7.8CVSS
7.7AI Score
0.003EPSS
6.5CVSS
7.5AI Score
0.001EPSS
6.5CVSS
7AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.002EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
6.6AI Score
0.0004EPSS
7.8CVSS
7.4AI Score
EPSS
8.8AI Score
0.0004EPSS
Stable Channel Update for Desktop
The Stable channel has been updated to 124.0.6367.155/.156 for Mac and Windows and 124.0.6367.155 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. The Extended Stable channel has been updated to 124.0.6367.155 for Mac and ...
8AI Score
0.0004EPSS
3.7CVSS
4.4AI Score
0.001EPSS
A vulnerability in the xdg-desktop-portal interface of the Flatpak application and environment management tool is related to the injection or modification of arguments. Exploitation of the vulnerability could allow an attacker to to exit an isolated program environment and access files on the...
8.4CVSS
7AI Score
0.0004EPSS
GLSA-202405-20 : libjpeg-turbo: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202405-20 (libjpeg-turbo: Multiple Vulnerabilities) Libjpeg-turbo all version have a stack-based buffer overflow in the transform component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary...
8.8CVSS
8.4AI Score
0.01EPSS
7.8CVSS
7.8AI Score
0.0005EPSS
7.5AI Score
9.8CVSS
7.5AI Score
0.005EPSS
5.5CVSS
8AI Score
0.001EPSS
7.5AI Score
0.0004EPSS
8.8CVSS
6.7AI Score
0.002EPSS
7.2AI Score
0.0004EPSS
7CVSS
7.5AI Score
0.001EPSS
8.4CVSS
7.5AI Score
0.0004EPSS
5.5CVSS
5.7AI Score
0.002EPSS
6.7AI Score
0.0004EPSS
Arbitrary Code Execution Vulnerability in Trix Editor included in ActionText
From version 7.0 onwards the ActionText gem includes a copy of the Trix rich text editor. Prior to versions 7.0.8.3 and 7.1.3.3, ActionText included a version of Trix that is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into...
7.9AI Score
EPSS
An update is available for tigervnc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Virtual Network Computing (VNC) is a remote display system which allows...
7.8CVSS
7.4AI Score
0.0005EPSS
Important: tigervnc security update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....
7.8CVSS
6.9AI Score
0.0005EPSS
Gftrace - A Command Line Windows API Tracing Tool For Golang Binaries
A command line Windows API tracing tool for Golang binaries. Note: This tool is a PoC and a work-in-progress prototype so please treat it as such. Feedbacks are always welcome! How it works? Although Golang programs contains a lot of nuances regarding the way they are built and their behavior in...
7.1AI Score
The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and...
8.3CVSS
6AI Score
0.0004EPSS
The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and...
8.3CVSS
8AI Score
0.0004EPSS
CVE-2024-3576 NPort 5100A Series Store XSS Vulnerability
The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and...
8.3CVSS
6.2AI Score
0.0004EPSS
CVE-2024-3576 NPort 5100A Series Store XSS Vulnerability
The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and...
8.3CVSS
8AI Score
0.0004EPSS
Financial cyberthreats in 2023
Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...
7.3AI Score
New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs
Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and...
7.2AI Score
Oracle Linux 9 : freerdp (ELSA-2024-2208)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2208 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject...
9.8CVSS
7.5AI Score
0.001EPSS
GLSA-202405-15 : Mozilla Firefox: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202405-15 (Mozilla Firefox: Multiple Vulnerabilities) When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability...
7.8AI Score
0.0004EPSS
Oracle Linux 9 : openssl / and / openssl-fips-provider (ELSA-2024-2447)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2447 advisory. Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function...
6.5CVSS
7.7AI Score
0.004EPSS
Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d Authentication Bypass (CVE-2023-4957)
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the...
5.4CVSS
7.3AI Score
0.0004EPSS
Debian dsa-5681 : affs-modules-5.10.0-29-4kc-malta-di - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5681 advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an...
8CVSS
8.2AI Score
0.0005EPSS
Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as...
6.9AI Score
0.0004EPSS
Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as...
6.6AI Score
0.0004EPSS
Apache Commons BCEL: Remote Code Execution
Background The Byte Code Engineering Library (Apache Commons BCEL™) is intended to give users a convenient way to analyze, create, and manipulate (binary) Java class files (those ending with .class). Description A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier.....
9.8CVSS
7.4AI Score
0.019EPSS
Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as...
6.8AI Score
0.0004EPSS
[SECURITY] [DLA 3808-1] intel-microcode security update
Debian LTS Advisory DLA-3808-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost May 04, 2024 https://wiki.debian.org/LTS Package : intel-microcode Version : 3.20240312.1~deb10u1 CVE...
6.5CVSS
7.8AI Score
0.001EPSS
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients. Changelogs Major changes are documented in the project Announcements:...
5.9AI Score
Debian dla-3808 : intel-microcode - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3808 advisory. Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user...
6.5CVSS
7.6AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1490-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1490-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of...
7.8CVSS
7.6AI Score
EPSS
Security above all else—expanding Microsoft’s Secure Future Initiative
Last November, we launched the Secure Future Initiative (SFI) to prepare for the increasing scale and high stakes of cyberattacks. SFI brings together every part of Microsoft to advance cybersecurity protection across our company and products. Since then, the threat landscape has continued to...
7.8AI Score
MasterParser - Powerful DFIR Tool Designed For Analyzing And Parsing Linux Logs
What is MasterParser ? MasterParser stands as a robust Digital Forensics and Incident Response tool meticulously crafted for the analysis of Linux logs within the var/log directory. Specifically designed to expedite the investigative process for security incidents on Linux systems, MasterParser...
7.5AI Score
Rare Interviews with Enigma Cryptanalyst Marian Rejewski
The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his...
7.2AI Score
PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as name, description, shortcuts), web apps were able to inject additional lines into XDG Desktop Entries (on Linux) and AppInfo.ini (on...
9.6CVSS
7.2AI Score
0.0004EPSS