A vulnerability possible to reconfigure OTP allows local attackers to transit RMA(Return Merchandise Authorization) mode, which disables security features. This attack needs additional privilege to control...
4.4CVSS
6.7AI Score
0.0004EPSS
Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a...
2.4CVSS
6.4AI Score
0.0004EPSS
5.5CVSS
8AI Score
0.009EPSS
5.5CVSS
7.9AI Score
0.009EPSS
Auto Affiliate Links < 6.4.4 - Authenticated (Editor+) SQL Injection
Description The Auto Affiliate Links plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.4.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated.....
7.6CVSS
7.5AI Score
0.0004EPSS
Oracle Linux 9 : libreswan (ELSA-2024-2565)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-2565 advisory. The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use...
6.1AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...
7.8CVSS
7.5AI Score
EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...
7.8CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through...
7.6CVSS
8.1AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through...
7.6CVSS
7.5AI Score
0.0004EPSS
CVE-2024-34386 WordPress Auto Affiliate Links plugin <= 6.4.3.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through...
7.6CVSS
7.7AI Score
0.0004EPSS
CVE-2024-34386 WordPress Auto Affiliate Links plugin <= 6.4.3.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through...
7.6CVSS
8.8AI Score
0.0004EPSS
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC...
8.4CVSS
7.1AI Score
0.001EPSS
7.5CVSS
6.8AI Score
0.0004EPSS
8.4CVSS
7.1AI Score
0.001EPSS
Memory corruption when the channel ID passed by user is not validated and further...
7.8CVSS
7.1AI Score
0.0004EPSS
7.3CVSS
7.1AI Score
0.0005EPSS
Memory corruption when size of buffer from previous call is used without validation or...
8.4CVSS
7.3AI Score
0.001EPSS
5.9CVSS
7.1AI Score
0.0004EPSS
Memory corruption when the payload received from firmware is not as per the expected protocol...
7.8CVSS
7.2AI Score
0.0004EPSS
8.4CVSS
7.2AI Score
0.001EPSS
8.4CVSS
7.1AI Score
0.001EPSS
6.8CVSS
6.7AI Score
0.001EPSS
Memory corruption when the bandpass filter order received from AHAL is not within the expected...
6.7CVSS
7.1AI Score
0.0004EPSS
Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected...
6.1CVSS
6.6AI Score
0.0004EPSS
Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is...
7.5CVSS
6.9AI Score
0.0005EPSS
Memory corruption while copying the sound model data from user to kernel buffer during sound model...
6.7CVSS
7AI Score
0.0004EPSS
Memory corruption while querying module parameters from Listen Sound model client in kernel from user...
6.7CVSS
6.9AI Score
0.0004EPSS
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor...
8.4CVSS
7AI Score
0.001EPSS
Memory corruption when multiple listeners are being registered with the same file...
6.7CVSS
7.1AI Score
0.0004EPSS
It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs
Cybercriminals are vipers. They're like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into. With cybercriminals becoming more sophisticated, SMBs like.....
7.1AI Score
Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components
Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system...
8.1AI Score
Financial cyberthreats in 2023
Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...
7.3AI Score
E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer.....
6.5CVSS
6.7AI Score
0.0004EPSS
E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer.....
6.5CVSS
6.5AI Score
0.0004EPSS
E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer.....
6.5CVSS
6.7AI Score
0.0004EPSS
Exploit for Missing Authentication for Critical Function in Microsoft
BadBlue (Windows) CVE-2024-21306 BadBlue implementation...
7.8AI Score
Exploit for Missing Authentication for Critical Function in Microsoft
BadBlue (Windows) CVE-2024-21306 BadBlue implementation...
7.8AI Score
KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
5.9AI Score
0.0004EPSS
Oracle Linux 9 : fence-agents (ELSA-2024-2132)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2132 advisory. Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to...
6.1CVSS
6.6AI Score
0.001EPSS
Oracle Linux 9 : python-jinja2 (ELSA-2024-2348)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-2348 advisory. Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject...
6.1CVSS
6.7AI Score
0.001EPSS
Rocky Linux 8 : libreswan (RLSA-2024:1998)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:1998 advisory. The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use...
6.3AI Score
0.0004EPSS
Oracle Linux 9 : kernel (ELSA-2024-2394)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2394 advisory. An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results...
9.8CVSS
8.2AI Score
0.011EPSS
Debian dsa-5681 : affs-modules-5.10.0-29-4kc-malta-di - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5681 advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an...
8CVSS
8.2AI Score
0.0005EPSS
Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has...
6.5AI Score
0.0004EPSS
Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has...
6.8AI Score
0.0004EPSS
Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has...
6.9AI Score
0.0004EPSS
Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has...
6.8AI Score
0.0004EPSS
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients. Changelogs Major changes are documented in the project Announcements:...
5.9AI Score
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1490-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1490-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of...
7.8CVSS
7.6AI Score
EPSS