MD-404AA, MD-808AA Security Vulnerabilities
ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws
An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake...
10CVSS
9.6AI Score
0.0004EPSS
github.com/adguardteam/adguardhome is vulnerable to Privilege Escalation. The vulnerability is due to unprivileged attackers being able to overwrite the AdGuardHome binary, which allows an attacker to escalate privileges on the host...
7AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...
9.8CVSS
8.4AI Score
0.005EPSS
Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary...
7.5AI Score
0.0004EPSS
AdGuardHome privilege escalation vulnerability
An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome...
7AI Score
0.0004EPSS
An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP...
7.1AI Score
0.0004EPSS
An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and DecentralizeJustice/anonBackend commit 57837 to cd815 was discovered to store credentials in...
0.0004EPSS
An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP...
0.0004EPSS
An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and DecentralizeJustice/anonBackend commit 57837 to cd815 was discovered to store credentials in...
7.4AI Score
0.0004EPSS
An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome...
0.0004EPSS
Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary...
7.4AI Score
0.0004EPSS
Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary...
0.0004EPSS
An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome...
7.3AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
10AI Score
0.004EPSS
Cinterion EHS5 3G UMTS/HSPA Module Research
Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many...
6.4CVSS
8.2AI Score
0.001EPSS
An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome...
0.0004EPSS
Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary...
0.0004EPSS
An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and DecentralizeJustice/anonBackend commit 57837 to cd815 was discovered to store credentials in...
0.0004EPSS
An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP...
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2008-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...
9.8CVSS
8.8AI Score
EPSS
Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode...
6.8AI Score
0.0004EPSS
Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode...
0.0004EPSS
A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. It is possible to launch the...
7.3CVSS
0.0004EPSS
A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. It is possible to launch the...
7.3CVSS
7.5AI Score
0.0004EPSS
CVE-2024-5896 SourceCodester Employee and Visitor Gate Pass Logging System save_users sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. It is possible to launch the...
7.3CVSS
0.0004EPSS
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...
7.3CVSS
0.0004EPSS
A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects the function delete_users of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be....
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. This affects an unknown part of the file /cms/classes/Users.php?f=delete_client. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...
6.3CVSS
0.0004EPSS
A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects the function delete_users of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be....
6.3CVSS
0.0004EPSS
A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. This affects an unknown part of the file /cms/classes/Users.php?f=delete_client. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...
6.3CVSS
6.9AI Score
0.0004EPSS
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...
7.3CVSS
7AI Score
0.0004EPSS
A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects the function delete_users of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be....
6.3CVSS
0.0004EPSS
CVE-2024-5894 SourceCodester Online Eyewear Shop manage_product.php sql injection
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...
7.3CVSS
0.0004EPSS
CVE-2024-5893 SourceCodester Cab Management System sql injection
A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. This affects an unknown part of the file /cms/classes/Users.php?f=delete_client. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...
6.3CVSS
0.0004EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1983-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1983-1 advisory. The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...
7.8CVSS
8.5AI Score
0.001EPSS
RHEL 8 : kernel (RHSA-2024:3810)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3810 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in...
7.8CVSS
7.6AI Score
EPSS
Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode...
0.0004EPSS
An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by dumping the process memory and parsing...
0.0004EPSS
An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by dumping the process memory and parsing...
6.6AI Score
0.0004EPSS
An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by dumping the process memory and parsing...
0.0004EPSS
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-044)
The version of kernel installed on the remote host is prior to 5.15.160-104.158. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-044 advisory. In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev->serial...
5.5CVSS
7.5AI Score
0.0004EPSS
Sttr - Cross-Platform, Cli App To Perform Various Operations On String
sttr is command line software that allows you to quickly run various transformation operations on the string. // With input prompt sttr // Direct input sttr md5 "Hello World" // File input sttr md5 file.text sttr base64-encode image.jpg // Reading from different processor like cat,...
7.4AI Score
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at...
5.6AI Score
EPSS
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at...
EPSS
7.4AI Score
6.3CVSS
5.5AI Score
EPSS
7.4AI Score
Oracle Linux 8 : kernel (ELSA-2024-3618)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3618 advisory. - uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-26232] {CVE-2023-52439} - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send.....
7.8CVSS
8.7AI Score
0.001EPSS
Chinese State-Backed Cyber Espionage Targets Southeast Asian Government
An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace. "The overall goal behind the campaign was to maintain access to the target network for cyberespionage in.....
7AI Score
Fedora 39 : dotnet8.0 (2024-3acd2ba1d3)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3acd2ba1d3 advisory. This is the May 2024 release for .NET 8. This is a security update for .NET 8. Release notes:...
7.4AI Score