In the Linux kernel, the following vulnerability has been resolved: riscv: Sparse-Memory/vmemmap out-of-bounds fix Offset vmemmap so that the first page of vmemmap will be mapped to the first page of physical memory in order to ensure that vmemmap’s bounds will be respected during...
7.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to 'inet_opt' for the new socket has the same value as the original one: as a...
7.5AI Score
0.0004EPSS
Description The Ultimate Social Comments – Email Notification & Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.5CVSS
5.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller When a PCI device is dynamically added, the kernel oopses with a NULL pointer dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030 ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller When a PCI device is dynamically added, the kernel oopses with a NULL pointer dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030 ...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller When a PCI device is dynamically added, the kernel oopses with a NULL pointer dereference: BUG: Kernel NULL pointer dereference on read at...
7AI Score
0.0004EPSS
CVE-2024-26738 powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller When a PCI device is dynamically added, the kernel oopses with a NULL pointer dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030 ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add When a PCI device is dynamically added, the kernel oopses with a NULL pointer dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030 Faulting...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add When a PCI device is dynamically added, the kernel oopses with a NULL pointer dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030 Faulting...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add When a PCI device is dynamically added, the kernel oopses with a NULL pointer dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030 Faulting...
6.5AI Score
0.0004EPSS
CVE-2024-26713 powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add When a PCI device is dynamically added, the kernel oopses with a NULL pointer dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030 Faulting...
6.6AI Score
0.0004EPSS
Hello fellow readers! Have you ever wondered how the GitHub Security Lab performs security research? In this post, you'll learn how we leverage GitHub products and features such as code scanning, CodeQL, Codespaces, and private vulnerability reporting. By the time we conclude, you'll have mastered....
6.9AI Score
Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments...
5.9AI Score
0.0004EPSS
Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add When a PCI device is dynamically added, the kernel oopses with a NULL pointer dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030 Faulting...
6.4AI Score
0.0004EPSS
Better Comments < 1.5.6 - Subscriber+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks. PoC 1. From the menu on the left, go into "Users" and edit Subscriber user. 2. Upload a new avatar image and click...
5.4CVSS
5.6AI Score
0.0004EPSS
Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments...
6.1AI Score
0.0004EPSS
Better Comments < 1.5.6 - Subscriber+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting...
5.4CVSS
5.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller When a PCI device is dynamically added, the kernel oopses with a NULL pointer dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030...
6.5AI Score
0.0004EPSS
Better Comments < 1.5.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
Better Comments < 1.5.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. From the WordPress menu on...
5.5AI Score
0.0004EPSS
moodle/moodle is vulnerable to Authorization Bypass. The vulnerability is due to insufficient permission checks, which allow unauthorized users to add comments to the comments block on another user's dashboard when it is not otherwise...
3.5CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung...
7.2AI Score
0.0004EPSS
CVE-2024-26656 drm/amdgpu: fix use-after-free bug
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung...
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung...
7.3AI Score
0.0004EPSS
7.4AI Score
Exploit for Embedded Malicious Code in Tukaani Xz
root@ubuntu:~/xz/# apt update root@ubuntu:~/xz/# apt install -y...
10CVSS
9.6AI Score
0.133EPSS
Drozer - The Leading Security Assessment Framework For Android
drozer (formerly Mercury) is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS. drozer provides tools to....
7.5AI Score
10CVSS
9.9AI Score
0.133EPSS
Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can't remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and...
7.2AI Score
Description The Fancy Comments WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's facebook_comments_shortcode shortcode function in all versions up to, and including, 1.2.14 due to insufficient input sanitization and output escaping on user supplied...
6.5CVSS
5.8AI Score
0.0004EPSS
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-053)
The version of kernel installed on the remote host is prior to 5.10.210-201.852. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-053 advisory. 2024-06-06: CVE-2023-52489 was added to this advisory. 2024-06-06: CVE-2023-52498 was added to this...
7.8CVSS
7.8AI Score
0.0004EPSS
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-062)
The version of kernel installed on the remote host is prior to 5.4.269-183.369. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-062 advisory. 2024-06-06: CVE-2023-52486 was added to this advisory. 2024-05-23: CVE-2024-26625 was added to this...
7.8CVSS
7.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayan Datta Ultimate Social Comments – Email Notification & Lazy Load allows Stored XSS.This issue affects Ultimate Social Comments – Email Notification & Lazy Load: from n/a through...
6.5CVSS
6.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayan Datta Ultimate Social Comments – Email Notification & Lazy Load allows Stored XSS.This issue affects Ultimate Social Comments – Email Notification & Lazy Load: from n/a through...
6.5CVSS
9.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayan Datta Ultimate Social Comments – Email Notification & Lazy Load allows Stored XSS.This issue affects Ultimate Social Comments – Email Notification & Lazy Load: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile...
3.5CVSS
7AI Score
0.0004EPSS
Exploit for Embedded Malicious Code in Tukaani Xz
xz-vulnerable-honeypot An ssh honeypot with the XZ backdoor....
7.3AI Score
Exploit for Embedded Malicious Code in Tukaani Xz
![cve-2024–3094](https://github.com/alokemajumder/alokemajumder/......
10CVSS
9.7AI Score
0.133EPSS
HackerOne: Attachment disclosure via summary report
Summary: Hackerone provides a form for reporting vulnerabilities to various programs. where the form supports uploading files & previews (images or videos) but is not allowed to use file ids belonging to other accounts. but with the sumary report feature I as a hacker can reveal files belonging to....
7AI Score
Exploit for Embedded Malicious Code in Tukaani Xz
xz-backdoor-github History of commits related to the xz...
7.3AI Score
On March 29th, 2024, security researcher Andres Freund discovered a backdoor in XZ Utils versions 5.6.0 and 5.6.1. Under certain conditions, this backdoor may allow remote access to the targeted system. This disclosure was posted to the Openwall mailing list. The security researcher mentions that.....
10CVSS
9.9AI Score
0.133EPSS
ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability
Impact All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out of memory error by pointing it to a malicious Helm registry. The...
6.5CVSS
6.8AI Score
0.0004EPSS
ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability
Impact All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out of memory error by pointing it to a malicious Helm registry. The...
6.5CVSS
6.8AI Score
0.0004EPSS
Exploit for Embedded Malicious Code in Tukaani Xz
CVE-2024-3094-info CVE-2024-3094 PoC Exploration...
10CVSS
9.9AI Score
0.133EPSS
The Golden Age of Automated Penetration Testing is Here
Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often...
7.3AI Score
New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking
Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape by....
7.8CVSS
8.2AI Score
0.002EPSS
Security Bulletin: Vulnerability in Dnspython affects IBM Process Mining CVE-2023-29483
Summary There is a vulnerability in Dnspython that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-29483 ...
7.4AI Score
0.0004EPSS