Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through...
6.5CVSS
9.1AI Score
0.0004EPSS
Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions
A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users' systems and carry out malicious actions. "This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly...
6.5CVSS
6.7AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
A flaw was found in curl. When libcurl is built to use wolfSSL as the TLS backend, it skips certificate verification for a QUIC connection if an unknown/bad cipher or curve is...
7AI Score
0.0004EPSS
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate...
6.3AI Score
0.0004EPSS
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate...
6.6AI Score
0.0004EPSS
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate...
7.4AI Score
0.0004EPSS
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate...
6.3AI Score
0.0004EPSS
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate...
6.6AI Score
0.0004EPSS
QUIC certificate check bypass with wolfSSL
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate...
6AI Score
0.0004EPSS
CVE-2024-2379 QUIC certificate check bypass with wolfSSL
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate...
6.6AI Score
0.0004EPSS
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. Notes Author| Note...
6.5AI Score
0.0004EPSS
Slackware Linux 15.0 / current curl Multiple Vulnerabilities (SSA:2024-087-01)
The version of curl installed on the remote host is prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-087-01 advisory. When a protocol selection parameter option disables all protocols without adding any then the default set of protocols...
5.7AI Score
0.0004EPSS
Andrew Appel shepherded a public comment--signed by twenty election cybersecurity experts, including myself--on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but it's general in nature. From the executive summary: We believe that...
7.4AI Score
KaTeX's `\includegraphics` does not escape filename
Impact KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML. Patches Upgrade to KaTeX v0.16.10 to remove this vulnerability. Workarounds Avoid use of or turn off the trust option,...
6.3CVSS
6.6AI Score
0.0004EPSS
KaTeX's `\includegraphics` does not escape filename
Impact KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML. Patches Upgrade to KaTeX v0.16.10 to remove this vulnerability. Workarounds Avoid use of or turn off the trust option,...
6.3CVSS
7AI Score
0.0004EPSS
KaTeX's maxExpand bypassed by Unicode sub/superscripts
Impact KaTeX users who render untrusted mathematical expressions could encounter malicious input using \def or \newcommand that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX....
6.5CVSS
7.3AI Score
0.0004EPSS
KaTeX's maxExpand bypassed by Unicode sub/superscripts
Impact KaTeX users who render untrusted mathematical expressions could encounter malicious input using \def or \newcommand that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX....
6.5CVSS
6.9AI Score
0.0004EPSS
KaTeX's maxExpand bypassed by `\edef`
Impact KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be....
6.5CVSS
7AI Score
0.0004EPSS
KaTeX's maxExpand bypassed by `\edef`
Impact KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be....
6.5CVSS
7.4AI Score
0.0004EPSS
Top 4 Industries at Risk of Credential Stuffing and Account Takeover (ATO) attacks
All industries are at risk of credential stuffing and account takeover (ATO) attacks. However, some industries are at a greater risk because of the sensitive information or volume of customer data they possess. While cyber-attacks come in all forms and techniques, credential stuffing involves an...
6.9AI Score
In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in the....
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in.....
7.5AI Score
0.0004EPSS
Radamsa - A General-Purpose Fuzzer
Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestringly different outputs from them. The main...
9.8CVSS
7.5AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 # tc qdisc add dev eth0 clsact # tc filter add dev eth0 egress matchall action skbedit priority...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 # tc qdisc add dev eth0 clsact # tc filter add dev eth0 egress matchall action skbedit...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 # tc qdisc add dev eth0 clsact # tc filter add dev eth0 egress matchall action skbedit priority...
8.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in.....
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in.....
6.8AI Score
0.0004EPSS
CVE-2021-47175 net/sched: fq_pie: fix OOB access in the traffic path
In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 # tc qdisc add dev eth0 clsact # tc filter add dev eth0 egress matchall action skbedit priority...
6.9AI Score
0.0004EPSS
CVE-2021-47175 net/sched: fq_pie: fix OOB access in the traffic path
In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 # tc qdisc add dev eth0 clsact # tc filter add dev eth0 egress matchall action skbedit priority...
8.7AI Score
0.0004EPSS
CVE-2021-47170 USB: usbfs: Don't WARN about excessively large memory allocations
In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in.....
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in the....
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in the....
7.4AI Score
0.0004EPSS
CVE-2021-47138 cxgb4: avoid accessing registers when clearing filters
In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in the....
6.7AI Score
0.0004EPSS
CVE-2021-47138 cxgb4: avoid accessing registers when clearing filters
In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in the....
7.5AI Score
0.0004EPSS
Jetpack < 13.2.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC When the "Let visitors...
6.1AI Score
In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in the....
6.6AI Score
0.0004EPSS
Ubuntu 22.04 LTS / 23.10 : Linux kernel (AWS) vulnerabilities (USN-6707-3)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6707-3 advisory. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation....
7.8CVSS
7.7AI Score
0.002EPSS
Jetpack < 13.2.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
6.2AI Score
In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in.....
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 # tc qdisc add dev eth0 clsact # tc filter add dev eth0 egress matchall action skbedit priority...
6.6AI Score
0.0004EPSS
openSUSE: Security Advisory for gstreamer (SUSE-SU-2024:0793-1)
The remote host is missing an update for...
8.8CVSS
8.9AI Score
0.0005EPSS
openSUSE: Security Advisory for go1.22 (SUSE-SU-2024:0812-1)
The remote host is missing an update for...
7.6AI Score
0.0004EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0976-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0976-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...
7.8CVSS
7.6AI Score
EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0926-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0926-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...
7.8CVSS
7.4AI Score
EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0977-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0977-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...
7.8CVSS
8.3AI Score
EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:0925-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0925-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free ...
7.8CVSS
7.7AI Score
EPSS