OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
SpEL Injection in PUT /api/v1/policies (GHSL-2023-252) Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability CompiledRule::validateExpression is also called from...
9.4CVSS
9.8AI Score
0.0004EPSS
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
SpEL Injection in PUT /api/v1/policies (GHSL-2023-252) Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability CompiledRule::validateExpression is also called from...
9.4CVSS
8.3AI Score
0.0004EPSS
Google ad for Facebook redirects to scam
Today, we are looking at a malicious ad campaign targeting Facebook users via Google search. It is well-known that tech support scammers attract new victims by buying ads for certain keywords related to their audience. What is perhaps less known is how it is even possible to impersonate top brands....
6.9AI Score
Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise
Rapid7 vulnerability researcher Ryan Emmons contributed to this blog. On Friday, April 19, 2024, managed file transfer vendor CrushFTP released information to a private mailing list on a new zero-day vulnerability affecting versions below 10.7.1 and 11.1.0 (as well as legacy 9.x versions) across...
10CVSS
10AI Score
0.966EPSS
The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
5.7AI Score
0.0004EPSS
GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories
By Deeba Ahmed Hackers are exploiting GitHub comments to spread malware disguised as Microsoft software downloads tricking users into downloading malware. This is a post from HackRead.com Read the original post: GitHub Comments Abused to Spread Malware in Fake Microsoft...
7.2AI Score
CrushFTP VFS - Sandbox Escape LFR
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS...
10CVSS
9.2AI Score
0.966EPSS
WP Social Comments < 1.7.4 - Missing Authorization via wpfc_allow_comments()
Description The WP Social Comments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_allow_comments() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level.....
4.3CVSS
6.5AI Score
0.0004EPSS
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...
10CVSS
10AI Score
0.966EPSS
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...
CVE-2024-4040 Unauthenticated arbitrary file read and remote code execution in CrushFTP
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...
9.8CVSS
10AI Score
0.966EPSS
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
Impact A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during.....
5.9CVSS
7.5AI Score
0.001EPSS
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
Impact A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during.....
5.9CVSS
7.5AI Score
0.001EPSS
Using Legitimate GitHub URLs for Malware
Interesting social-engineering attack vector: McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the "C++ Library Manager for Windows, Linux, and MacOS," known as vcpkg. The attacker is exploiting a property...
7.2AI Score
Take Command Summit: Take Breaches from Inevitable to Preventable on May 21
Registration is now open for Take Command, a day-long virtual summit in partnership with AWS. You do not want to miss it. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more. In 2024, adversaries are using AI and new techniques, working in gangs...
7AI Score
Billions of scraped Discord messages up for sale
Four billions public Discord messages are for sale on an internet scraping service called Spy.pet. At first sight there doesn’t seem to be much that is illegal about it. The messages were publicly accessible and there are no laws against scraping data. However, it turns out the site did disregard.....
6.8AI Score
ownCloud < 10.13.3 Improper Input Validation Vulnerability
ownCloud is prone to an improper input validation ...
7.3AI Score
EPSS
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...
10CVSS
10AI Score
0.966EPSS
A buffer overflow vulnerability was found in the gstreamer-plugins-bad plugin for the Gstreamer media framework. A successful attack may lead to an application crash or arbitrary code execution if malformed media files are...
7.5CVSS
8.5AI Score
0.0005EPSS
Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks
Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and...
10CVSS
10AI Score
0.966EPSS
[SECURITY] Fedora 40 Update: yyjson-0.9.0-1.fc40
A high performance JSON library written in ANSI C. Features - Fast: can read or write gigabytes per second JSON data on modern CPUs. - Portable: complies with ANSI C (C89) for cross-platform compatibility. - Strict: complies with RFC 8259 JSON standard, ensuring strict number format and UTF-8...
6.3AI Score
0.0004EPSS
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted...
7.8AI Score
0.0004EPSS
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted...
7.5AI Score
0.0004EPSS
Exploit for Command Injection in Paloaltonetworks Pan-Os
PAN Rapid Check Simple(you should probably just do this in...
7.2AI Score
What’s the deal with the massive backlog of vulnerabilities at the NVD?
The National Vulnerability Database is usually the single source of truth for all things related to security vulnerabilities. But now, they're facing an uphill battle against a massive backlog of vulnerabilities, some of which are still waiting to be analyzed, and others that still have an...
7AI Score
Denial of Service in Comments API - ownCloud
Insufficient input validation in the Comments Plugin may allow an authenticated attacker to cause a Denial of...
6.8AI Score
EPSS
Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-6739-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6739-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only...
7.8CVSS
7.6AI Score
0.003EPSS
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted...
7.7AI Score
0.0004EPSS
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the --command argument of flatpak run...
8.4CVSS
8.8AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...
8.8AI Score
EPSS
Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
CVE-2024-32689 WordPress WP Social Comments plugin <= 1.7.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1322-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1322-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.8CVSS
8.4AI Score
EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1321-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1321-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.8CVSS
8AI Score
EPSS
The Windows Registry Adventure #1: Introduction and research results
Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. It all started unexpectedly: I was in the process of developing a coverage-based Windows kernel fuzzer...
7.8CVSS
8.3AI Score
0.049EPSS
The Windows Registry Adventure #2: A brief history of the feature
Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values",...
6.3AI Score
Disable Comments | WPZest <= 1.51 - Authenticated (Administrator+) SQL Injection
Description The Disable Comments | WPZest plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.51 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
7.6CVSS
7.2AI Score
0.0004EPSS
Should you share your location with your partner?
Every relationship has its disagreements. Who takes out the trash and washes the dishes? Who plans the meals and writes out the grocery list? And when is it okay to start tracking one another’s location? Location sharing is becoming the norm between romantic partners—50% of people valued...
6.9AI Score
In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when...
6.7AI Score
0.0004EPSS
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit
Impact What kind of vulnerability is it? Who is impacted? An attacker can use this bug to bypass the block gas limit and gas payment completely to perform a full Denial-of-Service against the chain. Disclosure Evmos versions below v11.0.1 do not check for MsgEthereumTx messages that are nested...
7.1AI Score
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit
Impact What kind of vulnerability is it? Who is impacted? An attacker can use this bug to bypass the block gas limit and gas payment completely to perform a full Denial-of-Service against the chain. Disclosure Evmos versions below v11.0.1 do not check for MsgEthereumTx messages that are nested...
7.1AI Score
PuTTYis vulnerable to biased ECDSA nonce generation. The vulnerability is due to biased ECDSA nonce generation, allowing an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is particularly significant in scenarios where an adversary can...
5.9CVSS
5.7AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when...
7.3AI Score
0.0004EPSS
CVE-2024-26859 net/bnx2x: Prevent access to a freed page in page_pool
In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when...
7.6AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: yyjson-0.9.0-1.fc39
A high performance JSON library written in ANSI C. Features - Fast: can read or write gigabytes per second JSON data on modern CPUs. - Portable: complies with ANSI C (C89) for cross-platform compatibility. - Strict: complies with RFC 8259 JSON standard, ensuring strict number format and UTF-8...
6.3AI Score
0.0004EPSS
[SECURITY] Fedora 38 Update: yyjson-0.9.0-1.fc38
A high performance JSON library written in ANSI C. Features - Fast: can read or write gigabytes per second JSON data on modern CPUs. - Portable: complies with ANSI C (C89) for cross-platform compatibility. - Strict: complies with RFC 8259 JSON standard, ensuring strict number format and UTF-8...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when...
7.6AI Score
0.0004EPSS