Amazon Linux 2023 : bouncycastle, bouncycastle-javadoc, bouncycastle-mail (ALAS2023-2024-636)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-636 advisory. An issue was discovered in Bouncy Castle Java Cryptography APIs before ... NOTE: https://github.com/bcgit/bc-java/issues/1635NOTE: https://www.bouncycastle.org/latest_releases.htmlDEBIANBUG:...
7.6AI Score
EPSS
Hirschmann HiOS Switches Argument Injection or Modification (CVE-2019-12265)
The IGMPv3 reception handler does not expect packets to be spread across multiple IP-fragments. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
5.3CVSS
7AI Score
0.009EPSS
Hirschmann HiOS Switches Classic Buffer Overflow (CVE-2019-12261)
The impact of this vulnerability is a buffer overflow of up to a full TCP receive-window (by default, 10k-64k depending on version). The buffer overflow happens in the task calling recv()/recvfrom()/recvmsg(). Applications that pass a buffer equal to or larger than a full TCP-window are not...
9.8CVSS
8.4AI Score
0.065EPSS
Hirschmann HiOS Switches Integer Underflow (CVE-2019-12255)
An attacker can either hijack an existing TCP-session and inject bad TCP-segments or establish a new TCP-session on any TCP-port listened to by the target. This vulnerability could lead to a buffer overflow of up to a full TCP receive-window (by default, 10k-64k depending on version). The buffer...
9.8CVSS
8.1AI Score
0.937EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment...
10CVSS
10AI Score
0.975EPSS
Sttr - Cross-Platform, Cli App To Perform Various Operations On String
sttr is command line software that allows you to quickly run various transformation operations on the string. // With input prompt sttr // Direct input sttr md5 "Hello World" // File input sttr md5 file.text sttr base64-encode image.jpg // Reading from different processor like cat,...
7.4AI Score
Recon Tool Installation git clone...
8.6CVSS
8.6AI Score
0.945EPSS
ZendFramework Potential Proxy Injection Vulnerabilities
Zend\Session\Validator\RemoteAddr and Zend\View\Helper\ServerUrl were found to be improperly parsing HTTP headers for proxy information, which could potentially allow an attacker to spoof a proxied IP or host name. In Zend\Session\Validator\RemoteAddr, if the client is behind a proxy server, the...
7.1AI Score
ZendFramework Potential Proxy Injection Vulnerabilities
Zend\Session\Validator\RemoteAddr and Zend\View\Helper\ServerUrl were found to be improperly parsing HTTP headers for proxy information, which could potentially allow an attacker to spoof a proxied IP or host name. In Zend\Session\Validator\RemoteAddr, if the client is behind a proxy server, the...
7.1AI Score
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`
The Zend\Http\PhpEnvironment\RemoteAddress class provides features around detecting the internet protocol (IP) address for an incoming proxied request via the X-Forwarded-For header, taking into account a provided list of trusted proxy server IPs. Prior to 2.2.5, the class was not taking into...
7AI Score
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`
The Zend\Http\PhpEnvironment\RemoteAddress class provides features around detecting the internet protocol (IP) address for an incoming proxied request via the X-Forwarded-For header, taking into account a provided list of trusted proxy server IPs. Prior to 2.2.5, the class was not taking into...
7AI Score
PIP-INTEL - OSINT and Cyber Intelligence Tool
Pip-Intel is a powerful tool designed for OSINT (Open Source Intelligence) and cyber intelligence gathering activities. It consolidates various open-source tools into a single user-friendly interface simplifying the data collection and analysis processes for researchers and cybersecurity...
7AI Score
The Justice Department Took Down the 911 S5 Botnet
The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide....
7.4AI Score
Fedora: Security Advisory for rust-local_ipaddress (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
K000139953: PHP vulnerability CVE-2024-4577
Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the Reserved state here. (CVE-2024-4577) Impact There is no impact; F5 products are not affected by this.....
