Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should....
4.3CVSS
7AI Score
0.0004EPSS
CVE-2024-29036 Saleor Storefront session leak in cache
Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should....
4.3CVSS
5AI Score
0.0004EPSS
New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner
Sysrv is a well-documented botnet first identified in 2020, with the main payload being a worm written in Golang. It drops a cryptominer onto infected hosts before attempting to propagate itself using various methods, including network vulnerabilities. Over the past few years, the botnet has...
10AI Score
0.975EPSS
Jupyter Server Proxy's Websocket Proxying does not require authentication
Summary jupyter-server-proxy is used to expose ports local to a Jupyter server listening to web traffic to the Jupyter server's authenticated users by proxying web requests and websockets. Dependent packages (partial list) also use jupyter-server-proxy to expose other popular interactive...
9CVSS
7.9AI Score
0.0004EPSS
Jupyter Server Proxy's Websocket Proxying does not require authentication
Summary jupyter-server-proxy is used to expose ports local to a Jupyter server listening to web traffic to the Jupyter server's authenticated users by proxying web requests and websockets. Dependent packages (partial list) also use jupyter-server-proxy to expose other popular interactive...
9CVSS
7.9AI Score
0.0004EPSS
e-campus.itech.fr Cross Site Scripting vulnerability OBB-3879870
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
e--team.de Cross Site Scripting vulnerability OBB-3879766
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
e-lir.ch Cross Site Scripting vulnerability OBB-3879706
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
(RHSA-2024:1408) Moderate: emacs security update
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news. Security Fix(es): emacs: command execution via shell metacharacters (CVE-2022-48337) emacs: command...
7.6AI Score
0.002EPSS
e-compendium.be Cross Site Scripting vulnerability OBB-3879150
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
e-oksi.ru.xx3.kz Cross Site Scripting vulnerability OBB-3878992
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
AI and the Evolution of Social Media
Oh, how the mighty have fallen. A decade ago, social media was celebrated for sparking democratic uprisings in the Arab world and beyond. Now front pages are splashed with stories of social platforms’ role in misinformation, business conspiracy, malfeasance, and risks to mental health. In a 2022...
6.3AI Score
E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials
A 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands of compromised credentials, the Department of Justice (DoJ) announced. Sandu Boris Diaconu was charged...
7.1AI Score
update I've since published a Spring Tips video on this very topic! If you'd prefer, you could watch that instead. Hi, Spring fans! Happy Java 22 release day, to those who celebrate! Did you get the bits already? Go, go, go! Java 22 is a significant improvement that I think is a worthy upgrade for....
7.2AI Score
10CVSS
7.4AI Score
0.971EPSS
Cisco IOS Software Command Authorization Bypass (cisco-sa-aaascp-Tyj4fEJm)
According to its self-reported version, Cisco IOS is affected by a vulnerability. A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command...
9.1CVSS
7.4AI Score
0.001EPSS
RHEL 8 : emacs (RHSA-2024:1408)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1408 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language...
9.8CVSS
9.6AI Score
0.002EPSS
e-image.cz Cross Site Scripting vulnerability OBB-3877650
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted
By Waqas Cyber Warfare Takes Flight: Geopolitics Fuel Attacks on Airlines - Dark Web Tool Aims at E-commerce! This is a post from HackRead.com Read the original post: Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries...
7.3AI Score
e-paint.co.uk Cross Site Scripting vulnerability OBB-3876648
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
9.8CVSS
7.2AI Score
0.971EPSS
6.6AI Score
0.179EPSS
7.4AI Score
SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Click SendPress (which is...
5.4AI Score
0.0004EPSS
9.8CVSS
7.4AI Score
0.971EPSS
SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
e-mince.cz Cross Site Scripting vulnerability OBB-3876055
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
e-image.cz Cross Site Scripting vulnerability OBB-3874875
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") added an implementation of the locked_down LSM hook to SELinux, with the aim to...
6.4AI Score
0.0004EPSS
e-tokko.com Cross Site Scripting vulnerability OBB-3874087
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0900-2)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0900-2 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...
7.8CVSS
8.3AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") added an implementation of the locked_down LSM hook to SELinux, with the aim to...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") added an implementation of the locked_down LSM hook to SELinux, with the aim to...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") added an implementation of the locked_down LSM hook to SELinux, with the aim to...
6.9AI Score
0.0004EPSS
CVE-2021-47128 bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks
In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") added an implementation of the locked_down LSM hook to SELinux, with the aim to...
6.6AI Score
0.0004EPSS
CVE-2021-47128 bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks
In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") added an implementation of the locked_down LSM hook to SELinux, with the aim to...
6.7AI Score
0.0004EPSS
8.4AI Score
0.0004EPSS
Exploit for File Descriptor Leak in Linuxfoundation Runc
PoC of CVE-2024-21626 Read my full article for detailed...
8.6CVSS
8.7AI Score
0.051EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0900-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0900-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...
7.8CVSS
8.3AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") added an implementation of the locked_down LSM hook to SELinux, with the aim to...
6.5AI Score
0.0004EPSS
Summary Vulnerabilities in AIX's OpenSSH could allow a remote attacker to launch a machine-in-the-middle attack (CVE-2023-48795) and execute arbitrary commands (CVE-2023-51385), and could allow a local authenticated attacker to obtain sensitive information (CVE-2023-51384). OpenSSH is used by AIX.....
6.5CVSS
7.5AI Score
0.963EPSS
A flaw was found in Libreswan. This issue causes Libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret), and the connection cannot find a matching configured secret. When automatically added on startup using the auto=...
7.2AI Score
0.0004EPSS
LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada
A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice (DoJ)...
7.1AI Score
Siemens SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
6.5CVSS
7.5AI Score
0.001EPSS
e-campus.itech.fr Cross Site Scripting vulnerability OBB-3871485
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.4AI Score
9.8CVSS
7.4AI Score
0.71EPSS
9.9CVSS
9.7AI Score
EPSS
Moodle Denial of Service Vulnerability (CNVD-2024-13538)
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A denial-of-service vulnerability exists in Moodle, which stems from insufficient file size checking, and can be exploited by an...
7.5CVSS
6.6AI Score
0.0004EPSS
9.9CVSS
7.1AI Score
0.71EPSS