Software Support: 7 Essential Reasons You Can’t Overlook
By Owais Sultan Explore the significance of software support in the fast-paced digital world. Discover how continuous maintenance, bug fixing, feature enhancement, and integration management optimize operations. With expert assistance, enhance security, ensure project continuity, and improve...
7.3AI Score
AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead
Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now....
8.3AI Score
A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet. Before diving deep into this, I.....
6.7AI Score
Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through...
4.3CVSS
4.6AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability
Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature...
10CVSS
9.7AI Score
0.957EPSS
10CVSS
9.9AI Score
0.957EPSS
Debian dsa-5658 : affs-modules-6.1.0-11-4kc-malta-di - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5658 advisory. A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in...
8CVSS
7.6AI Score
EPSS
Photo: David Adams, MV Dali and the Francis Scott Key Bridge collapse - 240326-A-SE916-6662, A layer has been added showing a character and a speech bubble, CC0 1.0 TL;DR Ships can be hacked Was the MV Dali hacked? Practically impossible Polarised views from uninformed commentators do not help...
7.5AI Score
WordPress 6.3.x < 6.3.4 Cross-Site Scripting
According to its self-reported version number, the detected WordPress application is affected by a Cross-Site Scripting (XSS) vulnerability affecting the avatar block type. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version.....
6.1AI Score
AlmaLinux 9 : bind (ALSA-2024:1789)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1789 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...
7.5CVSS
7.3AI Score
0.05EPSS
Oracle Linux 9 : bind (ELSA-2024-1789)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1789 advisory. A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect <domain>; is configured, and....
7.5CVSS
7.9AI Score
0.05EPSS
WordPress 6.2.x < 6.2.5 Cross-Site Scripting
According to its self-reported version number, the detected WordPress application is affected by a Cross-Site Scripting (XSS) vulnerability affecting the avatar block type. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version.....
6.1AI Score
Oracle Linux 8 : bind9.16 (ELSA-2024-1781)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1781 advisory. The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of...
7.5CVSS
8.2AI Score
0.05EPSS
WordPress 6.4.x < 6.4.4 Cross-Site Scripting
According to its self-reported version number, the detected WordPress application is affected by a Cross-Site Scripting (XSS) vulnerability affecting the avatar block type. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version.....
6.1AI Score
WordPress 6.5.x < 6.5.2 Cross-Site Scripting
According to its self-reported version number, the detected WordPress application is affected by a Cross-Site Scripting (XSS) vulnerability affecting the avatar block type. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version.....
6.1AI Score
AlmaLinux 8 : bind9.16 (ALSA-2024:1781)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1781 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...
7.5CVSS
7.7AI Score
0.05EPSS
WordPress 6.1.x < 6.1.6 Cross-Site Scripting
According to its self-reported version number, the detected WordPress application is affected by a Cross-Site Scripting (XSS) vulnerability affecting the avatar block type. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version.....
6.1AI Score
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when some.....
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix crash in RX resync flow For the TLS RX resync flow, we maintain a list of TLS contexts that require some attention, to communicate their resync information to the HW. Here we fix list corruptions, by...
6.6AI Score
0.0004EPSS
The internet is already scary enough without April Fool’s jokes
I feel like over the past several years, the "holiday" that is April Fool's Day has really died down. At this point, there are few headlines you can write that would be more ridiculous than something you'd find on a news site any day of the week. And there are so many more serious issues that are.....
7.3AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...
9.9CVSS
9.8AI Score
0.082EPSS
Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through...
4.3CVSS
4.6AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through...
4.3CVSS
4.9AI Score
0.0004EPSS
TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer
A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple...
7.2AI Score
Python's PyPI Reveals Its Secrets
GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in...
7.3AI Score
Python's PyPI Reveals Its Secrets
GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in...
7.3AI Score
Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks
Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillance....
7.4AI Score
Spring Framework 6.2.0-M1: all the little things
The Spring Framework team has been busy reviewing the issue tracker in anger and reducing the number of opened issues. This was long overdue, with a number of issues being invalid or superseded in the meantime. This helped the team focusing on a more manageable amount of issues and we used the...
7.1AI Score
Juniper Junos OS Multiple Vulnerabilities (JSA79108)
The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA79108 advisory. This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow...
9.8CVSS
9.3AI Score
0.007EPSS
The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups
The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups By Jambul Tologonov and John Fokker · April 11, 2024 The Trellix Advanced Research Center has recently observed an uptick of LockBit-related cyber activity surrounding vulnerabilities in ScreenConnect....
6.5AI Score
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's....
6.8CVSS
6.5AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's....
6.8CVSS
6.6AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's....
6.8CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix crash in RX resync flow For the TLS RX resync flow, we maintain a list of TLS contexts that require some attention, to communicate their resync information to the HW. Here we fix list corruptions, by...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix crash in RX resync flow For the TLS RX resync flow, we maintain a list of TLS contexts that require some attention, to communicate their resync information to the HW. Here we fix list corruptions, by...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix crash in RX resync flow For the TLS RX resync flow, we maintain a list of TLS contexts that require some attention, to communicate their resync information to the HW. Here we fix list corruptions, by...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when some.....
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when some.....
7.3AI Score
0.0004EPSS
CVE-2021-47215 net/mlx5e: kTLS, Fix crash in RX resync flow
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix crash in RX resync flow For the TLS RX resync flow, we maintain a list of TLS contexts that require some attention, to communicate their resync information to the HW. Here we fix list corruptions, by...
6.6AI Score
0.0004EPSS
CVE-2021-47205 clk: sunxi-ng: Unregister clocks/resets when unbinding
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when some.....
7.5AI Score
0.0004EPSS
CVE-2021-47205 clk: sunxi-ng: Unregister clocks/resets when unbinding
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when some.....
6.7AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's....
6.8CVSS
6.7AI Score
0.0004EPSS
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual...
7.5CVSS
7.4AI Score
0.0004EPSS
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual...
7.5CVSS
6.7AI Score
0.0004EPSS
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the...
7.5CVSS
7.4AI Score
0.0004EPSS
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the...
7.5CVSS
7.4AI Score
0.0004EPSS