CVE-2022-48662 drm/i915/gem: Really move i915_gem_context.link under ref protection
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Really move i915_gem_context.link under ref protection i915_perf assumes that it can use the i915_gem_context reference to protect its i915->gem.contexts.list iteration. However, this requires that we do not remove...
7.6AI Score
0.0004EPSS
CVE-2022-48633 drm/gma500: Fix WARN_ON(lock->magic != lock) error
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix WARN_ON(lock->magic != lock) error psb_gem_unpin() calls dma_resv_lock() but the underlying ww_mutex gets destroyed by drm_gem_object_release() move the drm_gem_object_release() call in psb_gem_free_object() to.....
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Really move i915_gem_context.link under ref protection i915_perf assumes that it can use the i915_gem_context reference to protect its i915->gem.contexts.list iteration. However, this requires that we do not remove...
7.8CVSS
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix WARN_ON(lock->magic != lock) error psb_gem_unpin() calls dma_resv_lock() but the underlying ww_mutex gets destroyed by drm_gem_object_release() move the drm_gem_object_release() call in psb_gem_free_object() to.....
6.6AI Score
0.0004EPSS
[BSA-119] Security Update for emacs
Sean Whitton uploaded new packages for emacs which fixed the following security problems: CVE-2024-30202 In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. CVE-2024-30203 <believed bogus, request submitted to...
6.8AI Score
0.0005EPSS
Summary IBM Maximo Application Suite - Visual Inspection Component : Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates....
9.8CVSS
7.1AI Score
0.001EPSS
CentOS 9 : python3.9-3.9.18-2.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the python3.9-3.9.18-2.el9 build changelog. The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an...
5.3CVSS
7AI Score
0.001EPSS
e-rong.co.th Cross Site Scripting vulnerability OBB-3921960
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...
9.9AI Score
EPSS
Espionage - A Linux Packet Sniffing Suite For Automated MiTM Attacks
Espionage is a network packet sniffer that intercepts large amounts of data being passed through an interface. The tool allows users to to run normal and verbose traffic analysis that shows a live feed of traffic, revealing packet direction, protocols, flags, etc. Espionage can also spoof ARP so,.....
7.4AI Score
The Rise of Large-Language-Model Optimization
The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming....
6.7AI Score
CHAOS v5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The webapp contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The webapp also...
6.8AI Score
0.0004EPSS
A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or...
8.8CVSS
6.9AI Score
0.0004EPSS
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This...
8.7CVSS
7.5AI Score
0.0004EPSS
Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity
CVE-2023-42793 - TeamCity Admin Account Creation lead to RCE ...
9.8CVSS
10AI Score
0.97EPSS
8.8CVSS
7.4AI Score
0.871EPSS
Apache Solr Backup/Restore API Remote Code Execution Exploit
Apache Solr versions 6.0.0 through 8.11.2 and versions 9.0.0 up to 9.4.1 are affected by an unrestricted file upload vulnerability which can result in remote code execution in the context of the user running Apache Solr. When Apache Solr creates a Collection, it will use a specific directory as...
8.8CVSS
8.7AI Score
0.871EPSS
Suspected CoralRaider continues to expand victimology using three information stealers
_By Joey Chen, Chetan Raghuprasad and Alex Karkins. _ Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys. Talos also discovered a new PowerShell...
8.2AI Score
9.8CVSS
9.9AI Score
0.711EPSS
Gambio Online Webshop 4.9.2.0 Remote Code Execution Exploit
A remote code execution vulnerability in Gambio online webshop versions 4.9.2.0 and below allows remote attackers to run arbitrary commands via an unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an.....
9.8CVSS
10AI Score
0.374EPSS
10CVSS
9.8AI Score
0.957EPSS
9.8CVSS
9.7AI Score
0.374EPSS
FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution Exploit
A remote SQL injection vulnerability exists in FortiNet FortiClient EMS (Endpoint Management Server) versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10. FortiClient EMS serves as an endpoint management solution tailored for enterprises, offering a centralized platform for overseeing enrolled...
9.8CVSS
10AI Score
0.711EPSS
Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme
The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites......
6.8AI Score
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
Summary Get a valid API token, make sure you can access api functions, then replace string on my PoC code, Test on offical OVA image, it's a old version 23.9.1, but this vulerable is also exists on latest version 24.2.0 Details in file api_functions.php, line 307 for function list_devices ```php...
7.2CVSS
8.2AI Score
0.0004EPSS
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
Summary Get a valid API token, make sure you can access api functions, then replace string on my PoC code, Test on offical OVA image, it's a old version 23.9.1, but this vulerable is also exists on latest version 24.2.0 Details in file api_functions.php, line 307 for function list_devices ```php...
