6.8AI Score
7.4AI Score
7.4AI Score
The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. The protection is...
8.8CVSS
9.2AI Score
0.001EPSS
SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF)...
8.8CVSS
9.1AI Score
0.001EPSS
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 8 (RHSA-2023:1513)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1513 advisory. SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) snakeyaml: Uncaught exception in...
8.2AI Score
0.013EPSS
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 9 (RHSA-2023:1514)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1514 advisory. SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) snakeyaml: Uncaught exception in...
8.2AI Score
0.013EPSS
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 7 (RHSA-2023:1512)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1512 advisory. SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) snakeyaml: Uncaught exception in...
8.2AI Score
0.013EPSS
Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal
The plugin did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector. - Path Traversal Vulnerabillity also allows listing the entire folder & image file in the...
4.9CVSS
5.5AI Score
0.001EPSS
Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal
The plugin did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector. - Path Traversal Vulnerabillity also allows listing the entire folder & image file in the system. PoC - The below...
4.9CVSS
5.3AI Score
0.001EPSS
Emotet Rises Again: Evades Macro Security via OneNote Attachments
The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542,...
6.9AI Score
Description of the security update for Outlook 2013: March 14, 2023 (KB5002265)
Description of the security update for Outlook 2013: March 14, 2023 (KB5002265) Summary This security update resolves a Microsoft Outlook elevation of privilege vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2023-23397. Note: To apply...
9.8AI Score
0.922EPSS
Threat Source newsletter (March 9, 2023) — Stop freaking out about ChatGPT
Welcome to this week's edition of the Threat Source newsletter. There is no shortage of hyperbolic headlines about ChatGPT out there, everything from how it and other AI tools like it are here to replace all our jobs, make college essays a thing of the past and change the face of cybersecurity as.....
7.8CVSS
7.8AI Score
0.968EPSS
8.8CVSS
8.8AI Score
0.002EPSS
heap-buffer-overflow in utf_ptr2char
Description Heap-buffer-overflow in utf_ptr2char at mbyte.c:1825. vim version git log commit f0300fc7b81e63c2584dc3a763dedea4184d17e5 (grafted, HEAD -> master, tag: v9.0.1365, origin/master, origin/HEAD) # Proof of Concept ``` ./vim -u NONE -i NONE -n -m -X -Z -e -s -S poc8_hbo.dat -c :qa...
6.6CVSS
6.9AI Score
0.001EPSS
The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
5.4CVSS
5.4AI Score
0.001EPSS
The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
5.4CVSS
5.3AI Score
0.001EPSS
The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
5.4CVSS
5.4AI Score
0.001EPSS
CVE-2022-4488 Widgets on Pages < 1.8.0 - Contributor+ Stored XSS
The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
5.6AI Score
0.001EPSS
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the...
7.5CVSS
7.3AI Score
0.002EPSS
Malicious code in karma-jquery2 (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (55d521035684c4dbe2c48fd0ee90ce405fbfb292a771e6c278ad707668d648a0) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems
A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems. The packages – named colorslib (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps...
0.2AI Score
Widgets on Pages <= 1.7.0 - Contributor+ Stored XSS
The plugin does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC [widgets_on_pages.....
5.4CVSS
5AI Score
0.001EPSS
Widgets on Pages <= 1.7.0 - Contributor+ Stored XSS
The plugin does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...
5.4CVSS
5.2AI Score
0.001EPSS
Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities
Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), which were addressed by the...
9.8CVSS
0.3AI Score
0.239EPSS
Important Photon OS Security Update - PHSA-2022-0550
Updates of ['grub2'] packages of Photon OS have been...
9.8CVSS
1.7AI Score
0.001EPSS
Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or...
9.8CVSS
9.9AI Score
0.004EPSS
Upgraded Q -> M from #81 [1670783437328]
Judge has assessed an item in Issue #81 as M risk. The relevant finding follows: After carefully reading all submissions related to the use of selfdestruct, I will change my stance on this kind of issue. Changing the severity back to Medium. The text was updated successfully, but these errors...
6.9AI Score
Consideration of tokens with decimals higher than 18
Lines of code https://github.com/code-423n4/2022-10-inverse/blob/3e81f0f5908ea99b36e6ab72f13488bbfe622183/src/Oracle.sol#L112-L144 Vulnerability details Impact Oracle contract has 2 functions - viewPrice & getPrice - to get the price through the Chainlink price feed in DOLA. Both functions check...
6.8AI Score
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x:...
4.9CVSS
4.9AI Score
0.001EPSS
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser....
6.1CVSS
5.9AI Score
0.001EPSS
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x:....
7.8CVSS
7.7AI Score
0.0004EPSS
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x:...
6.5CVSS
6.4AI Score
0.001EPSS
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a...
5.4CVSS
5.3AI Score
0.001EPSS
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS.....
9.8CVSS
10AI Score
0.002EPSS
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS.....
9.8CVSS
10AI Score
0.002EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities...
9.8CVSS
10AI Score
0.006EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities...
9.8CVSS
10AI Score
0.006EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities...
9.8CVSS
10AI Score
0.006EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities...
9.8CVSS
10AI Score
0.006EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities...
9.8CVSS
10AI Score
0.005EPSS
Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted...
7.8AI Score
0.855EPSS
Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted...
7.6AI Score
0.855EPSS
Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack...
6.7AI Score
0.001EPSS
Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack...
6.5AI Score
0.001EPSS
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID...
7.2AI Score
0.002EPSS
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID...
7.5AI Score
0.002EPSS
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management...
7.3AI Score
0.007EPSS
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management...
7.2AI Score
0.007EPSS
Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE...
8AI Score
0.017EPSS