6.7AI Score
0.0004EPSS
malicious container creates symlink "mtab" on the host External in github.com/cri-o/cri-o
malicious container creates symlink "mtab" on the host External in...
8.1CVSS
8.1AI Score
0.0004EPSS
Contract balance not updating correctly after interchain transaction in github.com/evmos/evmos/v10
Contract balance not updating correctly after interchain transaction in...
7.5CVSS
7.5AI Score
0.0004EPSS
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC in...
8.2CVSS
8.2AI Score
0.001EPSS
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses in github.com/traefik/traefik
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses in...
9.8CVSS
6.3AI Score
0.001EPSS
Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd/v2
Unauthenticated Access to sensitive settings in Argo CD in...
5.3CVSS
5.1AI Score
0.0004EPSS
SQL Injection in Harbor scan log API in github.com/goharbor/harbor
SQL Injection in Harbor scan log API in...
2.7CVSS
8.1AI Score
0.0004EPSS
4.3CVSS
6.7AI Score
0.001EPSS
Files or Directories Accessible to External Parties in ProjectDiscovery in...
9.8CVSS
9.4AI Score
0.001EPSS
evmos allows transferring unvested tokens after delegations in github.com/evmos/evmos/v10
evmos allows transferring unvested tokens after delegations in...
3.5CVSS
3.9AI Score
0.0004EPSS
`docker cp` allows unexpected chmod of host files in Moby Docker Engine in github.com/docker/docker
docker cp allows unexpected chmod of host files in Moby Docker Engine in...
6.3CVSS
6.3AI Score
0.0005EPSS
Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit
Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users. "While the so-called 'Privacy Sandbox' is advertised.....
6.8AI Score
Snipe-IT allows users to promote or demote themselves or other users
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...
7.6CVSS
6.8AI Score
0.0004EPSS
Why Regulated Industries are Turning to Military-Grade Cyber Defenses
As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage. Which is why many highly regulated.....
7.2AI Score
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...
7.6CVSS
6.9AI Score
0.0004EPSS
Mattermost Desktop App allows for bypassing TCC restrictions on macOS
Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on...
3.8CVSS
6.8AI Score
0.0004EPSS
Apache Airflow does not return the "Cache-Control" header for dynamic content
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...
6.2AI Score
0.0004EPSS
Mattermost Desktop App Remote Code Execution
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...
4.7CVSS
7AI Score
0.0004EPSS
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...
6.6AI Score
0.0004EPSS
curl: Denial of Service in curl Request - HTTP headers eat all memory
Summary: Curl's unrestricted header storage lets malicious servers overwhelm memory, leading to out of Memory ( DOS) . When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit on how many....
7AI Score
ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws
An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake...
10CVSS
9.6AI Score
0.0004EPSS
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...
6.4CVSS
0.001EPSS
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...
6.4CVSS
6AI Score
0.001EPSS
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...
6.4CVSS
0.001EPSS
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...
6.4CVSS
6AI Score
0.001EPSS
North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics
Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian...
7.1AI Score
The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....
4.3CVSS
4.3AI Score
0.0005EPSS
The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....
4.3CVSS
0.0005EPSS
CVE-2023-6492 Simple Sitemap <= 3.5.13 - Cross-Site Request Forgery via admin_notices
The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....
4.3CVSS
0.0005EPSS
Rejetto HFS (HTTP File Server) CVE-2024-23692 Vulnerability...
9.8CVSS
10AI Score
0.002EPSS
Google Chrome Security Update (stable-channel-update-for-desktop_22-2024-02) - Linux
Google Chrome is prone to an unspecified ...
7AI Score
Google Chrome Security Update (stable-channel-update-for-desktop_22-2024-02) - Windows
Google Chrome is prone to an unspecified ...
7AI Score
Releases Ubuntu 24.04 LTS Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-gke - Linux kernel for Google Container Engine (GKE) systems Details Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions,...
7.8CVSS
8.5AI Score
0.0005EPSS
5.5CVSS
7.4AI Score
0.002EPSS
7.2AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
...
7.4AI Score
0.0004EPSS
Google Chrome Security Update (stable-channel-update-for-desktop_22-2024-02) - Mac OS X
Google Chrome is prone to an unspecified ...
7AI Score
Google Chrome Security Update (stable-channel-update-for-desktop_13-2024-02) - Windows
Google Chrome is prone to a stack-based buffer overflow...
7.5AI Score
7.1AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.2AI Score
0.001EPSS
Google Chrome Security Update (stable-channel-update-for-desktop_13-2024-02) - Linux
Google Chrome is prone to a stack-based buffer overflow...
7.5AI Score
Description The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an...
6.4CVSS
6AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...
9.8CVSS
8.4AI Score
0.005EPSS
8.5CVSS
6.7AI Score
0.005EPSS
7.4AI Score
0.0004EPSS
Linux kernel (NVIDIA) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-nvidia-6.5 - Linux kernel for NVIDIA systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this...
7.8CVSS
7.5AI Score
0.001EPSS
6.7AI Score
EPSS
Google Chrome Security Update (stable-channel-update-for-desktop_13-2024-02) - Mac OS X
Google Chrome is prone to a stack-based buffer overflow...
7.5AI Score
8.8CVSS
6.9AI Score
0.001EPSS