Goolytics – Simple Google Analytics Security Vulnerabilities
Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
6.5AI Score
0.0004EPSS
Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7AI Score
0.0004EPSS
Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity:...
6.7AI Score
0.0004EPSS
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity:...
6.2AI Score
0.0004EPSS
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...
6.3AI Score
0.0004EPSS
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity:...
0.0004EPSS
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...
6.3AI Score
0.0004EPSS
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7AI Score
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7AI Score
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...
6.3AI Score
0.0004EPSS
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity:...
7.2AI Score
0.0004EPSS
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity:...
6.3AI Score
0.0004EPSS
linux-aws, linux-aws-5.15 vulnerabilities
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...
8CVSS
8.2AI Score
0.0004EPSS
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Impact What kind of vulnerability is it? Who is impacted? A remote code execution (RCE) via server-side template injection (SSTI) allows for user supplied code to be executed in the server's context where it is executed as the document-merge-server user with the UID 901 thus giving an attacker...
9.9CVSS
9.9AI Score
0.0004EPSS
Keycloak's admin API allows low privilege users to use administrative functions
Users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data.....
7.2AI Score
EPSS
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...
8CVSS
8AI Score
0.0004EPSS
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses
Impact There is a vulnerability in Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses. They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms. References CVE-2024-24790 Patches ...
7AI Score
0.0004EPSS
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...
9.9CVSS
8.3AI Score
0.0004EPSS
Azure Storage Movement Client Library Denial of Service Vulnerability
Azure Storage Movement Client Library Denial of Service...
7.5CVSS
7.1AI Score
0.0005EPSS
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...
5.5CVSS
5.8AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....
3.5CVSS
6.6AI Score
0.0004EPSS
linux-intel-iotg-5.15 vulnerabilities
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) It was....
8CVSS
8.2AI Score
EPSS
How Cynet Makes MSPs Rich & Their Clients Secure
Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as the security vendor of choice for MSPs to capitalize on existing relationships with SMB clients and profitably expand...
7.1AI Score
10 years of the GitHub Security Bug Bounty Program
Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years of the GitHub Security Bug Bounty program! While we've had some exciting growth over the last 10...
7AI Score
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment...
5.3CVSS
6.9AI Score
0.0004EPSS
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...
4.4CVSS
7.5AI Score
0.0004EPSS
libapache-mod-jk vulnerability
Karl von Randow discovered that mod_jk was vulnerable to an authentication bypass. If the configuration did not provide explicit mounts for all possible proxied requests, an attacker could possibly use this vulnerability to bypass security constraints configured in...
7.5CVSS
7.2AI Score
0.001EPSS
Malicious code in noblox.js-proxy-agent (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (49cb85854d6a908a38177c4a3c30ac7dd724e1f892e3fbfcb26bb3a146ad2dc7) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in noblox.js-discord (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d714a330056d61b303e703615cd667da1871ff920b7563ed5d20d42d5b68c7be) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
New research: "Deception abilities emerged in large language models": Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the...
7.3AI Score
When things go wrong: A digital sharing warning for couples
“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month,...
6.9AI Score
Google’s Chrome changes make life harder for ad blockers
Despite protests, Google is rolling out changes in the Chrome browser that make it harder for ad blockers to do their job. Starting last Monday, June 3, 2024, Chrome Beta, Dev, and Canary channels will see the effects of the implementation of the new extension platform Manifest V3. The gradual...
7AI Score
Malicious code in dell-ui-bootstrap (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (b3c479c9bdd98cd009ae28c56a47f3ef7dd2dda6d6e96abbdfc86905f79f557b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in bootstrap-npm-webpack (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (3fd1dc66e2c97cb20814b56fc5ff776a96f0851f09647f1cef4cfb305ec2b3a1) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Apple Launches Private Cloud Compute for Privacy-Centric AI Processing
Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture.....
7.4AI Score
QR code SQL injection and other vulnerabilities in a popular biometric terminal
Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....
10CVSS
9AI Score
0.0004EPSS
Malicious code in asf-recorder (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (0170c1a6080f641f60e56118c5047b047d529133a2aa949043ed62e0bac90488) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in asf-renderer (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (df408055de1ea1703a4d69234f7368c69466b2b470ce427a528fbe996a3f1e08) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score