Container Platform 4.15.12 (RHSA-2024:2669)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2669 advisory. A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host...
7.6AI Score
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-1565)
The remote host is missing an update for the Huawei...
7.5AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1585)
The remote host is missing an update for the Huawei...
7.9AI Score
0.02EPSS
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-1587)
The remote host is missing an update for the Huawei...
7.5AI Score
0.001EPSS
RHCOS 4 : OpenShift Container Platform 4.14.24 (RHSA-2024:2672)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2672 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...
7.6AI Score
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1563)
The remote host is missing an update for the Huawei...
7.9AI Score
0.02EPSS
The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hover Effects Widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it.....
5.8AI Score
0.0004EPSS
The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data_atts’ parameter in versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.7AI Score
0.001EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to insufficient input.....
5.7AI Score
0.0004EPSS
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
5.7AI Score
0.0004EPSS
Issue Overview: FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in freerdp_bitmap_planar_context_reset leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy...
7.6AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 162 vulnerabilities disclosed in 143...
9.6AI Score
0.001EPSS
1Panel arbitrary file write vulnerability
Summary There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol > to achieve arbitrary file writing PoC Dockerfile ``` FROM bash:latest.....
7.7AI Score
0.0004EPSS
1Panel arbitrary file write vulnerability
Summary There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol > to achieve arbitrary file writing PoC Dockerfile ``` FROM bash:latest.....
7.7AI Score
0.0004EPSS
CVE-2024-3727 Containers/image: digest type does not guarantee valid type
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other...
7.8AI Score
0.0004EPSS
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other...
6.7AI Score
0.0004EPSS
(RHSA-2024:2668) Important: OpenShift Container Platform 4.14.24 bug fix and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.14.24. See the following advisory for the RPM...
7.2AI Score
0.01EPSS
Rockwell Automation FactoryTalk Historian SE
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Historian SE Vulnerabilities: Missing Release of Resource after Effective Lifetime, Improper Check or Handling of Exceptional Conditions 2. RISK...
7.3AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iePlexus Featured Content Gallery allows Stored XSS.This issue affects Featured Content Gallery: from n/a through...
5.7AI Score
0.0004EPSS
KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently,...
8.3AI Score
0.0004EPSS
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM CICS TX Advanced. The version of IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced has been updated to address the applicable issues. Vulnerability...
7.1AI Score
0.0004EPSS
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM CICS TX Standard. The version of IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard has been updated to address the applicable issues. Vulnerability...
7.1AI Score
0.0004EPSS
CVE-2023-5971 Save as PDF < 3.2.0 - Admin+ Stored XSS
The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.4AI Score
0.0004EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within....
7.8CVSS
7.3AI Score
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ee6936da-0ddd-11ef-9c21-901b0e9408dc advisory. Tailscale team reports: In Tailscale versions earlier than 1.66.0, exit nodes, subnet...
7.1AI Score
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1592)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we...
8.3AI Score
7.4AI Score
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1563)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...
8.1AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within....
7.8CVSS
7.3AI Score
FreeBSD : Gitlab -- vulnerabilities (fbc2c629-0dc5-11ef-9850-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fbc2c629-0dc5-11ef-9850-001b217b3468 advisory. Gitlab reports: ReDoS in branch search when using wildcards ReDoS in markdown render pipeline...
5.8AI Score
Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to...
5.9AI Score
0.0004EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within....
7.8CVSS
7.2AI Score
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within....
7.8CVSS
7.2AI Score