CVE-2024-6048 Openfind MailGates and MailAudit - OS Command Injection
Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote...
9.8CVSS
7.7AI Score
EPSS
CVE-2024-6048 Openfind MailGates and MailAudit - OS Command Injection
Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote...
9.8CVSS
EPSS
DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...
8.5CVSS
EPSS
DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...
8.5CVSS
8.7AI Score
EPSS
A week in security (June 10 – June 16)
Last week on Malwarebytes Labs: Truist bank confirms data breach Update now! Google Pixel vulnerability is under active exploitation Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content 23andMe data breach under joint investigation in two countries When things go...
7AI Score
Amazon-Powered AI Cameras Used to Detect Emotions of Unwitting UK Train Passengers
CCTV cameras and AI are being combined to monitor crowds, detect bike thefts, and spot...
7.3AI Score
aardvark.com.gr Cross Site Scripting vulnerability OBB-3935809
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...
8.5CVSS
EPSS
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
9.8AI Score
EPSS
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
EPSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...
EPSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...
5.6AI Score
EPSS
The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...
EPSS
The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...
5.6AI Score
EPSS
heerfashion.com Cross Site Scripting vulnerability OBB-3935807
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS
The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...
EPSS
CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...
EPSS
CVE-2024-6047 GeoVision EOL device - OS Command Injection
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
EPSS
mashcall.com Cross Site Scripting vulnerability OBB-3935805
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
NiceRAT Malware Targets South Korean Users via Cracked Software
Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license...
6.9AI Score
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....
8.8CVSS
EPSS
SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
EPSS
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....
8.8CVSS
8.4AI Score
EPSS
SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
9.8AI Score
EPSS
CVE-2024-6046 SECOM WRTR-304GN-304TW-UPSC - OS Command Injection
SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
EPSS
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...
7.4AI Score
EPSS
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...
EPSS
CVE-2024-6045 D-Link router - Hidden Backdoor
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....
8.8CVSS
EPSS
7.5AI Score
9.8CVSS
9.7AI Score
0.002EPSS
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app, py3-werkzeug, superset,...
7.5CVSS
7.7AI Score
0.0004EPSS
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app, py3-werkzeug, superset,...
7.5AI Score
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...
7.5CVSS
7AI Score
0.001EPSS
GHSA-84PR-M4JR-85G5 vulnerabilities
Vulnerabilities for packages: py3-flask-cors, kubeflow-volumes-web-app,...
7.5AI Score
GHSA-H75V-3VVJ-5MFJ vulnerabilities
Vulnerabilities for packages: pytorch, kubeflow-jupyter-web-app, confluent-docker-utils, dask-gateway, py3-jinja2, reflex, superset,...
7.5AI Score
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: py3-idna, kubeflow-pipelines, kubeflow-jupyter-web-app, confluent-docker-utils, datadog-agent, kubeflow-katib, jwt-tool, py3-cassandra-medusa, k8s-sidecar, kubeflow-pipelines-visualization-server, ggshield, az, dask-gateway, py3.10-tensorflow-core,...
7.5AI Score
Vulnerabilities for packages: py3-idna, kubeflow-pipelines, kubeflow-jupyter-web-app, confluent-docker-utils, datadog-agent, kubeflow-katib, jwt-tool, py3-cassandra-medusa, k8s-sidecar, kubeflow-pipelines-visualization-server, ggshield, az, dask-gateway, py3.10-tensorflow-core,...
8AI Score
EPSS
GHSA-G4MX-Q9VG-27P4 vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, kubeflow-jupyter-web-app, jwt-tool, py3-urllib3,...
7.5AI Score
CVE-1999-0817 affecting package lynx 2.9.0~dev.9-5
CVE-1999-0817 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...
7.2AI Score
0.007EPSS
CVE-2024-34064 vulnerabilities
Vulnerabilities for packages: pytorch, kubeflow-jupyter-web-app, confluent-docker-utils, dask-gateway, py3-jinja2, reflex, superset,...
5.4CVSS
6.1AI Score
0.0004EPSS
CVE-2023-45803 vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, kubeflow-jupyter-web-app, jwt-tool, py3-urllib3,...
4.2CVSS
7.1AI Score
0.0004EPSS
Vulnerabilities for packages: py3-flask-cors, kubeflow-volumes-web-app,...
5.3CVSS
5.5AI Score
0.0004EPSS
GHSA-9WX4-H78V-VM56 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines, kubeflow-jupyter-web-app, confluent-docker-utils, datadog-agent, kubeflow-katib, jwt-tool, mlflow, k8s-sidecar, py3-cassandra-medusa, az, airflow, superset, py3.10-tensorflow-core,...
7.5AI Score
CVE-2013-7381 affecting package libnotify 0.7.9-4
CVE-2013-7381 affecting package libnotify 0.7.9-4. This CVE either no longer is or was never...
9.8CVSS
7AI Score
0.003EPSS
CVE-2010-4756 affecting package glibc 2.35-7
CVE-2010-4756 affecting package glibc 2.35-7. This CVE either no longer is or was never...
6.4AI Score
0.008EPSS
CVE-2010-4226 affecting package cpio 2.13-5
CVE-2010-4226 affecting package cpio 2.13-5. This CVE either no longer is or was never...
6.8AI Score
0.003EPSS
CVE-2023-46136 vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, kubeflow-jupyter-web-app, py3-werkzeug, airflow,...
8CVSS
7.9AI Score
0.001EPSS
CVE-2024-35195 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines, kubeflow-jupyter-web-app, confluent-docker-utils, datadog-agent, kubeflow-katib, jwt-tool, mlflow, k8s-sidecar, py3-cassandra-medusa, az, airflow, superset, py3.10-tensorflow-core,...
5.6CVSS
6.1AI Score
0.0004EPSS
GHSA-HRFV-MQP8-Q5RW vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, kubeflow-jupyter-web-app, py3-werkzeug, airflow,...
7.5AI Score
CVE-2023-43804 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-urllib3, k8s-sidecar, dask-gateway, kube-downscaler,...
8.1CVSS
7.6AI Score
0.001EPSS