In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use “Best-Fit” behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
9.8CVSS
7.2AI Score
0.967EPSS
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
9.8CVSS
9.6AI Score
0.967EPSS
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP...
9.8CVSS
8.2AI Score
0.973EPSS
9.8CVSS
10AI Score
0.967EPSS
Imperva Protects Against Critical PHP Vulnerability CVE-2024-4577
In the ever-evolving landscape of cybersecurity, staying ahead of vulnerabilities is crucial for safeguarding sensitive information and maintaining the integrity of digital assets. Recently, a critical vulnerability– identified as CVE-2024-4577 with an initial CVSS score of 9.8 – was discovered in....
9.8CVSS
10AI Score
0.967EPSS
The Justice Department Took Down the 911 S5 Botnet
The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide....
7.4AI Score
FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims
The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects....
7.7AI Score
Commando Cat Cryptojacking Attacks Target Misconfigured Docker Instances
The threat actor known as Commando Cat has been linked to an ongoing cryptojacking attack campaign that leverages poorly secured Docker instances to deploy cryptocurrency miners for financial gain. "The attackers used the cmd.cat/chattr docker image container that retrieves the payload from their.....
8.8CVSS
8.1AI Score
0.975EPSS
OpenSSL 0.9.7 < 0.9.7b Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 0.9.7b. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.7b advisory. The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized...
7AI Score
0.074EPSS
OpenSSL 0.9.6 < 0.9.6j Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 0.9.6j. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.6j advisory. The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized...
7AI Score
0.074EPSS
OpenSSL 0.9.6 < 0.9.6d Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.6d. It is, therefore, affected by a vulnerability as referenced in the 0.9.6d advisory. OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service...
6.8AI Score
0.003EPSS
OpenSSL 0.9.8v < 0.9.8w Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.8w. It is, therefore, affected by a vulnerability as referenced in the 0.9.8w advisory. Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks,...
8.6AI Score
0.1EPSS
OpenSSL 0.9.8h < 0.9.8r Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.8r. It is, therefore, affected by a vulnerability as referenced in the 0.9.8r advisory. ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and...
6.6AI Score
0.103EPSS
OpenSSL 1.0.0 < 1.0.0b Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.0.0b. It is, therefore, affected by a vulnerability as referenced in the 1.0.0b advisory. Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching...
7.7AI Score
0.335EPSS
OpenSSL 1.1.1 < 1.1.1e Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.1.1e. It is, therefore, affected by a vulnerability as referenced in the 1.1.1e advisory. There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are...
5.3CVSS
6.4AI Score
0.002EPSS
OpenSSL 0.9.6c < 0.9.6m Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.6m. It is, therefore, affected by a vulnerability as referenced in the 0.9.6m advisory. The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of...
7.5CVSS
6.7AI Score
0.006EPSS
OpenSSL 1.0.2 < 1.0.2zc Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.0.2zc. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zc advisory. There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the...
5.9CVSS
6.3AI Score
0.119EPSS
OpenSSL 0.9.8 < 0.9.8p Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.8p. It is, therefore, affected by a vulnerability as referenced in the 0.9.8p advisory. Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching...
7.7AI Score
0.335EPSS
OpenSSL 0.9.7 < 0.9.7h Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.7h. It is, therefore, affected by a vulnerability as referenced in the 0.9.7h advisory. The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING...
6.4AI Score
0.013EPSS
OpenSSL 0.9.8 < 0.9.8d Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 0.9.8d. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.8d advisory. The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier...
7.6AI Score
0.964EPSS
OpenSSL 0.9.8 < 0.9.8a Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.8a. It is, therefore, affected by a vulnerability as referenced in the 0.9.8a advisory. The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING...
6.4AI Score
0.013EPSS
OpenSSL 0.9.7 < 0.9.7l Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 0.9.7l. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.7l advisory. The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier...
8AI Score
0.964EPSS
OpenSSL 0.9.8h < 0.9.8o Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.8o. It is, therefore, affected by a vulnerability as referenced in the 0.9.8o advisory. The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not...
7.1AI Score
0.251EPSS
OpenSSL 0.9.7 < 0.9.7a Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.7a. It is, therefore, affected by a vulnerability as referenced in the 0.9.7a advisory. ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block...
6.3AI Score
0.028EPSS
OpenSSL 0.9.7 < 0.9.7k Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.7k. It is, therefore, affected by a vulnerability as referenced in the 0.9.7k advisory. OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before...
6.7AI Score
0.093EPSS
OpenSSL 0.9.8 < 0.9.8c Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.8c. It is, therefore, affected by a vulnerability as referenced in the 0.9.8c advisory. OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before...
6.7AI Score
0.093EPSS
OpenSSL 0.9.7 < 0.9.7d Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 0.9.7d. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.7d advisory. The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check...
7.5CVSS
7.6AI Score
0.006EPSS
OpenSSL 0.9.6 < 0.9.6i Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.6i. It is, therefore, affected by a vulnerability as referenced in the 0.9.6i advisory. ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block...
6.3AI Score
0.028EPSS
OpenSSL 0.9.8 < 0.9.8q Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.8q. It is, therefore, affected by a vulnerability as referenced in the 0.9.8q advisory. OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent...
6.7AI Score
0.002EPSS
Server-Side Request Forgery in langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
7.5AI Score
0.0004EPSS
Server-Side Request Forgery in langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
5.6AI Score
0.0004EPSS
Issue Overview: Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem.....
6.6AI Score
0.0004EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information....
8.3CVSS
0.0004EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information....
8.3CVSS
6.9AI Score
0.0004EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
5.6AI Score
0.0004EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
0.0004EPSS
Server-Side Request Forgery in gradio
A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL,...
8.6CVSS
6.6AI Score
0.0004EPSS
Server-Side Request Forgery in gradio
A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL,...
8.6CVSS
8.3AI Score
0.0004EPSS
CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
0.0004EPSS
CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
7.5AI Score
0.0004EPSS
CVE-2024-5186 Server Side Request Forgery (SSRF) in imartinez/privategpt
A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information....
8.3CVSS
6.7AI Score
0.0004EPSS
CVE-2024-5186 Server Side Request Forgery (SSRF) in imartinez/privategpt
A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information....
8.3CVSS
0.0004EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP....
8.6CVSS
0.0004EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP....
8.6CVSS
8.2AI Score
0.0004EPSS
The sliding doors of misinformation that come with AI-generated search results
As someone who used to think that his entire livelihood would come from writing, I've long wondered if any sort of computer or AI could replace my essential functions at work. For now, it seems there are enough holes in AI-generated language that my ability to write down a complete, accurate and...
7.2AI Score
CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio
A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP....
8.6CVSS
6.7AI Score
0.0004EPSS
CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio
A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP....
8.6CVSS
0.0004EPSS
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution
The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to...
8.2AI Score
Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in multiple security bulletins. These products have addressed the applicable...
6.9AI Score
Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks
Muhstik botnet exploits a critical Apache RocketMQ flaw (CVE-2023-33246) for remote code execution, targeting Linux servers and IoT devices for DDoS attacks and cryptocurrency mining. Infection involves executing a shell script from a remote IP, downloading the Muhstik malware binary ("pty3"), and....
9.8CVSS
8.3AI Score
0.973EPSS