iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages....
6.6AI Score
EPSS
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages....
7AI Score
EPSS
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages....
6.5AI Score
EPSS
The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and...
4.3CVSS
4.9AI Score
0.001EPSS
The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and...
4.3CVSS
6.4AI Score
0.001EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's element attributes in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
6.4CVSS
5.7AI Score
0.001EPSS
CVE-2024-34358 TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the ShowImageController (eID tx_cms_showpic ) lacks a cryptographic HMAC-signature on the frame HTTP query parameter (e.g....
5.3CVSS
5.5AI Score
0.0004EPSS
CVE-2024-34358 TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the ShowImageController (eID tx_cms_showpic ) lacks a cryptographic HMAC-signature on the frame HTTP query parameter (e.g....
5.3CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix....
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix....
6.8AI Score
0.0004EPSS
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenti...
7.2CVSS
7.4AI Score
0.0004EPSS
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager...
9.6CVSS
9.2AI Score
0.0004EPSS
Embedded JavaScript(EJS) 3.1.6 - Template Injection
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter...
9.8CVSS
9.7AI Score
0.101EPSS
May 14, 2024—KB5037768 (OS Builds 19044.4412 and 19045.4412)
May 14, 2024—KB5037768 (OS Builds 19044.4412 and 19045.4412) 03/12/24 IMPORTANT The following editions of Windows 10, version 21H2 will reach end of service on June 11, 2024:- Windows 10 Enterprise and Education- Windows 10 IoT Enterprise- Windows 10 Enterprise multi-sessionAfter that date, these.....
8.8CVSS
7.6AI Score
0.008EPSS
Server Side Request Forgery (SSRF)
llama-cpp-python is vulnerable to Server Side Request Forgery (SSRF). The vulnerability is due to loading the chat template in a sandbox-less jinja2.Environment, allowing an attacker to execute arbitrary code by crafting a malicious payload within a model, and convincing a user intro running...
9.6CVSS
9.5AI Score
0.0004EPSS
CVE-2024-33007 Client-side script execution vulnerability in SAP UI5(PDFViewer)
PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript (or any harmful client-side script), the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential...
3.5CVSS
7.1AI Score
0.0004EPSS
CVE-2024-33007 Client-side script execution vulnerability in SAP UI5(PDFViewer)
PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript (or any harmful client-side script), the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential...
3.5CVSS
4.6AI Score
0.0004EPSS
The version of TYPO3 installed on the remote host is prior to 9.0.0 < 9.5.48 ELTS / 10.0.0 < 10.4.45 ELTS / 11.0.0 < 11.5.37 / 12.0.0 < 12.4.15 / 13.0.0 < 13.1.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-010 advisory. TYPO3 is an enterpris...
5.3CVSS
5.2AI Score
0.0004EPSS
5.9CVSS
7.5AI Score
0.001EPSS
SUSE SLES15 Security Update : gnutls (SUSE-SU-2024:0638-2)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0638-2 advisory. A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the...
7.5CVSS
8AI Score
0.008EPSS
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception...
6.3AI Score
0.0004EPSS
SUSE SLES12 Security Update : opensc (SUSE-SU-2024:1625-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1625-1 advisory. A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side- channel resistant. This issue...
5.9CVSS
6.8AI Score
0.001EPSS
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages....
6.8AI Score
EPSS
Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-6767-2)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6767-2 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able to crash the...
7.8CVSS
8AI Score
0.0004EPSS
Rocky Linux 9 : kernel (RLSA-2024:2758)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2758 advisory. A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker...
6.5CVSS
6.7AI Score
EPSS
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix....
6.6AI Score
0.0004EPSS
Rocky Linux 9 : gnutls (RLSA-2024:2570)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2570 advisory. A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...
5.3CVSS
6.7AI Score
0.0005EPSS
Summary Node.js is used by IBM Rational® Application Developer for WebSphere® Software as the SDK and runtime for Apache Cordova projects. (CVE-2023-6129,CVE-2024-24806, CVE-2023-5678,CVE-2024-22019,CVE-2023-46809, CVE-2024-0727, CVE-2023-6237,CVE-2024-21892) Vulnerability Details ** CVEID:...
7.3CVSS
8.6AI Score
EPSS
Ongoing Malvertising Campaign leads to Ransomware
Executive Summary Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains. In at least one observed case, the infection has led to the attempted...
7.5AI Score
Exploit for Code Injection in Crushftp
CVE-2024-4040 PoC Python exploit for CVE-2024-4040...
10CVSS
10AI Score
0.966EPSS
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Introduction In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric cryptography, with each server-side key backup...
5.5CVSS
5.4AI Score
0.0004EPSS
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Introduction In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric cryptography, with each server-side key backup...
5.5CVSS
5.4AI Score
0.0004EPSS
The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a....
5.5CVSS
6.8AI Score
0.0004EPSS
The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a....
5.5CVSS
5.7AI Score
0.0004EPSS
Description llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUMA, LoRa settings, loading tokenizers,...
9.6CVSS
7.6AI Score
0.0004EPSS
Description llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUMA, LoRa settings, loading tokenizers,...
9.6CVSS
7.3AI Score
0.0004EPSS
Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details....
7.5CVSS
6.9AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional
Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in January 2024, App Connect Professional has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 ...
7.5CVSS
6.9AI Score
0.001EPSS
Summary IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity (XXE) injection vulnerability. Vulnerability Details ** CVEID: CVE-2024-22354 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3...
7CVSS
7.3AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through...
4.4CVSS
5.5AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through...
4.4CVSS
7AI Score
0.0004EPSS
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering...
4.3CVSS
6.4AI Score
0.0004EPSS
@lobehub/chat is vulnerable to Server-Side Request Forgery. This vulnerability arises due to insufficient validation of user-supplied URLs which allows attackers to forge server-side...
9CVSS
7AI Score
0.0004EPSS
Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo
Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control (C2) framework within a PNG image of the project's logo. The package employing this.....
7.3AI Score
openSUSE: Security Advisory for bouncycastle (SUSE-SU-2024:1539-1)
The remote host is missing an update for...
7.1AI Score
0.0004EPSS
7.4AI Score
GLSA-202405-32 : Mozilla Thunderbird: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202405-32 (Mozilla Thunderbird: Multiple Vulnerabilities) When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability...
8.6AI Score
0.0004EPSS
5.4CVSS
7.1AI Score
0.001EPSS