Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...
7.1CVSS
7AI Score
0.0004EPSS
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...
7.1CVSS
7.2AI Score
0.0004EPSS
CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...
7.1CVSS
7.2AI Score
0.0004EPSS
CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a...
7.1CVSS
0.0004EPSS
Update now! Google Pixel vulnerability is under active exploitation
Google has notified Pixel users about an actively exploited vulnerability in their phones' firmware. Firmware is the code or program which is embedded into hardware devices. Simply put, it is the software layer between the hardware and the applications on the device. About the vulnerability,...
7.8CVSS
7.5AI Score
0.001EPSS
As India concluded the world's largest election on June 5, 2024, with over 640 million votes counted, observers could assess how the various parties and factions used artificial intelligence technologies--and what lessons that holds for the rest of the world. The campaigns made extensive use of...
7.2AI Score
Operation Celestial Force employs mobile and desktop malware to target Indian entities
By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...
7.2AI Score
Cinterion EHS5 3G UMTS/HSPA Module Research
Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many...
6.4CVSS
8.2AI Score
0.001EPSS
An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the....
4.1CVSS
0.0004EPSS
An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the....
4.1CVSS
4.7AI Score
0.0004EPSS
An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the....
4.1CVSS
0.0004EPSS
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
5.4AI Score
0.0004EPSS
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
0.0004EPSS
CVE-2024-4149 Floating Chat Widget < 3.2.3 - Admin+ Stored XSS
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
5.7AI Score
0.0004EPSS
CVE-2024-4149 Floating Chat Widget < 3.2.3 - Admin+ Stored XSS
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
0.0004EPSS
7.8CVSS
8AI Score
0.001EPSS
Driving forward in Android drivers
Posted by Seth Jenkins, Google Project Zero Introduction Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases...
7.8CVSS
7.5AI Score
0.001EPSS
7.4AI Score
EPSS
RHEL 8 : dnsmasq (RHSA-2024:3929)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3929 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol)...
7.5CVSS
8.4AI Score
0.05EPSS
9.8CVSS
7.1AI Score
0.004EPSS
Oracle Linux 9 : gvisor-tap-vsock (ELSA-2024-3830)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3830 advisory. - rebuild for CVE-2023-45290 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...
5.4AI Score
0.0004EPSS
RHEL 9 : nghttp2 (RHSA-2024:3875)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3875 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: CONTINUATION...
5.3CVSS
5.5AI Score
0.0004EPSS
4.4CVSS
4.9AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cups (SUSE-SU-2024:2003-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2003-1 advisory. - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of...
4.4CVSS
4.7AI Score
0.0004EPSS
SUSE SLES12 Security Update : cups (SUSE-SU-2024:2002-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2002-1 advisory. - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system....
4.4CVSS
4.6AI Score
0.0004EPSS
RHEL 9 : expat (RHSA-2024:3926)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3926 advisory. Expat is a C library for parsing XML documents. Security Fix(es): * expat: parsing large tokens can trigger a denial of service...
7.5CVSS
10AI Score
0.001EPSS
RHEL 8 : dnsmasq (RHSA-2024:3877)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3877 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol)...
7.5CVSS
8.2AI Score
0.05EPSS
Fedora 39 : php (2024-52c23ef1ec)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-52c23ef1ec advisory. PHP version 8.2.20 (06 Jun 2024) CGI: * Fixed buffer limit on Windows, replacing read call usage by _read. (David Carlier) * Fixed bug...
9.8CVSS
8.8AI Score
0.973EPSS
7.8CVSS
7.4AI Score
0.0005EPSS
4.4CVSS
4.9AI Score
0.0004EPSS
7.8CVSS
7.3AI Score
0.0004EPSS
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2005-1 advisory. Security Update 550.90.07: - CVE-2024-0090: Fixed out of bounds write (bsc#1223356). - CVE-2024-0092: Fixed incorrect exception...
7.8CVSS
7AI Score
0.0004EPSS
7.4AI Score
EPSS
7.1AI Score
0.0004EPSS
7.4CVSS
7.1AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
5.5CVSS
5.6AI Score
0.001EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.14.29 (RHSA-2024:3700)
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3700 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...
8.1CVSS
7.3AI Score
0.0004EPSS
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:2012-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2012-1 advisory. - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking - CVE-2024-5688: Use-after-free in...
7.5AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2008-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...
9.8CVSS
8.8AI Score
EPSS
Summary There is a vulnerability in Java on z/OS used by IBM Maximo Asset Management application. Vulnerability Details ** CVEID: CVE-2024-3933 DESCRIPTION: **Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure to restrict access to a...
5.3CVSS
6.9AI Score
0.0004EPSS
Summary There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application. Vulnerability Details ** CVEID: CVE-2024-29203 DESCRIPTION: **TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the iframe elements. A...
4.3CVSS
6.8AI Score
0.0004EPSS
Summary There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application. (CVE-2024-29881). Vulnerability Details ** CVEID: CVE-2024-29881 DESCRIPTION: **TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...
4.3CVSS
6.9AI Score
0.0004EPSS
Summary IBM Maximo Asset Management application is vulnerable to sensitive information disclosure. Vulnerability Details ** CVEID: CVE-2024-22333 DESCRIPTION: **IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4...
6.2AI Score
0.0004EPSS
Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure. Vulnerability Details ** CVEID: CVE-2024-22333 DESCRIPTION: **IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system......
6.1AI Score
0.0004EPSS
Introducing the 0-day Threat Hunt Bug Bounty Promo Through July 11th, 2024!
At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 5 million WordPress websites. That's why we’ve decided to run another exciting and new promotion for our Bug Bounty Program. With this promotion, our goal is to get more of the highest...
7.8AI Score
Summary IBM Maximo Application Suite uses bcprov-jdk18on-1.74.jar which is vulnerable to CVE-2024-30171.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-30171 DESCRIPTION: **The Bouncy Castle Crypto Package For Java could...
6.4AI Score
0.0004EPSS
Summary IBM Maximo Application Suite Predict Component IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable toCVE-2024-25026 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-25026 ....
5.9CVSS
7AI Score
0.0004EPSS
Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354).This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details **...
7CVSS
7.1AI Score
0.0004EPSS
Summary IBM Maximo Application Suite Predict Component uses: webSphere Application Server Liberty is vulnerable to a server-side request forgery (SSRF) vulnerability which is vulnerable to CVE-2024-22329. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability....
4.3CVSS
6.3AI Score
0.0004EPSS