7.2CVSS
8.2AI Score
0.0004EPSS
Empowering Small Businesses in the Digital Age: A Must-Read Guide to Web Application & API Security
Small and medium-sized businesses have increasingly become reliant on web applications - whether they are developed or procured, to drive their operations, engage customers, and scale their businesses. The increasing reliance on online operations is underscored by 84% of businesses using digital...
7.4AI Score
java-17-openjdk security update
[17.0.11.0.9-2.0.1] - Add Oracle vendor bug URL [1:17.0.11.0.9-2] - Update to jdk-17.0.11+9 (GA) - Add openjdk-17.0.11+9.tar.xz to .gitignore - Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8 - Update buildver from 7 to 9 - Update portablerelease from 1 to 3 - Change is_ga from....
3.7CVSS
4.6AI Score
0.001EPSS
10CVSS
9.8AI Score
0.957EPSS
10CVSS
7.4AI Score
EPSS
[SECURITY] Fedora 40 Update: opensmtpd-7.4.0p1-1.fc40
OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defi ned by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTPD....
7.8CVSS
7.2AI Score
0.0004EPSS
Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers
Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities.....
9.1CVSS
8.2AI Score
0.027EPSS
Cisco IOS Software SNMP Extended Named Access Control List Bypass (cisco-sa-snmp-uwBXfqww)
According to its self-reported version, Cisco IOS is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more...
7.1AI Score
EPSS
Cisco Integrated Management Controller CLI Command Injection (cisco-sa-cimc-cmd-inj-mUx4c5AJ)
According to its self-reported version, Cisco Integrated Management Controller CLI is affected by a command injection vulnerability. Due to insufficient validation of user-supplied input, the vulnerability could allow an authenticated, local attacker to perform command injection attacks on the...
8.8CVSS
8.9AI Score
0.0004EPSS
Oracle E-Business Suite (April 2024 CPU)
The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions...
9.1CVSS
9.2AI Score
0.001EPSS
Summary UPDATED Feb 2 2024 (New iFixes are available. The new iFixes resolve a technical issue with print queue status. Both sets of iFixes (new and original) resolve the security vulnerabilities described in the bulletin. The new iFixes are only needed if you experience the technical issue...
8.4CVSS
7.9AI Score
0.0004EPSS
Security Bulletin: AIX is vulnerable to email spoofing due to sendmail (CVE-2023-51765)
Summary Vulnerability in sendmail could allow a remote attacker to spoof an email (CVE-2023-51765). Vulnerability Details ** CVEID: CVE-2023-51765 DESCRIPTION: **Proofpoint sendmail is vulnerable to SMTP smuggling, caused by improper handling of line endings . in an email message. By sending a...
5.3CVSS
6.9AI Score
0.002EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...
8.8AI Score
EPSS
Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million
The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data. Cerebral has agreed to an order that will restrict how the company can use or disclose sensitive...
7.5AI Score
FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor
The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak (aka Anunak). "FIN7 identified employees at the company who worked in the IT department and had higher levels of...
7.5AI Score
VectorKernel - PoCs For Kernelmode Rootkit Techniques Research
PoCs for Kernelmode rootkit techniques research or education. Currently focusing on Windows OS. All modules support 64bit OS only. NOTE Some modules use ExAllocatePool2 API to allocate kernel pool memory. ExAllocatePool2 API is not supported in OSes older than Windows 10 Version 2004. If you want.....
7.6AI Score
Cannabis investment scam JuicyFields ends in 9 arrests
Europol and its associates have arrested 9 people in conjunction with a cannabis investment scam known as "JuicyFields". The suspects used social media to lure investors to their website. There they found information about a “golden opportunity” to invest in the cultivation, harvesting and...
6.8AI Score
An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of...
7AI Score
0.0005EPSS
A vulnerability in the Xreader e-document viewer software is related to the lack of failure to properly validate a user-entered string before using it to make a system call. call. Exploitation of the vulnerability could allow an attacker to execute arbitrary code A vulnerability in the Xreader...
7.8CVSS
7.9AI Score
0.001EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1321-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1321-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.8CVSS
8AI Score
EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1322-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1322-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.8CVSS
8.4AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned long overflowed_ctrs, use BIT() instead. This panic happens when running 'perf record -e branches' on sophgo sg2042...
5.5CVSS
7.3AI Score
0.0004EPSS
Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability
A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to...
7AI Score
EPSS
Cisco Integrated Management Controller CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or...
6.9AI Score
0.0004EPSS
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This...
7.8AI Score
0.0004EPSS