nocodb is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient user input sanitization within the Formula virtual cell comments functionality, allowing attackers to inject malicious JavaScript code via crafted...
7.3CVSS
6.5AI Score
0.0004EPSS
Intel Graphics Command Center Service Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Graphics Command Center Service software (bundled in some Intel® Graphics Windows DCH driver software), which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential...
6.7CVSS
7.5AI Score
0.0004EPSS
Intel BIOS Guard and PPAM Firmware May 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® BIOS Guard and Platform Properties Assessment Module (PPAM) firmware, which might allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates...
7.2CVSS
7.6AI Score
0.0004EPSS
A potential security vulnerability has been identified in certain HP PC products using HP Sure Admin, which might allow escalation of privilege. HP is releasing mitigation for the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that...
7.5AI Score
EPSS
KB5037782: Windows 2022 / Azure Stack HCI 22H2 Security Update (May 2024)
The remote Windows host is missing security update 5037782 or Azure HotPatch 5037848. It is, therefore, affected by multiple vulnerabilities: Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege...
8.8CVSS
7.8AI Score
0.008EPSS
Intel PROSet/Wireless WiFi and Bluetooth May 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Bluetooth® products, which might allow denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the...
8.2CVSS
7.2AI Score
0.0004EPSS
Intel Arc™ & Iris® Xe Graphics Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Arc™ & Iris® Xe Graphics software which may allow escalation of privilege. Intel is releasing updates to mitigate the potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
7.8CVSS
7.4AI Score
0.0004EPSS
KB5037765: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2024)
The remote Windows host is missing security update 5037765 or 5039705. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability...
8.8CVSS
7.7AI Score
0.008EPSS
KB5037771: Windows 11 version 22H2 / Windows 11 version 23H2 Security Update (May 2024)
The remote Windows host is missing security update 5037771. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
8.8CVSS
7.8AI Score
0.008EPSS
KB5037770: Windows 11 version 21H2 Security Update (May 2024)
The remote Windows host is missing security update 5037770. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
8.8CVSS
7.8AI Score
0.008EPSS
Rocky Linux 9 : bind (RLSA-2024:2551)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2551 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...
7.5CVSS
7.7AI Score
0.05EPSS
Rocky Linux 9 : tigervnc (RLSA-2024:2616)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2616 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped...
7.8CVSS
7.7AI Score
0.0005EPSS
KLA67433 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: A remote code...
8.8CVSS
9.8AI Score
0.008EPSS
Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This...
8.1CVSS
8.4AI Score
0.0005EPSS
Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-6767-2)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6767-2 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able to crash the...
7.8CVSS
8AI Score
0.0004EPSS
KB5037768: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (May 2024)
The remote Windows host is missing security update 5037768. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
8.8CVSS
7.8AI Score
0.008EPSS
KB5037781: Windows 11 version 22H2 / Windows Server version 23H2 Security Update (May 2024)
The remote Windows host is missing security update 5037781. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
8.8CVSS
7.8AI Score
0.008EPSS
Intel Thunderbolt Driver May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Thunderbolt driver software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP...
7CVSS
7.4AI Score
0.0004EPSS
Exploit for Injection in Atlassian Confluence Data Center
REF2924 NAPLISTENER is a backdoor scanner for the Wmdtc.exe...
9.8CVSS
9.8AI Score
0.973EPSS
Exploit for Injection in Atlassian Confluence Data Center
REF2924 NAPLISTENER is a backdoor scanner for the Wmdtc.exe...
9.8CVSS
9.8AI Score
0.973EPSS
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
Summary A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. Details The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink(). This function....
7.3CVSS
5.8AI Score
0.0004EPSS
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
Summary A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. Details The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink(). This function....
7.3CVSS
6.1AI Score
0.0004EPSS
CVE-2023-49781 NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are...
7.3CVSS
6.9AI Score
0.0004EPSS
CVE-2023-49781 NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are...
7.3CVSS
5.8AI Score
0.0004EPSS
We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM).1 We believe our position in the Leaders quadrant validates our vision and continued investments in Microsoft Sentinel making it a...
