Lucene search

RD55UP06-V, Security Vulnerabilities

nvd

CVE-2024-27629

An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are...

EPSS

2024-06-28 07:15 PM

cve

CVE-2024-27629

7.7AI Score

EPSS

2024-06-28 07:15 PM

cve

CVE-2024-27628

Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method...

7.9AI Score

EPSS

2024-06-28 07:15 PM

nvd

CVE-2024-27628

Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method...

EPSS

2024-06-28 07:15 PM

malwarebytes

TEMU sued for being “dangerous malware” by Arkansas Attorney General

Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer's mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to...

7.5AI Score

2024-06-28 04:15 PM

pentestpartners

Glastonbury ticket hijack vulnerability fixed

The Glastonbury ticket website was vulnerable to a relatively simple attack that that allowed ticket theft and data leakage. What’s the issue? An attacker could scrape collaborative ticket buying websites (e.g. Reddit) to gather people’s details, use a flaw in the registration process and session.....

6.8AI Score

2024-06-28 12:31 PM

openbugbounty

video-v-dom.ru Cross Site Scripting vulnerability OBB-3939346

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-28 04:52 AM

cvelist

CVE-2024-27629

EPSS

2024-06-28 12:00 AM

cvelist

CVE-2024-27628

Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method...

EPSS

2024-06-28 12:00 AM

cve

CVE-2024-31802

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR...

6.8AI Score

0.0004EPSS

2024-06-27 08:15 PM

nvd

CVE-2024-31802

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR...

0.0004EPSS

2024-06-27 08:15 PM

githubexploit

Exploit for CVE-2024-34102

CVE-2024-34102: Unauthenticated Magento XXE CVEHunter tool...

9.8CVSS

7AI Score

0.038EPSS

2024-06-27 06:10 PM

talosblog

We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there

AI has since replaced "cryptocurrency" and "blockchain" as the cybersecurity buzzwords everyone wants to hear. We're not getting as many headlines about cryptocurrency miners, the security risks or promises of the blockchain, or non-fungible tokens being referenced on "Saturday Night Live." A...

9.1CVSS

7.2AI Score

0.0004EPSS

2024-06-27 06:00 PM

googleprojectzero

The Windows Registry Adventure #3: Learning resources

Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry......

5.5CVSS

6.7AI Score

0.001EPSS

2024-06-27 12:00 AM

vulnrichment

CVE-2024-31802

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR...

6.8AI Score

0.0004EPSS

2024-06-27 12:00 AM

openvas

Ubuntu: Security Advisory (USN-6819-4)

The remote host is missing an update for...

7.8CVSS

8AI Score

0.001EPSS

2024-06-27 12:00 AM

cvelist

CVE-2024-31802

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR...

0.0004EPSS

2024-06-27 12:00 AM

wallarmlab

CVE-2024-36680: SQL Injection Vulnerability in Facebook’s PrestaShop Module Exposes Thousands of E-commerce Sites to Credit Card Fraud

**SQL Injection Exposure in Promokit.eu Threatens Facebook's PrestaShop Customers ** PrestaShop is a free, open-source E-commerce platform launched in 2007. Built with PHP and MySQL, it offers customizable, scalable solutions for online stores. Features include product management, inventory...

7.7AI Score

0.0005EPSS

2024-06-26 10:45 PM

cve

CVE-2023-26877

File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php...

7.5AI Score

0.0004EPSS

2024-06-26 08:15 PM

nvd

CVE-2023-26877

File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php...

0.0004EPSS

2024-06-26 08:15 PM

ibm

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section....

5.3CVSS

5.8AI Score

0.0004EPSS

2024-06-26 04:24 PM

github

Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties

In this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that I reported in March 2024 as bug 331383939. A similar bug, 331358160, was also reported and was assigned CVE-2024-3832. Both of these bugs were fixed in version 124.0.6367.60/.61....

8.8CVSS

7.6AI Score

0.007EPSS

2024-06-26 04:00 PM

osv

linux-oracle-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...

7.8CVSS

7.7AI Score

0.001EPSS

2024-06-26 01:01 PM

githubexploit

Exploit for CVE-2024-37032

CVE-2024-37032 Path traversal in Ollama with rogue registry...

7.6AI Score

EPSS

2024-06-26 03:11 AM

cvelist

CVE-2023-26877

File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php...

0.0004EPSS

2024-06-26 12:00 AM

nessus

Ubuntu 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6819-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

7.8CVSS

7.8AI Score

0.001EPSS

2024-06-26 12:00 AM

redhatcve

CVE-2024-38667

In the Linux kernel, the following vulnerability has been resolved: riscv: prevent pt_regs corruption for secondary idle threads Top of the kernel thread stack should be reserved for pt_regs. However this is not the case for the idle threads of the secondary boot harts. Their stacks overlap with...

7.8CVSS

7AI Score

0.0004EPSS

2024-06-25 01:52 PM

osv

Malicious code in uupdated-tricks-v-bucks-generator-free_2023-gcb8f-ahk-fxvb64 (npm)

-= Per source details. Do not edit below this...

7.1AI Score

2024-06-25 01:18 PM

osv

Malicious code in uupdated-tricks-v-bucks-generator-free_2023-gcb8f-ahk-fxcws34 (npm)

-= Per source details. Do not edit below this...