Lucene search

K

Ryzen™ 7000 Series Desktop Processors With Radeon™ Graphics Formerly Codenamed “Raphael” X3D Security Vulnerabilities

cve
cve

CVE-2024-37158

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions....

3.5CVSS

3.8AI Score

EPSS

2024-06-17 02:15 PM
2
nvd
nvd

CVE-2024-37158

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions....

3.5CVSS

EPSS

2024-06-17 02:15 PM
cvelist
cvelist

CVE-2024-37158 Evmos is missing precompile checks

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions....

3.5CVSS

EPSS

2024-06-17 02:03 PM
cve
cve

CVE-2024-6055

Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration...

6.6AI Score

EPSS

2024-06-17 01:15 PM
2
nvd
nvd

CVE-2024-6057

Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode...

EPSS

2024-06-17 01:15 PM
2
nvd
nvd

CVE-2024-6055

Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration...

EPSS

2024-06-17 01:15 PM
1
cve
cve

CVE-2024-6057

Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode...

7AI Score

EPSS

2024-06-17 01:15 PM
1
cvelist
cvelist

CVE-2024-6057

Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode...

EPSS

2024-06-17 01:10 PM
1
cvelist
cvelist

CVE-2024-6055

Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration...

EPSS

2024-06-17 12:55 PM
3
thn
thn

China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices

A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal...

7.8AI Score

2024-06-17 11:59 AM
5
githubexploit
githubexploit

Exploit for CVE-2024-4367

PDF.js Vulnerability Demo Project This project is intended to...

7.2AI Score

2024-06-17 11:39 AM
8
thn
thn

What is DevSecOps and Why is it Essential for Secure Software Delivery?

Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle (either right before or after a service is deployed), the ensuing process of compiling and fixing vulnerabilities creates massive.....

7.4AI Score

2024-06-17 11:26 AM
2
schneier
schneier

Using LLMs to Exploit Vulnerabilities

Interesting research: "Teams of LLM Agents can Exploit Zero-Day Vulnerabilities." Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the...

7.3AI Score

2024-06-17 11:08 AM
4
cve
cve

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...

6.8AI Score

0.0004EPSS

2024-06-17 08:15 AM
3
nvd
nvd

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...

0.0004EPSS

2024-06-17 08:15 AM
2
cvelist
cvelist

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...

0.0004EPSS

2024-06-17 07:33 AM
3
osv
osv

BIT-magento-2024-34106

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of...

5.3CVSS

7AI Score

0.0005EPSS

2024-06-17 07:25 AM
osv
osv

BIT-magento-2024-34110

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the...

7.2CVSS

7.3AI Score

0.001EPSS

2024-06-17 07:24 AM
osv
osv

BIT-hubble-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

7.6AI Score

0.0004EPSS

2024-06-17 07:20 AM
1
osv
osv

BIT-elasticsearch-2024-23445

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the field_security parameter,...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-06-17 07:18 AM
2
osv
osv

BIT-cilium-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

7.6AI Score

0.0004EPSS

2024-06-17 07:16 AM
1
osv
osv

BIT-cilium-operator-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...

7.9CVSS

7.6AI Score

0.0004EPSS

2024-06-17 07:16 AM
1
nvd
nvd

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

0.0004EPSS

2024-06-17 07:15 AM
3
cve
cve

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

8.7AI Score

0.0004EPSS

2024-06-17 07:15 AM
2
thn
thn

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser....

7.1AI Score

2024-06-17 06:28 AM
6
vulnrichment
vulnrichment

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

7.5AI Score

0.0004EPSS

2024-06-17 06:21 AM
cvelist
cvelist

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

0.0004EPSS

2024-06-17 06:21 AM
2
nvd
nvd

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

0.0004EPSS

2024-06-17 06:15 AM
2
cve
cve

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

5.6AI Score

0.0004EPSS

2024-06-17 06:15 AM
4
cvelist
cvelist

CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

0.0004EPSS

2024-06-17 06:00 AM
1
osv
osv

Malicious code in airbnb-o2 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (15a37bd4059b76c7466684dfbc565c913af0ab4af849c5a643ce44d3bb7a4a6e) The OpenSSF Package Analysis project identified 'airbnb-o2' @ 13.37.1 (npm) as malicious. It is considered malicious because: The package...

7.1AI Score

2024-06-17 12:09 AM
2
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0221)

The remote host is missing an update for...

7.1AI Score

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0224)

The remote host is missing an update for...

8.5CVSS

7.1AI Score

0.005EPSS

2024-06-17 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0223)

The remote host is missing an update for...

4.7CVSS

7.2AI Score

0.0004EPSS

2024-06-17 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0220)

The remote host is missing an update for...

6.7AI Score

0.0004EPSS

2024-06-17 12:00 AM
redos
redos

ROS-20240617-02

A vulnerability in the bgpd/bgp_attr.c file of a software tool for implementing network routing on Unix-like FRRouting systems is related to read outside bgp_attr_aigp_valid bounds, as there are no AIGP checks. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...

9.8CVSS

7.4AI Score

0.001EPSS

2024-06-17 12:00 AM
nvd
nvd

CVE-2024-6039

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....

6.3CVSS

0.0004EPSS

2024-06-16 10:15 PM
2
cve
cve

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...

7.5AI Score

0.0004EPSS

2024-06-16 10:15 PM
6
nvd
nvd

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...

0.0004EPSS

2024-06-16 10:15 PM
5
cve
cve

CVE-2024-6039

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-16 10:15 PM
5
cvelist
cvelist

CVE-2024-6039 Feng Office Workspaces sql injection

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....

6.3CVSS

0.0004EPSS

2024-06-16 10:00 PM
3
vulnrichment
vulnrichment

CVE-2024-6039 Feng Office Workspaces sql injection

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-16 10:00 PM
nvd
nvd

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

0.0004EPSS

2024-06-16 09:15 PM
6
cve
cve

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

7.2AI Score

0.0004EPSS

2024-06-16 09:15 PM
10
kitploit
kitploit

NativeDump - Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!)

NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken and NtAdjustPrivilegeToken to get the "SeDebugPrivilege"...

7.2AI Score

2024-06-16 05:16 PM
8
osv
osv

CVE-2024-38462

iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106...

7.1AI Score

0.0004EPSS

2024-06-16 04:15 PM
nvd
nvd

CVE-2024-38461

irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a...

0.0004EPSS

2024-06-16 04:15 PM
2
osv
osv

CVE-2024-38461

irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a...

7AI Score

0.0004EPSS

2024-06-16 04:15 PM
1
nvd
nvd

CVE-2024-38462

iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106...

0.0004EPSS

2024-06-16 04:15 PM
1
cve
cve

CVE-2024-38462

iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106...

7AI Score

0.0004EPSS

2024-06-16 04:15 PM
4
Total number of security vulnerabilities767902