The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level...
7AI Score
0.0004EPSS
8.2CVSS
8.5AI Score
0.082EPSS
U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022. This includes Bitpapa IC FZC LLC, Crypto Explorer...
7.1AI Score
e-lir.ch Cross Site Scripting vulnerability OBB-3886900
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram...
7.7AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_size, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G the following...
7.6AI Score
0.0004EPSS
Linksys E2000 Router <= 1.0.06 Build 1 Authentication Bypass Vulnerability
Linksys E2000 routers are prone to an authentication bypass ...
6.8AI Score
0.001EPSS
9.8CVSS
7AI Score
0.873EPSS
7.4AI Score
e-image.cz Cross Site Scripting vulnerability OBB-3885325
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Top 4 Industries at Risk of Credential Stuffing and Account Takeover (ATO) attacks
All industries are at risk of credential stuffing and account takeover (ATO) attacks. However, some industries are at a greater risk because of the sensitive information or volume of customer data they possess. While cyber-attacks come in all forms and techniques, credential stuffing involves an...
6.9AI Score
6.3AI Score
0.0005EPSS
7.2AI Score
0.0005EPSS
6.4AI Score
0.0005EPSS
This exploit module leverages an Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session properties by...
9.8CVSS
8.9AI Score
0.959EPSS
e-tipa.org Cross Site Scripting vulnerability OBB-3884844
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. Bugs ...
7.2AI Score
0.0005EPSS
Fedora: Security Advisory for amavis (FEDORA-2024-1d87055861)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
6.7AI Score
0.0005EPSS
7.4AI Score
7.4AI Score
0.0004EPSS
10CVSS
7.4AI Score
0.873EPSS
Fedora: Security Advisory for amavis (FEDORA-2024-8bbcae6af2)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
Fedora: Security Advisory for amavis (FEDORA-2024-3cf9eb64ba)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
New emacs packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/emacs-29.3-i586-1_slack15.0.txz: Upgraded. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in...
7.8CVSS
7.9AI Score
0.001EPSS
Gambio Online Webshop unauthenticated PHP Deserialization Vulnerability
A Remote Code Execution vulnerability in Gambio online webshop version 4.9.2.0 and lower allows remote attackers to run arbitrary commands via unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an...
9.8CVSS
9AI Score
0.374EPSS
e-hong.com.tw Cross Site Scripting vulnerability OBB-3884608
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
e-auto.cz Cross Site Scripting vulnerability OBB-3884512
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
[SECURITY] Fedora 39 Update: amavis-2.13.1-1.fc39
amavis is a high-performance and reliable interface between mailer (MTA) and one or more content checkers: virus scanners, and/or Mail::SpamAssassin Perl module. It is written in Perl, assuring high reliability, portability and maintainability. It talks to MTA via (E)SMTP or LMTP, or by using...
6.5AI Score
0.0004EPSS
[SECURITY] Fedora 38 Update: amavis-2.13.1-1.fc38
amavis is a high-performance and reliable interface between mailer (MTA) and one or more content checkers: virus scanners, and/or Mail::SpamAssassin Perl module. It is written in Perl, assuring high reliability, portability and maintainability. It talks to MTA via (E)SMTP or LMTP, or by using...
6.5AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: amavis-2.13.1-1.fc40
amavis is a high-performance and reliable interface between mailer (MTA) and one or more content checkers: virus scanners, and/or Mail::SpamAssassin Perl module. It is written in Perl, assuring high reliability, portability and maintainability. It talks to MTA via (E)SMTP or LMTP, or by using...
6.5AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0977-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0977-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...
7.8CVSS
8.3AI Score
EPSS
7.5AI Score
EPSS
7.4AI Score
EPSS
Grav File Upload Path Traversal
Summary Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files.....
8.8CVSS
9.4AI Score
0.0004EPSS
Grav File Upload Path Traversal
Summary Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files.....
8.8CVSS
9.4AI Score
0.0004EPSS
New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S.
Cybersecurity researchers have detected a new wave of phishing attacks that aim to deliver an ever-evolving information stealer referred to as StrelaStealer. The campaigns impact more than 100 organizations in the E.U. and the U.S., Palo Alto Networks Unit 42 researchers said in a new report...
7AI Score
Reflectionless Templates With Spring
A few Java libraries have shown up recently that use text templates, but compile to Java classes at build time. They can thus claim to some extent to be "reflection free". Together with potential benefits of runtime performance, they promise to be easy to use and integrate with GraalVM native...
7.2AI Score
7.4AI Score
A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit...
4.7CVSS
6.9AI Score
0.0004EPSS
A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit...
4.7CVSS
4.9AI Score
0.0004EPSS
CVE-2024-2754 SourceCodester Complete E-Commerce Site users_photo.php unrestricted upload
A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit...
4.7CVSS
5.3AI Score
0.0004EPSS
e-image.cz Cross Site Scripting vulnerability OBB-3882547
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Mozilla Firefox ESR and Thunderbird Denial of Service Vulnerabilities
Mozilla Firefox ESR is an extended support version of Firefox (the Web browser).Mozilla Thunderbird is a suite of e-mail client software separate from the Mozilla Application Suite. A denial of service vulnerability exists in Mozilla Firefox ESR and Thunderbird, which is caused by an ICU...
6.3AI Score
0.0004EPSS
8CVSS
7.4AI Score
0.0004EPSS
Exploit for Use After Free in Linux Linux Kernel
CVE-2024-1086 Universal local privilege escalation...
7.8CVSS
7.9AI Score
0.002EPSS
Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should....
4.3CVSS
4.7AI Score
0.0004EPSS
Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should....
4.3CVSS
6.9AI Score
0.0004EPSS