In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP.....
6.5AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP.....
EPSS
New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration
A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA...
7AI Score
CVE-2024-38620 Bluetooth: HCI: Remove HCI_AMP support
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP.....
6.9AI Score
EPSS
CVE-2024-38620 Bluetooth: HCI: Remove HCI_AMP support
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP.....
EPSS
[SECURITY] Fedora 39 Update: python-authlib-1.3.1-1.fc39
Python library for building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are...
7.5CVSS
7AI Score
0.0005EPSS
[SECURITY] Fedora 39 Update: composer-2.7.7-1.fc39
Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation:...
8.8CVSS
8.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path (br forward...
6.8AI Score
0.0004EPSS
Summary Security Bulletin: IBM Maximo Application Suite - IoT Component uses Kafka - 3.0.2 which is vulnerable to CVE-2024-27309. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-27309 DESCRIPTION: **Apache Kafka is...
6.7AI Score
0.0004EPSS
mediawiki/core is vulnerable to Improper Access Control. The vulnerability is due to the absence of a .htaccess file which is required to protect some directories from web access, potentially allowing attackers to access sensitive files and directories that shouldn't be web...
5.3CVSS
6.5AI Score
0.002EPSS
The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code.....
9.8CVSS
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba(). -....
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba(). -....
0.0004EPSS
The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code.....
9.8CVSS
10AI Score
0.001EPSS
CVE-2024-4098 Shariff Wrapper <= 4.6.13 - Unauthenticated Local File Inclusion
The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code.....
9.8CVSS
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs. (CVE-2024-20952,...
7.5CVSS
6.9AI Score
0.001EPSS
Summary IBM Watson Explorer Foundational Components contains a vulnerable version of Apache ZooKeeper.(CVE-2024-23944) Vulnerability Details ** CVEID: CVE-2024-23944 DESCRIPTION: **Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in...
5.4AI Score
0.0004EPSS
CVE-2024-38619 usb-storage: alauda: Check whether the media is initialized
In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba(). -....
0.0004EPSS
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. IBM Watson Explorer has addressed the applicable CVE (CVE-2024-22354). Vulnerability Details ** CVEID: CVE-2024-22354 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and...
7CVSS
6.4AI Score
0.0004EPSS
magento/community-edition is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to the ability of an authenticated user to inject an embedded expression into a...
5.4CVSS
6.1AI Score
0.001EPSS
Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations
Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns targeting Chinese organizations. AT&T LevelBlue Labs, which first observed the malware in late April 2024, said it incorporates features that are designed to thwart static...
7.5AI Score
Magento is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to error handling accessing user input without sanitization, allowing an authenticated user to manipulate downloadable...
5.4CVSS
6.2AI Score
0.001EPSS
CVE-2023-25646 Permission and Access Control Vulnerability in ZTE H388X
There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific...
7.1CVSS
0.0004EPSS
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection...
7.3AI Score
0.0004EPSS
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection...
0.0004EPSS
The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
0.0004EPSS
The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.6AI Score
0.0004EPSS
It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker could possibly use this issue to cause a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-4285) It....
6.5CVSS
8.4AI Score
0.001EPSS
CVE-2024-5522 HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection...
7.6AI Score
0.0004EPSS
CVE-2024-5522 HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection...
0.0004EPSS
CVE-2024-5475 Responsive video embed < 0.5.1 - Contributor+ Stored XSS
The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
0.0004EPSS
CVE-2024-5475 Responsive video embed < 0.5.1 - Contributor+ Stored XSS
The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.8AI Score
0.0004EPSS
Updated python-scikit-learn packages fix security vulnerability
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...
4.7CVSS
6.6AI Score
0.0004EPSS
fontyukle.net Cross Site Scripting vulnerability OBB-3936826
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
TL;DR HUMINT / Human Intelligence is gathered from a person in the location in question. It’s the sort of information we think of in the context of spying. A modern intelligence apparatus is multi-discipline with many different collection methods. HUMINT sources include officers, agents,...
6.9AI Score
The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
8.8CVSS
0.001EPSS
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. This makes....
6.4CVSS
5.7AI Score
0.001EPSS
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. This makes....
6.4CVSS
0.001EPSS
The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
8.8CVSS
8.7AI Score
0.001EPSS
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress...
6.5CVSS
0.001EPSS
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress...
6.5CVSS
6.2AI Score
0.001EPSS
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. This makes....
6.4CVSS
0.001EPSS
CVE-2024-4390 Depicter <= 3.0.2 - Authenticated (Contributor+) Arbitrary Nonce Generation
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress...
6.5CVSS
0.001EPSS
The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
8.8CVSS
0.001EPSS
martinortho.care Cross Site Scripting vulnerability OBB-3936825
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
marketcircolo.com Cross Site Scripting vulnerability OBB-3936822
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
marketingagencynetwork.com Cross Site Scripting vulnerability OBB-3936823
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
manhattanentdoctor.com Cross Site Scripting vulnerability OBB-3936820
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (POST /api/request-token) and after account creations (POST /api/admin/users/new). This exposure occurs because the entire User...
5.3CVSS
0.0004EPSS
In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (POST /api/request-token) and after account creations (POST /api/admin/users/new). This exposure occurs because the entire User...
5.3CVSS
5.2AI Score
0.0004EPSS