In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data.....
7.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() The gtp_net_ops pernet operations structure for the subsystem must be registered before registering the generic netlink family. Syzkaller hit 'general protection...
7.6AI Score
0.0004EPSS
Oracle Linux 8 : curl (ELSA-2024-1601)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1601 advisory. This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl...
6.5CVSS
6.4AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix disable_managed_interrupts Correct blk-mq registration issue with module parameter disable_managed_interrupts enabled. When we turn off the default PCI_IRQ_AFFINITY flag, the driver needs to register with...
7.7AI Score
0.0004EPSS
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...
8.4AI Score
0.052EPSS
schuh-haus24.de Cross Site Scripting vulnerability OBB-3896097
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Harnessing the Power of CTEM for Cloud Security
Cloud solutions are more mainstream – and therefore more exposed – than ever before. In 2023 alone, a staggering 82% of data breaches were against public, private, or hybrid cloud environments. What's more, nearly 40% of breaches spanned multiple cloud environments. The average cost of a cloud...
7.2AI Score
tabellenstand-u9.de Cross Site Scripting vulnerability OBB-3895730
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
cremas-para-la-piel.es Cross Site Scripting vulnerability OBB-3895587
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung...
7.2AI Score
0.0004EPSS
Google to Delete Billions of Browsing Records in 'Incognito Mode' Privacy Lawsuit Settlement
Google has agreed to purge billions of data records reflecting users' browsing activities to settle a class action lawsuit that claimed the search giant tracked them without their knowledge or consent in its Chrome browser. The class action, filed in 2020, alleged the company misled users by...
6.8AI Score
CVE-2024-26656 drm/amdgpu: fix use-after-free bug
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung...
7.5AI Score
0.0004EPSS
NagiosXI <= 5.4.12 menuaccess.php - SQL injection
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1...
7.2CVSS
7.6AI Score
0.037EPSS
Exploit for Embedded Malicious Code in Tukaani Xz
revisaxzutils Script en bash para revisar si tienes...
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung...
7.3AI Score
0.0004EPSS
7.4AI Score
CentOS 8 : curl (CESA-2024:1601)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:1601 advisory. An information disclosure vulnerability exists in...
6.5CVSS
8.2AI Score
0.001EPSS
Tukaani Project XZ Utils Backdoor (Feb/Mar 2024)
The XZ Utils of the Tukaani Project have been backdoored by an unknown threat actor in February and March...
10CVSS
9.8AI Score
0.133EPSS
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
Summary Piccolo's admin panel provides the ability to upload media files and view them within the admin panel. If SVG is an allowed file type for upload; the default; an attacker can upload an SVG which when loaded under certain contexts allows for arbitrary access to the admin page. This access...
7.7CVSS
6.1AI Score
0.0004EPSS
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
Summary Piccolo's admin panel provides the ability to upload media files and view them within the admin panel. If SVG is an allowed file type for upload; the default; an attacker can upload an SVG which when loaded under certain contexts allows for arbitrary access to the admin page. This access...
7.7CVSS
6.1AI Score
0.0004EPSS
clubfashion24.de Cross Site Scripting vulnerability OBB-3891468
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
koka36.de Cross Site Scripting vulnerability OBB-3891238
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
9.8CVSS
7.4AI Score
0.001EPSS
Technicolor TC8715D Cross-Site Scripting Vulnerability
The Technicolor TC8715D is a wireless router from the French company Technicolor. Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T suffers from a cross-site scripting vulnerability that can be exploited by an attacker to obtain sensitive information such as user...
5.9AI Score
0.0004EPSS
BioTime Directory Traversal / Remote Code Execution Exploit
BioTime versions 8.5.5 and 9.0.1 suffer from directory traversal and file write vulnerabilities. This exploit also achieves remote code execution on version...
9.8CVSS
8.4AI Score
0.001EPSS
7.4AI Score
7.5CVSS
7.7AI Score
0.0004EPSS
9.1CVSS
8.4AI Score
0.0004EPSS
7.5CVSS
7.7AI Score
0.0004EPSS
linkd2.de Cross Site Scripting vulnerability OBB-3890992
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
casa-de-citas.com Cross Site Scripting vulnerability OBB-3890906
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
JupyterHub is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to the mishandling of cookies on malicious subdomains, which allows an attacker to achieve unauthorized access and control over a user's session and potentially gain full access to the JupyterHub API or the user's...
8.1CVSS
6.5AI Score
0.0004EPSS
lak24.de Cross Site Scripting vulnerability OBB-3890726
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers
The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. PyPI said "new project creation and new user registration" was temporarily halted to mitigate what it said was a....
7.3AI Score
skat1x1.de Cross Site Scripting vulnerability OBB-3890622
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Oracle Linux 8 : libreoffice (ELSA-2024-1514)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1514 advisory. Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In...
8.8CVSS
9.3AI Score
0.001EPSS
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
Impact Affected configurations: Single-origin JupyterHub deployments JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. By tricking a user into visiting a malicious subdomain, the attacker can achieve an...
8.1CVSS
6AI Score
0.0004EPSS
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
Impact Affected configurations: Single-origin JupyterHub deployments JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. By tricking a user into visiting a malicious subdomain, the attacker can achieve an...
8.1CVSS
6AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 18, 2024 to March 24, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 94 vulnerabilities disclosed in 81 WordPress.....
9.9CVSS
9.4AI Score
0.001EPSS
katex is vulnerable to a Denial of Service (DoS) attack. The vulnerability is due to the inadequate handling of untrusted mathematical expressions containing \def or \newcommand, which leads to a near-infinite loop despite efforts to mitigate it with mechanisms like...
6.5CVSS
6.7AI Score
0.0004EPSS
antikbuch24.de Cross Site Scripting vulnerability OBB-3889708
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
koka36.de Cross Site Scripting vulnerability OBB-3889220
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
libreoffice security fix update
[6.4.7.2-16.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:6.4.7.2-16] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target...
8.8CVSS
6.6AI Score
0.001EPSS
Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities
Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product (CVE-2023-42017). This vulnerability has been addressed. IBM Planning...
9.8CVSS
10AI Score
EPSS
GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims...
6.1CVSS
6.4AI Score
0.0004EPSS
GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims...
6.1CVSS
6.5AI Score
0.0004EPSS
GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims...
6.1CVSS
6.1AI Score
0.0004EPSS
CVE-2024-27091 GeoNode stored XSS to full account takeover
GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims...
6.1CVSS
6.5AI Score
0.0004EPSS