7AI Score
Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM
Command Your Attack Surface with a next-gen SIEM built for the Cloud First Era Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM. In a crowded and constantly changing space, this is our sixth time to be recognized in the report....
7.3AI Score
How Did Authorities Identify the Alleged Lockbit Boss?
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don't explain how...
7.1AI Score
Why car location tracking needs an overhaul
Across America, survivors of domestic abuse and stalking are facing a unique location tracking crisis born out of policy failure, unclear corporate responsibility, and potentially risky behaviors around digital sharing that are now common in relationships. No, we’re not talking about stalkerware......
6.8AI Score
SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike
In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts...
6.9AI Score
7.4AI Score
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.331.7.el7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...
8.3AI Score
EPSS
Amazon Linux 2023 : ecs-init (ALAS2023-2024-619)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-619 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client...
5.3CVSS
5.4AI Score
0.001EPSS
Apple iOS < 17.5 Multiple Vulnerabilities (HT214101)
The version of Apple iOS running on the mobile device is prior to 17.5. It is, therefore, affected by multiple...
6.6AI Score
Unbreakable Enterprise kernel security update
[4.14.35-2047.536.5] - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (Song Liu) - mm/memory-failure: fix an incorrect use of tail pages (Liu Shixin) - Revert 'x86/mm/ident_map: Use gbpages only where full GB page...
7.8CVSS
7.6AI Score
0.002EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.331.7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...
8.3AI Score
EPSS
Amazon Linux 2023 : cni-plugins (ALAS2023-2024-618)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-618 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client...
5.3CVSS
7AI Score
0.001EPSS
Apple iOS < 16.7.8 Multiple Vulnerabilities (HT214100)
The version of Apple iOS running on the mobile device is prior to 16.7.8. It is, therefore, affected by multiple...
6.6AI Score
Amazon Linux 2023 : ecs-init (ALAS2023-2024-620)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-620 advisory. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. (CVE-2022-41723) Note...
7.5CVSS
7AI Score
0.024EPSS
LOLSpoof - An Interactive Shell To Spoof Some LOLBins Command Line
LOLSpoof is a an interactive shell program that automatically spoof the command line arguments of the spawned process. Just call your incriminate-looking command line LOLBin (e.g. [powershell](<https://www.kitploit.com/search/label/PowerShell> "powershell" ) -w...
7.7AI Score
RHEL 6 : gnupg (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing ...
6.7AI Score
0.01EPSS
RHEL 6 : qemu (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. QEMU: net: ignore packets with large size (CVE-2018-17963) Memory leak in hw/watchdog/wdt_i6300esb.c in...
8.8AI Score
0.141EPSS
RHEL 7 : opensc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. opensc: Double free in coolkey_free_private_data in libopensc/card-coolkey.c (CVE-2019-20792) opensc:...
7AI Score
0.002EPSS
RHEL 7 : squid (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: Information disclosure in Collapsed forwarding (CVE-2016-10003) This vulnerability allows remote...
8AI Score
0.916EPSS
RHEL 6 : squid (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: Heap overflow issue in URN processing (CVE-2019-12526) squid: Buffer overflow in reverse-proxy...
9.8AI Score
0.957EPSS
RHEL 7 : ant (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ant: insecure temporary file (CVE-2020-11979) When reading a specially crafted TAR archive an Apache Ant...
7.1AI Score
0.002EPSS
RHEL 7 : mutt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mutt: buffer overflow via base64 data (CVE-2018-14359) An issue was discovered in Mutt before 1.10.1 and...
7.7AI Score
0.013EPSS
RHEL 7 : freerdp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. freerdp: Out-of-bounds write in rdp_recv_tpkt_pdu (CVE-2017-2835) freerdp: Integer Overflow leading to...
8.6AI Score
0.003EPSS
RHEL 8 : golang (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114) golang: html/template:...
9.9AI Score
0.014EPSS
RHEL 7 : imagemagick (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ImageMagick: NULL pointer dereference in GetMagickProperty function in MagickCore/property.c ...
8.1AI Score
0.242EPSS
RHEL 5 : imagemagick (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ImageMagick: Insufficient shell characters filtering (CVE-2016-3714) ImageMagick: use-after-free in...
9.8AI Score
0.968EPSS