CrushFTP Remote Code Execution Exploit
This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session...
8.8AI Score
0.964EPSS
Exploit for Command Injection in Paloaltonetworks Pan-Os
Vulnerabilidad CVE-2024-3400 Descripción La...
9.8AI Score
0.954EPSS
moutarde-de-meaux.com Cross Site Scripting vulnerability OBB-3917843
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack
Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company's Unit 42 division is tracking the activity under the name Operation...
10CVSS
9.9AI Score
0.0004EPSS
Debian dsa-5658 : affs-modules-6.1.0-11-4kc-malta-di - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5658 advisory. A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in...
7.6AI Score
7.4AI Score
Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2013-2115, CVE-2013-4316, CVE-2014-0112, CVE-2014-0113, CVE-2015-5209, CVE-2016-3082, CVE-2016-4436, CVE-2017-12611, CVE-2019-0230, CVE-2019-0233, CVE-2020-17530, CVE-2021-31805,...
9.8AI Score
0.974EPSS
QIDs/CVEs When it comes to cybersecurity, speed is key in getting an edge over attackers. But when you consider that vulnerabilities weaponize 24 days faster than then they are remediated on average, cybersecurity stakeholders have a lot of catching up to do. While there are many ways defenders...
7AI Score
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...
10AI Score
0.051EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
9.9AI Score
0.007EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through...
4.3CVSS
7.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through...
6.7AI Score
0.0004EPSS
GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload
...
7.4AI Score
Apache Superset < 2.1.0 Hardcoded Secret Key
Apache Superset versions prior to 2.1.0 uses a default secret to sign cookies. An unauthenticated attacker can use this default value to forge a cookie and authenticate himself as...
7.3AI Score
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2023-34967 DESCRIPTION: **Samba is vulnerable to a denial of service, caused.....
10AI Score
0.962EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...
9.9CVSS
9.8AI Score
0.005EPSS
chains24.de Cross Site Scripting vulnerability OBB-3917217
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
sportstudio-v8.de Cross Site Scripting vulnerability OBB-3916061
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
jahrestreffen21.de Cross Site Scripting vulnerability OBB-3915887
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
de-haardt.com Cross Site Scripting vulnerability OBB-3915788
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Backdoor in XZ Utils That Almost Happened
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention--but it should. There’s an important moral to the story of the attack and its discovery: The...
7.6AI Score
izodom2000.de Cross Site Scripting vulnerability OBB-3915546
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
gmds-tmf-2021.de Cross Site Scripting vulnerability OBB-3915519
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
bikersfashion24.de Cross Site Scripting vulnerability OBB-3915445
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
au-paradis-de-romain.site Cross Site Scripting vulnerability OBB-3914791
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability
Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. "An Improper Control of Generation of Code...
9.6CVSS
8.8AI Score
0.0004EPSS
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution Exploit
GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command...
7.7AI Score
Juniper Junos OS Multiple Vulnerabilities (JSA79108)
The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA79108 advisory. This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow...
9.3AI Score
8.8AI Score
0.001EPSS
FreeBSD : wordpress -- XSS (ea4a2dfc-f761-11ee-af2c-589cfc0f81b0)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ea4a2dfc-f761-11ee-af2c-589cfc0f81b0 advisory. The Wordpress team reports: A cross-site scripting (XSS) vulnerability affecting the Avatar block...
6AI Score
7.4AI Score
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...
7AI Score
0.0004EPSS
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a....
4.9AI Score
0.0004EPSS
A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a...
6.8AI Score
0.0004EPSS
Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems......
6.6AI Score
0.001EPSS
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the /completions endpoint. The vulnerability arises from the hf_chat_template method processing the chat_template parameter from the tokenizer_config.json file through the Jinja template engine without proper sanitization......
7.8AI Score
0.0004EPSS
le-pain-de-sucre.com Cross Site Scripting vulnerability OBB-3913876
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
7.2CVSS
6.3AI Score
0.0004EPSS
The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
5.8AI Score
0.0004EPSS
jardin-exotique-de-saint-renan.com Cross Site Scripting vulnerability OBB-3911461
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
unnuetzeswissen24.de Cross Site Scripting vulnerability OBB-3911392
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Ubuntu 14.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6701-4)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6701-4 advisory. A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This...
8.3AI Score
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1640 advisory. golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) GitPython: Blind...
7.5AI Score
The Wordpress team reports: A cross-site scripting (XSS) vulnerability affecting the Avatar block...
6.1AI Score
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6724-1)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6724-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any...
7.1AI Score
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6725-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6725-1 advisory. An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and...
7.8AI Score
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6726-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part...
7.9AI Score
Customily Product Personalizer <= 1.23.3 - Unauthenticated Stored Cross-Site Scripting
Description The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject.....
6AI Score
0.0004EPSS
Linux kernel on Intel systems is susceptible to Spectre v2 attacks
Overview A new cross-privilege Spectre v2 vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v2 branch history injection (BHI) are likely affected. An unauthenticated.....
7.4AI Score
0.0005EPSS
CVE-2024-31224 GPT Academic: Pickle deserializing cookies may pose RCE risk
GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the...
7.7AI Score
0.0004EPSS