Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please...
6.5CVSS
6.4AI Score
0.0004EPSS
Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please...
6.5CVSS
6.7AI Score
0.0004EPSS
Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users...
6.5CVSS
6.7AI Score
0.0004EPSS
E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation...
5.3CVSS
5.5AI Score
0.0004EPSS
Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please...
6.5CVSS
6.7AI Score
0.0004EPSS
E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer.....
6.5CVSS
6.7AI Score
0.0004EPSS
Oracle Linux 9 : python3.11 (ELSA-2024-2292)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2292 advisory. The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is...
5.3CVSS
6.5AI Score
0.001EPSS
7.4AI Score
Debian dsa-5681 : affs-modules-5.10.0-29-4kc-malta-di - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5681 advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an...
8CVSS
8.2AI Score
0.0005EPSS
HardeningMeter is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems. Its robust capabilities include thorough checks of various binary exploitation protection mechanisms, including Stack Canary, RELRO, randomizations (ASLR, PIC,.....
7.3AI Score
Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities
Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The.....
9.8CVSS
7.6AI Score
0.915EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1490-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1490-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of...
7.8CVSS
7.6AI Score
EPSS
Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset...
7AI Score
0.0004EPSS
Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset...
6.7AI Score
0.0004EPSS
Security above all else—expanding Microsoft’s Secure Future Initiative
Last November, we launched the Secure Future Initiative (SFI) to prepare for the increasing scale and high stakes of cyberattacks. SFI brings together every part of Microsoft to advance cybersecurity protection across our company and products. Since then, the threat landscape has continued to...
7.8AI Score
Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset...
6.9AI Score
0.0004EPSS
Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset...
7.1AI Score
0.0004EPSS
Security Bulletin: Vulnerability in IBM Semeru Runtime affects Host On-Demand
Summary There is a vulnerability in IBM Semeru Runtime Quarterly Critical Patch Update - Jan 2024 - Includes OpenJDK Jan 2024 Critical Patch Update. Host On-Demand has addressed the applicable CVE plus CVE-2024-22361. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified...
7.5CVSS
6.5AI Score
0.001EPSS
Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Host On-Demand
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by Host On-Demand. Host On-Demand has addressed the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2023 Critical....
5.9CVSS
5.6AI Score
0.0004EPSS
New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw
A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks. The vulnerability in question is CVE-2015-2051 (CVSS score: 9.8), which affects D-Link DIR-645...
8.6AI Score
0.972EPSS
[SECURITY] Fedora 40 Update: php-tcpdf-6.7.5-1.fc40
PHP class for generating PDF documents. * no external libraries are required for the basic functions; * all standard page formats, custom page formats, custom margins and units of measure; * UTF-8 Unicode and Right-To-Left languages; * TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1...
6.5AI Score
0.0004EPSS
kernel security, bug fix, and enhancement update
[5.14.0-427.13.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update...
9.8CVSS
7.5AI Score
0.003EPSS
9.8CVSS
7AI Score
0.974EPSS
Deepfakes and AI-Driven Disinformation Threaten Polls
Cheap and easy access to AI makes it harder to detect state-sponsored and homegrown campaigns during this election...
7.2AI Score
Splunk Enterprise 9.0.0 < 9.0.8, 9.1.0 < 9.1.3 (SVD-2024-0109)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0109 advisory. Line directives (//line) can be used to bypass the restrictions on //go:cgo_ directives, allowing blocked linker and...
9.8CVSS
8.5AI Score
0.005EPSS
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted...
8.8CVSS
9.1AI Score
0.0004EPSS
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted...
8.8CVSS
9.7AI Score
0.0004EPSS
CVE-2024-32018 Ineffective size check due to assert() and buffer overflow in RIOT
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted...
8.8CVSS
8.2AI Score
0.0004EPSS
CVE-2024-32018 Ineffective size check due to assert() and buffer overflow in RIOT
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted...
8.8CVSS
9.2AI Score
0.0004EPSS
Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks
This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27,...
7.2AI Score
SUSE SLES15 Security Update : python311 (SUSE-SU-2024:0782-2)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0782-2 advisory. xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace...
9.8CVSS
7.7AI Score
0.035EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1480-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1480-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic...
7.8CVSS
8AI Score
EPSS
A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...
7.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...
7.3CVSS
7.3AI Score
0.0004EPSS
CVE-2024-4349 SourceCodester Pisay Online E-Learning System controller.php unrestricted upload
A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...
7.3CVSS
7.5AI Score
0.0004EPSS
Windows Registry Security Descriptor Utility
Read or write a Windows registry security descriptor remotely. In READ mode, the FILE option can be set to specify where the security descriptor should be written to. The following format is used: key: security_info: sd: In WRITE mode, the FILE option can be used to specify the information needed.....
7.2AI Score
Exploit for Use After Free in Linux Linux Kernel
CVE-2024-1086 Universal local privilege escalation...
7.8CVSS
7.9AI Score
0.002EPSS
Introducing the Wallarm Q1 2024 API ThreatStats™ Report
As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API attacks targeting AI-based applications, representing a new and rapidly expanding threat vector. And while we...
7.5AI Score
Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years
Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the...
7.2AI Score
ThievingFox - Remotely Retrieving Credentials From Password Managers And Windows Utilities
ThievingFox is a collection of post-exploitation tools to gather credentials from various password managers and windows utilities. Each module leverages a specific method of injecting into the target process, and then hooks internals functions to gather crendentials. The accompanying blog post...
8.3AI Score
[SECURITY] [DLA 3802-1] org-mode security update
Debian LTS Advisory DLA-3802-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton April 30, 2024 https://wiki.debian.org/LTS Package : org-mode Version : 9.1.14+dfsg-3+deb10u2 CVE...
6.1AI Score
0.0005EPSS
(RHSA-2024:2290) Moderate: mutt security update
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix(es): mutt: null pointer dereference (CVE-2023-4874) mutt: null pointer dereference...
6.5AI Score
0.001EPSS
A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...
3.5CVSS
3.6AI Score
0.0004EPSS
A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...
3.5CVSS
6AI Score
0.0004EPSS
CVE-2024-4327 Apryse WebViewer PDF Document cross site scripting
A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...
3.5CVSS
4AI Score
0.0004EPSS
Moderate: mutt security update
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix(es): mutt: null pointer dereference (CVE-2023-4874) mutt: null pointer dereference...
6.5CVSS
6.4AI Score
0.001EPSS
Debian dla-3802 : elpa-org - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3802 advisory. In Emacs before 29.3, Gnus treats inline MIME contents as trusted. (CVE-2024-30203) In Emacs before 29.3, LaTeX preview is enabled by default for e-mail...
6.8AI Score
0.0005EPSS
RHEL 9 : mutt (RHSA-2024:2290)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2290 advisory. Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and...
6.5CVSS
6.1AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1466-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1466-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.8CVSS
7.5AI Score
EPSS
Moderate: mutt security update
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix(es): mutt: null pointer dereference (CVE-2023-4874) mutt: null pointer dereference...
6.5CVSS
6.5AI Score
0.001EPSS