Android App 'Mercari' (Japan Version) Security Vulnerabilities
Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. packages/renderer/MarkupToHtml.ts renders note content in safe mode by surrounding it with and , without escaping any.....
8.2CVSS
7.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with F2FS) [failed]...
6.8AI Score
0.0004EPSS
CVE-2023-37898 Safe mode Cross-site Scripting (XSS) vulnerability in Joplin
Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. packages/renderer/MarkupToHtml.ts renders note content in safe mode by surrounding it with and , without escaping any.....
8.2CVSS
0.0004EPSS
CVE-2023-38506 Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin
Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized (or not sanitized properly). As such, the onload...
8.2CVSS
0.0004EPSS
CVE-2023-38506 Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin
Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized (or not sanitized properly). As such, the onload...
8.2CVSS
6.2AI Score
0.0004EPSS
CVE-2023-39517 Cross site scripting (XSS) when clicking on an untrusted `<map>` link in Joplin
Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (packages/renderer/htmlUtils.ts::sanitizeHtml) preserves <map> <a...
8.2CVSS
0.0004EPSS
CVE-2023-39517 Cross site scripting (XSS) when clicking on an untrusted `<map>` link in Joplin
Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (packages/renderer/htmlUtils.ts::sanitizeHtml) preserves <map> <a...
8.2CVSS
7.7AI Score
0.0004EPSS
CVE-2023-45673 Arbitrary code execution on click of PDF links in Joplin
Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin...
8.9CVSS
0.0004EPSS
CVE-2023-45673 Arbitrary code execution on click of PDF links in Joplin
Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin...
8.9CVSS
8.3AI Score
0.0004EPSS
Metasploit Weekly Wrap-Up 06/21/2024
Argument Injection for PHP on Windows This week includes modules that target file traversal and arbitrary file read vulnerabilities for software such as Apache, SolarWinds and Check Point, with the highlight being a module for the recent PHP vulnerability submitted by sfewer-r7. This module...
9.8CVSS
8.9AI Score
0.967EPSS
ASUS announces major Firmware Update ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models. Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8 (critical), the vulnerability permits remote attackers.....
9.8CVSS
7.8AI Score
0.001EPSS
Security Bulletin: Multiple PostgreSQL Vulnerabilities Affect IBM Storage Scale System
Summary There are vulnerabilities in PostgreSQL versions used by IBM Storage Scale System that could allow a remote authenticated attacker to obtain sensitive information or bypass security restrictions, a denial of service and a buffer overflow. IBM Storage Scale System has addressed the...
8.8CVSS
9.5AI Score
0.015EPSS
Summary Potential code execution vulnerability in Node.js ( CVE-2024-27980) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2024-27980 ...
8.2AI Score
EPSS
Summary There are vulnerabilities in Node.js undici module used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-30261 DESCRIPTION: **Node.js undici module...
3.9CVSS
6.9AI Score
0.0004EPSS
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...
9.8CVSS
7AI Score
0.001EPSS
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...
9.8CVSS
0.001EPSS
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...
9.8CVSS
7.3AI Score
0.001EPSS
Summary Potential open redirect vulnerability in VMware Tanzu Spring Framework ( CVE-2024-22243) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
8.1CVSS
6.9AI Score
0.0004EPSS
Summary Potential Elastic Elasticsearch-Hadoop arbitrary code execution vulnerabilitiy.(CVE-2023-46674)has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
7.8CVSS
7.9AI Score
0.0004EPSS
Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...
5.3CVSS
6.5AI Score
0.001EPSS
Summary Potential Golang Go directory transversal vulnerabilitiy.(CVE-2023-45283) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-45283 DESCRIPTION:...
7.5CVSS
7.1AI Score
0.001EPSS
Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...
5.3CVSS
6.5AI Score
0.001EPSS
Summary Potential Elastic Elasticsearch denial of service vulnerabilitiy.(CVE-2023-31418) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-31418 ...
7.5CVSS
7.1AI Score
0.001EPSS
Summary Potential Golang Go arbitrary code execution vulnerabilitiy.( CVE-2023-39323) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39323 DESCRIPTION:...
