8.4CVSS
7.1AI Score
0.001EPSS
Memory corruption when the channel ID passed by user is not validated and further...
7.8CVSS
7.1AI Score
0.0004EPSS
7.3CVSS
7.1AI Score
0.0005EPSS
Memory corruption when size of buffer from previous call is used without validation or...
8.4CVSS
7.3AI Score
0.001EPSS
5.9CVSS
7.1AI Score
0.0004EPSS
Memory corruption when the payload received from firmware is not as per the expected protocol...
7.8CVSS
7.2AI Score
0.0004EPSS
8.4CVSS
7.1AI Score
0.001EPSS
8.4CVSS
7.2AI Score
0.001EPSS
6.8CVSS
6.7AI Score
0.001EPSS
Memory corruption when the bandpass filter order received from AHAL is not within the expected...
6.7CVSS
7.1AI Score
0.0004EPSS
Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected...
6.1CVSS
6.6AI Score
0.0004EPSS
Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is...
7.5CVSS
6.9AI Score
0.0005EPSS
Memory corruption while copying the sound model data from user to kernel buffer during sound model...
6.7CVSS
7AI Score
0.0004EPSS
Memory corruption while querying module parameters from Listen Sound model client in kernel from user...
6.7CVSS
6.9AI Score
0.0004EPSS
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor...
8.4CVSS
7AI Score
0.001EPSS
Memory corruption when multiple listeners are being registered with the same file...
6.7CVSS
7.1AI Score
0.0004EPSS
It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs
Cybercriminals are vipers. They're like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into. With cybercriminals becoming more sophisticated, SMBs like.....
7.1AI Score
Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components
Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system...
8.1AI Score
Financial cyberthreats in 2023
Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...
7.3AI Score
E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer.....
6.5CVSS
6.7AI Score
0.0004EPSS
E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer.....
6.5CVSS
6.5AI Score
0.0004EPSS
E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer.....
6.5CVSS
6.7AI Score
0.0004EPSS
Exploit for Missing Authentication for Critical Function in Microsoft
BadBlue (Windows) CVE-2024-21306 BadBlue implementation...
7.8AI Score
Exploit for Missing Authentication for Critical Function in Microsoft
BadBlue (Windows) CVE-2024-21306 BadBlue implementation...
7.8AI Score
KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
5.9AI Score
0.0004EPSS
Oracle Linux 9 : fence-agents (ELSA-2024-2132)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2132 advisory. Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to...
6.1CVSS
6.6AI Score
0.001EPSS
Oracle Linux 9 : python-jinja2 (ELSA-2024-2348)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-2348 advisory. Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject...
6.1CVSS
6.7AI Score
0.001EPSS
Rocky Linux 8 : libreswan (RLSA-2024:1998)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:1998 advisory. The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use...
6.3AI Score
0.0004EPSS
Oracle Linux 9 : kernel (ELSA-2024-2394)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2394 advisory. An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results...
9.8CVSS
8.2AI Score
0.003EPSS
Debian dsa-5681 : affs-modules-5.10.0-29-4kc-malta-di - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5681 advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an...
8CVSS
8.2AI Score
0.0005EPSS
Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has...
6.5AI Score
0.0004EPSS
Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has...
6.8AI Score
0.0004EPSS
Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has...
6.9AI Score
0.0004EPSS
Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has...
6.8AI Score
0.0004EPSS
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients. Changelogs Major changes are documented in the project Announcements:...
5.9AI Score
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1490-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1490-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of...
7.8CVSS
7.6AI Score
EPSS
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must...
8CVSS
8.1AI Score
0.001EPSS
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must...
8CVSS
8.1AI Score
0.001EPSS
CVE-2023-42128 Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must...
8CVSS
7.7AI Score
0.001EPSS
CVE-2023-42128 Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must...
8CVSS
8.3AI Score
0.001EPSS
[4.11.0-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] - Add bind to ipa-server-common Requires [Orabug: 36518596] [4.11.0-9] - Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP...
5.3CVSS
6.2AI Score
0.0004EPSS
HP Application Enabling Software Driver - Privileged File Overwrite
A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. Mitigation is available in HP Application...
7.5AI Score
0.0004EPSS
[10.0.0-6.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6] - qemu: virtiofs: do not crash if cgroups are missing (RHEL-7386) - qemu: virtiofs: set correct label when creating the socket (RHEL-7386) - qemu: virtiofs: error out if getting the group or user name fails...
5CVSS
7.3AI Score
0.0004EPSS
[252-32.0.2] - Due to a new [Orabug: 36564551] filed on April 29 2024, reverting from back to - previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved. - Re-Added 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792] - Removed the following,.....
5.9CVSS
7.7AI Score
0.001EPSS
Photo Gallery by 10Web < 1.8.21 - Missing Authorization
Description The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.20. This makes it possible for unauthenticated attackers to perform an...
5.3CVSS
7AI Score
0.0004EPSS
Agentless FIM for Detecting Network Configuration Changes
Dealing with multiple network administrators making frequent configuration changes with a monitoring solution that provides insights into device change without causing resource constraints. The performance and capabilities of a network device are entirely dependent upon its configuration settings.....
7.2AI Score
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tc_csca_patch_settings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber...
4.3CVSS
4.3AI Score
0.0004EPSS
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tc_csca_patch_settings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber...
4.3CVSS
6.4AI Score
0.0004EPSS
The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected...
5.3CVSS
5.1AI Score
0.0005EPSS
The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected...
5.3CVSS
5.1AI Score
0.0005EPSS