8.5CVSS
7.1AI Score
0.005EPSS
7.1AI Score
0.0004EPSS
Microsoft Edge (Chromium-Based) Multiple Spoofing Vulnerabilities - Jun24
Microsoft Edge (Chromium-Based) is prone to multiple spoofing...
5.4CVSS
6.9AI Score
0.0005EPSS
Fedora: Security Advisory for thunderbird (FEDORA-2024-748bedc96c)
The remote host is missing an update for...
7.5AI Score
Mozilla Thunderbird Security Update (mfsa_2024-28) - Windows
Mozilla Thunderbird is prone to multiple ...
6.7AI Score
0.0004EPSS
RHEL 9 : firefox (RHSA-2024:3949)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3949 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
7.7AI Score
0.0004EPSS
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fix(es): firefox: Use-after-free in networking (CVE-2024-5702) firefox: Use-after-free in JavaScript object transplant...
7.8AI Score
0.0004EPSS
RHEL 9 : flatpak (RHSA-2024:3960)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3960 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
8.6AI Score
0.0004EPSS
RHEL 8 : flatpak (RHSA-2024:3963)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3963 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
8.6AI Score
0.0004EPSS
Ivanti Endpoint Manager < 2022 (CVE-2024-22058)
The version of Ivanti Endpoint Manager installed on the remote host is prior to 2022. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22058 advisory. A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute...
7.8CVSS
8.2AI Score
0.0004EPSS
7.8CVSS
8AI Score
0.0005EPSS
6.7AI Score
0.0004EPSS
Fedora: Security Advisory for booth (FEDORA-2024-17e71fc540)
The remote host is missing an update for...
5.9CVSS
5.9AI Score
0.001EPSS
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested
A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...
7.8AI Score
Gradio < 2.5.0 - Arbitrary File Read
Files on the host computer can be accessed from the Gradio...
7.7CVSS
6.7AI Score
0.006EPSS
Gradio > 4.19.1 UploadButton - Path Traversal
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton...
7.5CVSS
6.4AI Score
0.001EPSS
A Guide to RCS, Why Apple’s Adopting It, and How It Makes Texting Better
The messaging standard promises better security and cooler features than plain old SMS. Android has had it for years, but now iPhones are getting it...
7.5AI Score
Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan
Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile...
7AI Score
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
6.4CVSS
0.0004EPSS
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
6.4CVSS
5.7AI Score
0.0004EPSS
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
6.4CVSS
0.0004EPSS
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
6.4CVSS
5.8AI Score
0.0004EPSS
Summary IBM i is vulnerable to a local user enumerating user profile names without authority to the user profile objects as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section....
3.3CVSS
6.2AI Score
0.0004EPSS
openSUSE: Security Advisory for openssl (SUSE-SU-2024:2020-1)
The remote host is missing an update for...
7.1AI Score
EPSS
openSUSE: Security Advisory for mariadb (SUSE-SU-2024:1985-1)
The remote host is missing an update for...
4.9CVSS
5.5AI Score
0.001EPSS
Fedora: Security Advisory for cyrus-imapd (FEDORA-2024-f3e0255c75)
The remote host is missing an update for...
6.5CVSS
6.6AI Score
0.0005EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-5acee8c47f)
The remote host is missing an update for...
8.8CVSS
9AI Score
0.001EPSS
openSUSE: Security Advisory for kernel (SUSE-SU-2024:2005-1)
The remote host is missing an update for...
7.8CVSS
7.7AI Score
0.0004EPSS
SUSE SLES15 Security Update : libaom (SUSE-SU-2024:2030-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2030-1 advisory. - CVE-2024-5171: Fixed heap buffer overflow in img_alloc_helper() caused by integer overflow (bsc#1226020). Tenable has extracted the...
7.5AI Score
0.0004EPSS
openSUSE: Security Advisory for bind (SUSE-SU-2024:1982-1)
The remote host is missing an update for...
7.5CVSS
7.7AI Score
0.05EPSS
openSUSE: Security Advisory for python (SUSE-SU-2024:2029-1)
The remote host is missing an update for...