8.1CVSS
8.1AI Score
0.002EPSS
Summary Potentialcode execution vulnerability in Apache Commons Configuration ( CVE-2024-29131) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
8.5AI Score
0.0004EPSS
Security Bulletin: IBM Resilient SOAR is vulnerable to command injection (CVE-2024-38319)
Summary It was possible for a privileged user to inject malicious commands that could be executed as another user. This issue has been addressed. Vulnerability Details ** CVEID: CVE-2024-38319 DESCRIPTION: **IBM Security SOAR could allow an authenticated user to execute malicious code loaded...
7.5CVSS
7.1AI Score
0.0004EPSS
Summary Potential vulnerabilities in Node.js related to the VM component ( CVE-2023-44487, CVE-2023-45143 ) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details.....
7.5CVSS
7.6AI Score
0.732EPSS
CVE-2023-45197 Adminer and AdminerEvo vulnerable to directory traversal and file upload
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...
0.001EPSS
CVE-2023-45197 Adminer and AdminerEvo vulnerable to directory traversal and file upload
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...
9.6AI Score
0.001EPSS
Summary Security vulnerabilities may affect IBM WebSphere Liberty shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the issue. Vulnerability Details ** CVEID: CVE-2024-25026 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty...
7.5CVSS
7.5AI Score
0.0004EPSS
Security Bulletin: Multiple Linux Kernel vulnerabilities affect IBM Storage Scale System.
Summary There are multiple vulnerabilities in the Linux Kernel, used by IBM Storage Scale System, which could allow a local authenticated attacker to gain elevated privileges on the system. Fixes for these vulnerabilities are available. CVE-2023-51043, CVE-2024-1086, CVE-2024-0646, CVE-2023-6932,.....
7.8CVSS
8.4AI Score
0.002EPSS
Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia
Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. We observed that SneakyChef launched a phishing campaign, sending emails delivering SugarGh0st and SpiceRAT with the...
7.5AI Score
Summary IBM Security SOAR uses an older version of ElasticSearch that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 51.0.2.1 or later of IBM Security SOAR. Vulnerability Details ** CVEID: CVE-2024-23450 ...
7.5CVSS
6.9AI Score
0.005EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
6.4AI Score
0.0004EPSS
CVE-2024-38636 f2fs: multidev: fix to recognize valid zero block address
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
6.8AI Score
0.0004EPSS
CVE-2024-38636 f2fs: multidev: fix to recognize valid zero block address
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
0.0004EPSS
Exploit for Unrestricted Upload of File with Dangerous Type in Elementor Website Builder
WordPress Plugin - Elementor 3.6.0 3.6.1 3.6.2 Thực thi mã từ...
8.8CVSS
7AI Score
0.96EPSS
Oyster Backdoor Spreading via Trojanized Popular Software Downloads
A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader). That's according to findings from Rapid7, which identified lookalike websites hosting the malicious...
7.5AI Score
CVE-2024-33873 affecting package hdf5 for versions less than 1.14.4.3-1
CVE-2024-33873 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...
7AI Score
EPSS
CVE-2024-32615 affecting package hdf5 for versions less than 1.14.4.3-1
CVE-2024-32615 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...
7AI Score
EPSS
CVE-2023-49568 affecting package cri-o for versions less than 1.30.1-1
CVE-2023-49568 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...
7.5CVSS
6.9AI Score
0.0005EPSS
CVE-2024-28182 affecting package nodejs for versions less than 20.14.0-1
CVE-2024-28182 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this...
5.3CVSS
7.1AI Score
0.0004EPSS
CVE-2024-32621 affecting package hdf5 for versions less than 1.14.4.3-1
CVE-2024-32621 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...
7AI Score
EPSS
CVE-2022-23639 affecting package librsvg2 for versions less than 2.58.1-1
CVE-2022-23639 affecting package librsvg2 for versions less than 2.58.1-1. An upgraded version of the package is available that resolves this...
8.1CVSS
6.9AI Score
0.003EPSS
CVE-2022-2879 affecting package cri-o for versions less than 1.30.1-1
CVE-2022-2879 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...
7.5CVSS
7.8AI Score
0.002EPSS
CVE-2024-28863 affecting package nodejs for versions less than 20.14.0-1
CVE-2024-28863 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this...
6.5CVSS
6.9AI Score
0.0004EPSS
CVE-2023-45288 affecting package cri-o for versions less than 1.30.1-1
CVE-2023-45288 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...
6.9AI Score
0.0004EPSS
CVE-2024-29160 affecting package hdf5 for versions less than 1.14.4.3-1
CVE-2024-29160 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...
7AI Score
EPSS