Let's Plunge Further: Steering through the Twists and Turns of the Invisible Web and Shadow Web Think of the internet as an unbounded digital cosmos; our daily interaction only grazes the surface. Dwelling beneath tiers of commonly visited websites is a complex maze of data, christened the...
6.7AI Score
Lines of code https://github.com/code-423n4/2023-10-party/blob/b23c65d62a20921c709582b0b76b387f2bb9ebb5/contracts/crowdfund/ETHCrowdfundBase.sol#L317-L336 https://github.com/code-423n4/2023-10-party/blob/b23c65d62a20921c709582b0b76b387f2bb9ebb5/contracts/crowdfund/ETHCrowdfundBase.sol#L339-L359...
7AI Score
Exploit for Improper Check for Unusual or Exceptional Conditions in Polkit Project Polkit
Polkit Vulnerability - CVE-2021-3560 :closed_book: ...
7.8CVSS
8.6AI Score
0.012EPSS
Users pay higher fee than intended
Lines of code Vulnerability details Impact Protocol mints incorrect depositAmount and depositShare to protocol. Such that reserveFee is higher than defined. Suppose following scenario: Tranche 2 has 20% APR, has 5_000 borrowed Tranche 1 has 10% APR, has 10_000 borrowed ReserveFee is 10% It means...
7.2AI Score
Russian Reshipping Service ‘SWAT USA Drop’ Exposed
The login page for the criminal reshipping service SWAT USA Drop. One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here's a closer look at the Russia-based SWAT USA Drop Service,...
6.5AI Score
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the...
9.8CVSS
9.3AI Score
0.001EPSS
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the...
9.8CVSS
9.2AI Score
0.001EPSS
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the...
9.8CVSS
9.4AI Score
0.001EPSS
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the...
8.3CVSS
9.6AI Score
0.001EPSS
Franklin Fueling System TS-550
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Franklin Fueling System Equipment: TS-550 Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation...
9.8CVSS
7.6AI Score
0.001EPSS
Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]
As part of our continuing research project into managed file transfer risk, including JSCAPE MFT and Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT and Titan SFTP servers. Although these require unusual circumstances or non-default...
9.1CVSS
8.9AI Score
0.001EPSS
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The...
8.8CVSS
7.4AI Score
0.016EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
8.8CVSS
7.8AI Score
0.001EPSS
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the...
8.8CVSS
8.4AI Score
0.0005EPSS
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the...
8.8CVSS
8.2AI Score
0.0005EPSS
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the...
8.8CVSS
8.4AI Score
0.0005EPSS
What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS
Google introduced the new ".zip" Top Level Domain (TLD) on May 3, 2023, igniting a firestorm of controversy as security organizations warned against the confusion that was certain to occur. When clicking on a name that ends in ".zip" are people intending to open an archive file or an internet...
6.8AI Score
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript...
9.8CVSS
7.7AI Score
0.004EPSS
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript...
7.5CVSS
7AI Score
0.003EPSS
A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript...
9.8CVSS
7.7AI Score
0.003EPSS
Description of the security update for Outlook 2013: August 8, 2023 (KB5002449)
Description of the security update for Outlook 2013: August 8, 2023 (KB5002449) Summary This security update resolves a Microsoft Outlook spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2023-36893. Note: To apply this security...
6.7AI Score
0.001EPSS
In the first 6 months of 2023, our team has already added 2,471[1] individual vulnerability records to the Wordfence Intelligence WordPress Vulnerability Database. These vulnerabilities affected 1,680[2] WordPress software components. This means we have already surpassed the total number of...
9.1AI Score
Avoid the use of hard coded slippage
Lines of code Vulnerability details Impact In OptionsPositionManager.sol, swapExactTokensForTokens() has used the hardcoded slippage of 1% which is used in withdrawOptionAssets() and swapTokens() functions. function swapExactTokensForTokens(IUniswapV2Router01 ammRouter, IPriceOracle oracle, uint...
6.8AI Score
Description of the security update for Outlook 2013: July 11, 2023 (KB5002432)
Description of the security update for Outlook 2013: July 11, 2023 (KB5002432) Summary This security update resolves a Microsoft Outlook spoofing vulnerability, and Microsoft Outlook security feature bypass vulnerability. To learn more about the vulnerabilities, see the following security...
7.7AI Score
0.012EPSS
Description of the security update for Outlook 2013: June 13, 2023 (KB5002382)
Description of the security update for Outlook 2013: June 13, 2023 (KB5002382) Summary This security update resolves a Microsoft Outlook remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2023-33131. Note: To apply...
8.9AI Score
0.107EPSS
RHEL 9 : Red Hat Single Sign-On 7.6.3 security update on RHEL 9 (Moderate) (RHSA-2023:2707)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2707 advisory. okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341) undertow: Server identity in https connection...
7.6AI Score
0.003EPSS
RHEL 8 : Red Hat Single Sign-On 7.6.3 security update on RHEL 8 (Moderate) (RHSA-2023:2706)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2706 advisory. okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341) undertow: Server identity in https connection...
7.6AI Score
0.003EPSS
RHEL 7 : Red Hat Single Sign-On 7.6.3 security update on RHEL 7 (Moderate) (RHSA-2023:2705)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2705 advisory. okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341) undertow: Server identity in https connection...
7.6AI Score
0.003EPSS
Incorrect calculation of the remaining updatedRewards leads to possible underflow error
Lines of code https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L725 Vulnerability details Impact RewardsManage.sol keeps track of the total number of rewards collected per epoch for all pools: File:...
6.8AI Score
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the resourceStart2 command in the CADM...
9.8CVSS
7.4AI Score
0.004EPSS
CISA Warns of Critical Flaws in Illumina's DNA Sequencing Instruments
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service (UCS) software in the Illumina MiSeqDx, NextSeq 550Dx,...
8AI Score
0.004EPSS
Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or...
9.8CVSS
9.5AI Score
0.004EPSS
Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote...
10CVSS
7.6AI Score
0.002EPSS
Illumina Universal Copy Service
EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Illumina Equipment: Universal Copy Service (UCS) Vulnerabilities: Binding to an Unrestricted IP Address, Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of these...
10CVSS
7.5AI Score
0.004EPSS
Schneider Electric NetBotz Cross-Site Scripting Vulnerability
Schneider Electric NetBotz is a proactive monitoring solution from Schneider Electric, France. It is designed to protect against physical, environmental or human threats that can cause disruption or downtime to IT infrastructure. Schneider Electric NetBotz suffers from a cross-site scripting...
6.1CVSS
6.2AI Score
0.0005EPSS
7.4AI Score
6.8AI Score
6.8AI Score
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
6.5CVSS
6.5AI Score
0.001EPSS
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
6.5CVSS
6.4AI Score
0.001EPSS
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
6.5CVSS
6.5AI Score
0.001EPSS
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
6.1CVSS
7.6AI Score
0.0005EPSS
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
7.5CVSS
7.6AI Score
0.001EPSS
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
7.6CVSS
6.4AI Score
0.0005EPSS
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
7.5CVSS
7.5AI Score
0.001EPSS
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
7.5CVSS
7.6AI Score
0.001EPSS
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
6.1CVSS
6.3AI Score
0.0005EPSS
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
6.5CVSS
6.7AI Score
0.001EPSS
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
7.5CVSS
7.8AI Score
0.001EPSS
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
7.6CVSS
7.8AI Score
0.0005EPSS