The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...
6.4AI Score
0.0004EPSS
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...
6.8AI Score
0.0004EPSS
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...
6.6AI Score
0.0004EPSS
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...
6.6AI Score
0.0004EPSS
CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...
0.0004EPSS
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...
6.7AI Score
0.0004EPSS
CVE-2024-4032 Incorrect IPv4 and IPv6 private ranges
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...
0.0004EPSS
Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities.
Summary IBM DevOps Release 7.0.0.2 addresses multiple vulnerabilities. Vulnerability Details ** CVEID: CVE-2014-3643 DESCRIPTION: **Jersey could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by jersey SAX parser. By...
9.8CVSS
9.7AI Score
0.794EPSS
ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models
ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have...
9.8CVSS
9.3AI Score
0.001EPSS
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions....
3.5CVSS
3.8AI Score
0.0004EPSS
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions....
3.5CVSS
3.5AI Score
0.0004EPSS
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions....
3.5CVSS
0.0004EPSS
CVE-2024-37158 Evmos is missing precompile checks
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions....
3.5CVSS
0.0004EPSS
CVE-2024-37158 Evmos is missing precompile checks
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions....
3.5CVSS
6.7AI Score
0.0004EPSS
Microsoft Recall delayed after privacy and security concerns
Microsoft has announced it will postpone the broadly available preview of the heavily discussed Recall feature for Copilot+ PCs. Copilot+ PCs are personal computers that come equipped with several artificial intelligence (AI) features. The Recall feature tracks anything from web browsing to voice.....
6.7AI Score
Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration...
6.6AI Score
0.0004EPSS
Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode...
0.0004EPSS
Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration...
0.0004EPSS
Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode...
7AI Score
0.0004EPSS
Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode...
0.0004EPSS
Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration...
0.0004EPSS
Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration...
6.8AI Score
0.0004EPSS
Malicious code in importlib-metadate (PyPI)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (540e9c9d054904f5342d684bd5cabf212fdbe7e4d20bac7407c937a6b8264cab) The OpenSSF Package Analysis project identified 'importlib-metadate' @ 99.99 (pypi) as malicious. It is considered malicious because: The package...
7.4AI Score
Summary IBM App Connect for Manufacturing is vulnerable to a denial of service and a remote authenticated attacker accessing sensitive information. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-30171 DESCRIPTION: **The Bouncy...
7.6AI Score
EPSS
Malicious code in nt4padyp3 (PyPI)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (6999b5e1cf4a39c5ee73a61b953c0592465267806362b2485d61f8372242370d) The OpenSSF Package Analysis project identified 'nt4padyp3' @ 0.0.2 (pypi) as malicious. It is considered malicious because: The package executes...
7.4AI Score
Summary IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna. This bulletin identifies the steps required to address these vulnerabilities Vulnerability Details ** CVEID: CVE-2023-6004 DESCRIPTION: **libssh could allow a local...
5.9CVSS
8.6AI Score
EPSS
China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices
A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal...
7.9AI Score
PDF.js Vulnerability Demo Project This project is intended to...
7.2AI Score
What is DevSecOps and Why is it Essential for Secure Software Delivery?
Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle (either right before or after a service is deployed), the ensuing process of compiling and fixing vulnerabilities creates massive.....
7.4AI Score
Using LLMs to Exploit Vulnerabilities
Interesting research: "Teams of LLM Agents can Exploit Zero-Day Vulnerabilities." Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the...
7.3AI Score
TYPO3 is vulnerable to Insecure Credential Storage. The vulnerability is due to the backend form reloading when creating new backend user accounts, potentially persisting records with insecure or empty...
7AI Score
silverstripe/framework is vulnerable to Privilege Escalation. The vulnerability is due to the CMS Fields for members being constructed using DirectGroups instead of Groups relation. The vulnerability allows attacker with EDIT_PERMISSIONS and access to the "Security" section to escalate their...
7.3AI Score
Software: man-db 2.7.6.1 OS: ROSA Virtualization 2.1 package_evr_string: man-db-2.7.6.1 CVE-ID: CVE-2018-25078 BDU-ID: None CVE-Crit: N/A CVE-DESC.: man-db in Gentoo allows local users (with access to the man user account) to gain root privileges, because /usr/bin/mandb is executed by the root...
7.8CVSS
7.8AI Score
0.0004EPSS
zendframework/zendopenid is vulnerable to Improper Authentication. The vulnerability is due to insufficient parameter validation resulting in accepting tokens with arbitrary signed elements. Ab attacker can impersonate any OpenID Identity by using a malicious OpenID Provider, resulting in...
7.3AI Score
SilverStripe is vulnerable to Unauthorized Access. The vulnerability is due to failure to restrict access via the URL parameters isDev and isTest with debugging tools intended only for development ("dev mode"), which allows unauthenticated users to expose sensitive debugging information typically.....
6.8AI Score
Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...
6.8AI Score
0.0004EPSS
Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...
0.0004EPSS
Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...
6.8AI Score
0.0004EPSS
Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...
0.0004EPSS
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of...
5.3CVSS
7AI Score
0.0005EPSS
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the...
7.2CVSS
7.3AI Score
0.001EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...
7.9CVSS
7.6AI Score
0.0004EPSS
TYPO3 is vulnerable to Broken Access Control. The vulnerability is due to backend users with limited access to specific languages being able to modify and create pages in the default language, which should be disallowed. A valid backend user account is required to exploit this...
6.9AI Score
It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the field_security parameter,...
6.5CVSS
6.9AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...
7.9CVSS
7.6AI Score
0.0004EPSS
BIT-cilium-operator-2024-37307
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...
7.9CVSS
7.6AI Score
0.0004EPSS
DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...
8.5CVSS
0.0004EPSS
DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...
8.5CVSS
8.7AI Score
0.0004EPSS
Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor
Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser....
7.1AI Score
DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...
8.5CVSS
7.5AI Score
0.0004EPSS