Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery...
9.1CVSS
5.2AI Score
0.001EPSS
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate...
5.3CVSS
4.3AI Score
0.0005EPSS
CVE-2024-4220 Information Disclosure in BeyondInsight
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate...
4.3CVSS
4.3AI Score
0.0005EPSS
CVE-2024-4219 SSRF In BeyondInsight
Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery...
4.8CVSS
5.2AI Score
0.001EPSS
TikTok Hack Targets ‘High-Profile’ Users via DMs
TikTok has confirmed a “potential exploit” that is being used to go after accounts belonging to media organizations and celebrities, including CNN and Paris Hilton, through direct...
7.2AI Score
AI jailbreaks: What they are and how they can be mitigated
Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human and the AI model(s). As part of a responsible AI approach, AI models are protected by layers of defense mechanisms to prevent the production of harmful content or being used...
7.4AI Score
AIX is vulnerable to denial of service due to ISC BIND
IBM SECURITY ADVISORY First Issued: Tue Jun 4 16:06:25 CDT 2024 |Updated: Wed Jun 5 08:17:08 CDT 2024 |Update: Corrected the affected fileset levels to reflect that | bind.rte 7.1.916.2604 and 7.3.916.2601 are vulnerable. The most recent version of this document is available here:...
7.5CVSS
8.1AI Score
0.05EPSS
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web...
8.1CVSS
7.1AI Score
0.001EPSS
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this...
4.8CVSS
6.7AI Score
0.0004EPSS
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this...
7.1CVSS
6.1AI Score
0.0004EPSS
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web...
8.1CVSS
7AI Score
0.001EPSS
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this...
8.1CVSS
7.4AI Score
0.001EPSS
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this...
8.1CVSS
7.9AI Score
0.001EPSS
CVE-2024-29004 SolarWinds Platform Stored XSS Vulnerability
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this...
7.1CVSS
6AI Score
0.0004EPSS
CVE-2024-29004 SolarWinds Platform Stored XSS Vulnerability
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this...
7.1CVSS
5.3AI Score
0.0004EPSS
CVE-2024-28999 SolarWinds Platform Race Condition Vulnerability
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web...
6.4CVSS
6.8AI Score
0.001EPSS
CVE-2024-28999 SolarWinds Platform Race Condition Vulnerability
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web...
6.4CVSS
8AI Score
0.001EPSS
CVE-2024-28996 SolarWinds Platform SWQL Injection Vulnerability
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this...
7.5CVSS
8.2AI Score
0.001EPSS
CVE-2024-28996 SolarWinds Platform SWQL Injection Vulnerability
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this...
7.5CVSS
7.1AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPvivid Team WPvivid Backup for MainWP allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through...
7.1CVSS
7.2AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPvivid Team WPvivid Backup for MainWP allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through...
6.1CVSS
7AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPvivid Team WPvivid Backup for MainWP allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through...
7.1CVSS
6.5AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPvivid Team WPvivid Backup for MainWP allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through...
7.1CVSS
7AI Score
0.0005EPSS
8.8CVSS
6.7AI Score
0.511EPSS
Russians Love YouTube. That’s a Problem for the Kremlin
YouTube remains the only major US-based social media platform available in Russia. It’s become "indispensable" to everyday people, making a ban tricky. Journalists and dissidents are taking...
7.2AI Score
The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...
7.2CVSS
7AI Score
0.0005EPSS
The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...
7.2CVSS
6.8AI Score
0.0005EPSS
The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...
7.2CVSS
6.8AI Score
0.0005EPSS
The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...
7.2CVSS
6.8AI Score
0.0005EPSS
typo3/cms-core is vulnerable to Denial of Service (DoS). The vulnerability is due to a lack of size limits on media files (*.youtube and *.vimeo) in the TYPO3 backend, which results in large files consuming excessive system...
7AI Score
7.4AI Score
7.4AI Score
6.5AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload
Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC 1. As an admin, enable SVG uploads at https://example.com/wp-admin/options-general.php?page=mime-types-extended 2. As an author,.....
5.7AI Score
0.0004EPSS
Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload
Description The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS...
6.1AI Score
0.0004EPSS
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the 125.0.6422.141 release. It includes 11 security fixes. Some of them are: * High CVE-2024-5493: Heap buffer overflow in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2024-05-11 * High CVE-2024-5494: Use after free in Dawn. Reported by...
7.5AI Score
0.0004EPSS
Chromium: CVE-2024-5496 Use after free in Media Session
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...
6.1AI Score
0.0004EPSS
Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)
Summary Vulnerability in openCryptoki could allow a remote attacker to obtain sensitive information (CVE-2024-0914). Vulnerability Details ** CVEID: CVE-2024-0914 DESCRIPTION: **openCryptoki could allow a remote attacker to obtain sensitive information, caused by a flaw when processing RSA PKCS#1.....
5.9CVSS
6AI Score
0.001EPSS
This week on the Lock and Code podcast… This is a story about how the FBI got everything it wanted. For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal...
7.2AI Score
5.3CVSS
7.1AI Score
0.005EPSS
Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...
6.9AI Score
SASE Threat Report: 8 Key Findings for Enterprise Security
Threat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the...
10CVSS
10AI Score
0.976EPSS
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware...
7.8CVSS
6AI Score
0.003EPSS
IT threat evolution in Q1 2024. Non-mobile statistics
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....
6.9AI Score
AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)
IBM SECURITY ADVISORY First Issued: Mon Jun 3 08:50:37 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opencryptoki_advisory.asc Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki...
5.9CVSS
5.8AI Score
0.001EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358 / CVE-2024-1800 Telerik Report Server...
9.8CVSS
9.8AI Score
0.938EPSS
Andariel Hackers Target South Korean Institutes with New Dora RAT Malware
The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. "Keylogger, Infostealer, and proxy tools on top of the...
7.5AI Score
Improved Guidance for Azure Network Service Tags
Summary Microsoft Security Response Center (MSRC) was notified in January 2024 by our industry partner, Tenable Inc., about the potential for cross-tenant access to web resources using the service tags feature. Microsoft acknowledged that Tenable provided a valuable contribution to the Azure...
7.2AI Score