4.7CVSS
7.1AI Score
0.0004EPSS
openSUSE: Security Advisory for cups (SUSE-SU-2024:2003-1)
The remote host is missing an update for...
4.4CVSS
7.1AI Score
0.0004EPSS
openSUSE: Security Advisory for kernel (SUSE-SU-2024:1990-1)
The remote host is missing an update for...
7.8CVSS
7.7AI Score
0.0004EPSS
openSUSE: Security Advisory for podman (SUSE-SU-2024:2031-1)
The remote host is missing an update for...
8.3CVSS
8.6AI Score
0.0004EPSS
openSUSE: Security Advisory for aws (SUSE-SU-2024:1984-1)
The remote host is missing an update for...
9.8CVSS
9.6AI Score
0.001EPSS
openSUSE: Security Advisory for poppler (SUSE-SU-2024:1980-1)
The remote host is missing an update for...
2.9CVSS
7.1AI Score
0.0004EPSS
openSUSE: Security Advisory for python (SUSE-SU-2024:1571-2)
The remote host is missing an update for...
7.1AI Score
0.0004EPSS
openSUSE: Security Advisory for rmt (SUSE-SU-2024:1974-1)
The remote host is missing an update for...
9.8CVSS
7.1AI Score
0.001EPSS
openSUSE: Security Advisory for tiff (SUSE-SU-2024:2028-1)
The remote host is missing an update for...
5.5CVSS
7.1AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : mariadb (SUSE-SU-2024:2032-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2032-1 advisory. - CVE-2024-21096: Fixed mysqldump unspecified vulnerability (bsc#1225983). - Update to 10.11.8. Tenable has extracted the...
4.9CVSS
5.3AI Score
0.0005EPSS
Fedora: Security Advisory for cyrus-imapd (FEDORA-2024-123f2b3666)
The remote host is missing an update for...
6.5CVSS
6.6AI Score
0.0005EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-86e4115138)
The remote host is missing an update for...
8.8CVSS
9AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2024:2031-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2031-1 advisory. - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated...
8.3CVSS
8.7AI Score
0.0004EPSS
Metasploit Weekly Wrap-Up 06/14/2024
New module content (5) Telerik Report Server Auth Bypass Authors: SinSinology and Spencer McIntyre Type: Auxiliary Pull request: #19242 contributed by zeroSteiner Path: scanner/http/telerik_report_server_auth_bypass AttackerKB reference: CVE-2024-4358 Description: This adds an exploit for...
9.9CVSS
8.2AI Score
0.938EPSS
Gradio Hugging Face - Local File Inclusion
Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio <...
7.5CVSS
6.6AI Score
0.031EPSS
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Golang Go and RabbitMQ Java Client. Vulnerabilities include cause a denial of service condition and cause a memory overflow on the system as described by the CVE in the "Vulnerability Details" section. CVE-2023-45288,...
7.5CVSS
8AI Score
0.002EPSS
Truist bank confirms data breach
On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name "Sp1d3r" offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets,....
7.7AI Score
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in libcurl, cURL and Linux Kernel. Vulnerabilities include an attacker could exploit these vulnerabilities to overflow a buffer and execute arbitrary code on the system, to insert cookies at will into a running program, to....
9.8CVSS
9.7AI Score
0.003EPSS
Summary Multiple vulnerabilities in Golang Go affect IBM Storage Copy Data Management components that leverage Go (essentially VADP 'VM' backup). Vulnerabilities including execution of arbitrary code on the system, remote attacker can cause an infinite loop, as described by the CVEs in the...
8.9AI Score
0.0004EPSS
Security Bulletin: EDB Postgres Advanced Server (EPAS)
Summary This security bulletin identifies a set of common vulnerabilities that have been addressed in EDB Postgres Advanced Server with IBM 15.4. Vulnerability Details ** CVEID: CVE-2023-41113 DESCRIPTION: **EnterpriseDB Postgres Advanced Server could allow a remote authenticated attacker to...
9.8CVSS
8.7AI Score
0.001EPSS