An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are...
EPSS
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are...
7.7AI Score
EPSS
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method...
7.9AI Score
EPSS
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method...
EPSS
TEMU sued for being “dangerous malware” by Arkansas Attorney General
Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer's mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to...
7.5AI Score
Glastonbury ticket hijack vulnerability fixed
The Glastonbury ticket website was vulnerable to a relatively simple attack that that allowed ticket theft and data leakage. What’s the issue? An attacker could scrape collaborative ticket buying websites (e.g. Reddit) to gather people’s details, use a flaw in the registration process and session.....
6.8AI Score
video-v-dom.ru Cross Site Scripting vulnerability OBB-3939346
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are...
EPSS
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method...
EPSS
DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR...
6.8AI Score
0.0004EPSS
DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR...
0.0004EPSS
CVE-2024-34102: Unauthenticated Magento XXE CVEHunter tool...
9.8CVSS
7AI Score
0.038EPSS
AI has since replaced "cryptocurrency" and "blockchain" as the cybersecurity buzzwords everyone wants to hear. We're not getting as many headlines about cryptocurrency miners, the security risks or promises of the blockchain, or non-fungible tokens being referenced on "Saturday Night Live." A...
9.1CVSS
7.2AI Score
0.0004EPSS
The Windows Registry Adventure #3: Learning resources
Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry......
5.5CVSS
6.7AI Score
0.001EPSS
DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR...
6.8AI Score
0.0004EPSS
7.8CVSS
8AI Score
0.001EPSS
DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR...
0.0004EPSS
**SQL Injection Exposure in Promokit.eu Threatens Facebook's PrestaShop Customers ** PrestaShop is a free, open-source E-commerce platform launched in 2007. Built with PHP and MySQL, it offers customizable, scalable solutions for online stores. Features include product management, inventory...
7.7AI Score
0.0005EPSS
File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php...
7.5AI Score
0.0004EPSS
File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php...
0.0004EPSS
Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section....
5.3CVSS
5.8AI Score
0.0004EPSS
Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties
In this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that I reported in March 2024 as bug 331383939. A similar bug, 331358160, was also reported and was assigned CVE-2024-3832. Both of these bugs were fixed in version 124.0.6367.60/.61....
8.8CVSS
7.6AI Score
0.007EPSS
linux-oracle-6.5 vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...
7.8CVSS
7.7AI Score
0.001EPSS
CVE-2024-37032 Path traversal in Ollama with rogue registry...
7.6AI Score
EPSS
File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php...
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6819-4)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.8AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv: prevent pt_regs corruption for secondary idle threads Top of the kernel thread stack should be reserved for pt_regs. However this is not the case for the idle threads of the secondary boot harts. Their stacks overlap with...
7.8CVSS
7AI Score
0.0004EPSS
Malicious code in uupdated-tricks-v-bucks-generator-free_2023-gcb8f-ahk-fxvb64 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in uupdated-tricks-v-bucks-generator-free_2023-gcb8f-ahk-fxcws34 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in uupdated-tricks-v-bucks-generator-free_2023-gcb8f-ahk-fvcxv5 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in uupdated-tricks-v-bucks-generator-free_2023-gcb8f-ahk-fvcx445 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in uupdated-tricks-v-bucks-generator-free_2023-gcb8f-ahk-fv655 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in uupdated-tricks-v-bucks-generator-free_2023-gcb8f-ahk-fdff (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_20233-tg45r (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_20233-swgt45r (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_20233-eorr (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_20233-afgtr4t5 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_2023-zyx4 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_2023-zn7r3ce7o (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_2023-zkuei (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_2023-zdy8 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_2023-z5of (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_2023-yrm1b (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_2023-yc5rxt5i2 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_2023-yc5rxt5i (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_2023-xnxx (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_2023-xn9wn (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_2023-xfkmti (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_2023-wp0ta (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in updated-tricks-v-bucks-generator-free_2023-wi0j (npm)
-= Per source details. Do not edit below this...
7.1AI Score