The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.5CVSS
5.8AI Score
0.0004EPSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.5CVSS
5.2AI Score
0.0004EPSS
Cookie consent choices are just being ignored by some websites
In news that is, sadly, unlikely to shock you, new research indicates that many websites ignore visitors' choices to refuse cookies and collect their data anyway. Researchers at the University of Amsterdam (UvA) analyzed 85,000 European websites and came to the conclusion that 90% of them violated....
7AI Score
An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list NetworkManager is a system network service that manages network...
7.3AI Score
mobsf is vulnerable to Server Side Request Forgery. The vulnerability is due to a flaw in the firebase database check logic, allowing attackers to manipulate the server to make connections to internal-only services within the organization's infrastructure when a malicious app is uploaded to the...
6.3CVSS
6.9AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...
10CVSS
9.7AI Score
EPSS
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...
6.3CVSS
6.3AI Score
0.001EPSS
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...
6.3CVSS
6AI Score
0.001EPSS
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...
6.3CVSS
6.5AI Score
0.001EPSS
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...
6.3CVSS
6.2AI Score
0.001EPSS
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
Impact What kind of vulnerability is it? Who is impacted? SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is...
6.3CVSS
7AI Score
0.001EPSS
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
Impact What kind of vulnerability is it? Who is impacted? SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is...
6.3CVSS
6.7AI Score
0.001EPSS
CoralRaider targets victims’ data and social media accounts
Cisco Talos discovered a new threat actor we're calling "CoralRaider" that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries. This group focuses on stealing victims'...
6.8AI Score
Google patches critical vulnerability for Androids with Qualcomm chips
In April’s update for the Android operating system (OS), Google has patched 28 vulnerabilities, one of which is rated critical for Android devices equipped with Qualcomm chips. You can find your device’s Android version number, security update level, and Google Play system level in your Settings...
9.8CVSS
8.6AI Score
0.001EPSS
7.4AI Score
7.4AI Score
AT&T confirms 73 million people affected by data breach
Telecommunications giant AT&T has finally confirmed that 73 million current and former customers have been caught up in a massive dark web data leak. The leaked data includes names, addresses, mobile phone numbers, dates of birth, and social security numbers. Malwarebytes VP of Consumer Privacy,...
7.4AI Score
Key Insights from the NCSC’s Vulnerability Management Guidance
In a world increasingly surrounded by cyber threats, the UK's National Cyber Security Centre (NCSC) offers vital guidance on Vulnerability Management, providing clear and actionable advice for tackling cyber threats. Their recommendations are essential for organizations to understand and mitigate.....
7.9AI Score
Trusted Advisor now available for Mac, iOS, and Android
First released for Windows last year, the Malwarebytes Trusted Advisor dashboard is also now available on Mac, iOS and Android. Our Trusted Advisor dashboard provides an easy-to-understand assessment of your device’s security, with a single comprehensive protection score, and clear, expert-driven.....
6.9AI Score
Use of Implicit Intent for Sensitive Communication in Samsung Pay prior to version 5.4.99 allows local attackers to access information of Samsung...
6.2CVSS
6.4AI Score
0.0004EPSS
Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers to access image...
5.9CVSS
6.5AI Score
0.0004EPSS
Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of...
5.1CVSS
6.7AI Score
0.0004EPSS
Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store...
4.4CVSS
6.7AI Score
0.0004EPSS
Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing...
5.9CVSS
6.5AI Score
0.0004EPSS
Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary...
5.9CVSS
7.3AI Score
0.0004EPSS
Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allows local attackers to read sdcard...
4CVSS
6.4AI Score
0.0004EPSS
Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary...
7.3CVSS
7.3AI Score
0.0004EPSS
Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds...
4CVSS
6.5AI Score
0.0004EPSS
Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary...
5.6CVSS
7.4AI Score
0.0004EPSS
Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary...
8.4CVSS
7.2AI Score
0.0004EPSS
Out-of-bounds write vulnerability while releasing memory in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary...
8.4CVSS
7.2AI Score
0.0004EPSS
Improper Input Validation vulnerability in handling apdu of libsec-ril prior to SMR Apr-2024 Release 1 allows local privileged attackers to write out-of-bounds...
4.2CVSS
6.5AI Score
0.0004EPSS
IBM Security Verify Access Information Disclosure Vulnerability (CNVD-2024-16916)
IBM Security Verify Access (ISAM) is a service from International Business Machines (IBM) that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management...
5.5CVSS
5.9AI Score
0.0004EPSS
Free VPN apps turn Android phones into criminal proxies
Researchers at HUMAN’s Satori Threat Intelligence have discovered a disturbing number of VPN apps that turn users' devices into proxies for cybercriminals without their knowledge, as part of a camapign called PROXYLIB. Cybercriminals and state actors like to send their traffic through other...
7.5AI Score
9.8CVSS
9.5AI Score
0.001EPSS
8.4CVSS
7.2AI Score
0.001EPSS
8.4CVSS
7.1AI Score
0.001EPSS
8.4CVSS
7.1AI Score
0.001EPSS
7.5CVSS
6.9AI Score
0.0005EPSS
7.3CVSS
7.1AI Score
0.0005EPSS
7.5CVSS
6.8AI Score
0.0005EPSS
Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown...
7.3CVSS
6.9AI Score
0.0005EPSS
Memory corruption in HLOS while running kernel address sanitizers (syzkaller) on tmecom with DEBUG_FS...
6.6CVSS
7AI Score
0.0004EPSS
Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration...
5.5CVSS
6.7AI Score
0.0004EPSS
7.5CVSS
6.9AI Score
0.0005EPSS
Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP...
7.5CVSS
6.8AI Score
0.0004EPSS
Memory corruption while processing buffer initialization, when trusted report for certain report types are...
7.8CVSS
7.3AI Score
0.0004EPSS
Transient DOS while processing SMS container of non-standard size received in DL NAS transport in...
7.5CVSS
6.8AI Score
0.0005EPSS
8.4CVSS
7.1AI Score
0.001EPSS
8.4CVSS
7.1AI Score
0.001EPSS