9.8CVSS
9.3AI Score
0.932EPSS
The sliding doors of misinformation that come with AI-generated search results
As someone who used to think that his entire livelihood would come from writing, I've long wondered if any sort of computer or AI could replace my essential functions at work. For now, it seems there are enough holes in AI-generated language that my ability to write down a complete, accurate and...
7.2AI Score
Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks
Muhstik botnet exploits a critical Apache RocketMQ flaw (CVE-2023-33246) for remote code execution, targeting Linux servers and IoT devices for DDoS attacks and cryptocurrency mining. Infection involves executing a shell script from a remote IP, downloading the Muhstik malware binary ("pty3"), and....
9.8CVSS
8.3AI Score
0.972EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.6 ATTENTION: Low attack complexity Vendor: Emerson Equipment: PACSystem, Fanuc Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity Insufficiently Protected Credentials, Download of Code Without...
8.4AI Score
EPSS
K000139922: Open vSwitch vulnerabilities CVE-2023-3966 and CVE-2023-5366
Security Advisory Description CVE-2023-3966 A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is...
7.5CVSS
7.1AI Score
0.0004EPSS
7.4AI Score
A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192,...
7.5CVSS
7.2AI Score
0.001EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192,...
7.5CVSS
7.6AI Score
0.001EPSS
CVE-2024-4084 SSRF vulnerability in mintplex-labs/anything-llm
A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192,...
7.7CVSS
7.6AI Score
0.001EPSS
K000139898: PyYAML vulnerabilities CVE-2020-1747 and CVE-2020-14343
Security Advisory Description CVE-2020-1747 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use...
9.8CVSS
7.5AI Score
0.006EPSS
K000139901: PyYAML vulnerability CVE-2017-18342
Security Advisory Description In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. (CVE-2017-18342) Impact.....
9.8CVSS
9.6AI Score
0.014EPSS
K000139917: Libxml2 vulnerability CVE-2022-40303
Security Advisory Description An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading....
7.5CVSS
7.6AI Score
0.004EPSS
F5 Networks BIG-IP : PyYAML vulnerability (K000139901)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139901 advisory. In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load()...
9.8CVSS
8.1AI Score
0.014EPSS
AI jailbreaks: What they are and how they can be mitigated
Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human and the AI model(s). As part of a responsible AI approach, AI models are protected by layers of defense mechanisms to prevent the production of harmful content or being used...
7.4AI Score
Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
CVE-2023-52176 WordPress Malware Scanner plugin <= 4.7.1 - IP Restriction Bypass vulnerability
Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
CVE-2023-52176 WordPress Malware Scanner plugin <= 4.7.1 - IP Restriction Bypass vulnerability
Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through...
5.3CVSS
7AI Score
0.0004EPSS
CVE-2023-51543 WordPress RegistrationMagic plugin <= 5.2.5.0 - IP Limit Bypass vulnerability
Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
CVE-2023-51543 WordPress RegistrationMagic plugin <= 5.2.5.0 - IP Limit Bypass vulnerability
Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through...
5.3CVSS
7AI Score
0.0004EPSS
CVE-2023-51542 WordPress Branda plugin <= 3.4.14 - IP Restriction Bypass vulnerability
Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through...
5.3CVSS
7AI Score
0.0004EPSS
CVE-2023-51542 WordPress Branda plugin <= 3.4.14 - IP Restriction Bypass vulnerability
Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through...
5.3CVSS
5.2AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through...
5.3CVSS
7AI Score
0.0004EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358 An Vulnerability detection and Mass...
9.8CVSS
9.7AI Score
0.938EPSS
CVE-2023-49774 WordPress WP Photo Album Plus plugin <= 8.5.02.005 - IP Bypass vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through...
5.3CVSS
5.2AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through...
3.7CVSS
7.2AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in 10up Restricted Site Access allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Restricted Site Access: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through...
3.7CVSS
4.3AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in 10up Restricted Site Access allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Restricted Site Access: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS