RHEL 5 : binutils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. binutils: heap-based buffer overflow in finish_stab in stabs.c (CVE-2018-12699) The srec_scan function...
7.8CVSS
8.8AI Score
0.049EPSS
RHEL 8 : ant (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ant: insecure temporary file vulnerability (CVE-2020-1945) When reading a specially crafted TAR archive...
6.3CVSS
10AI Score
0.001EPSS
EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1785)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...
7.8CVSS
7.8AI Score
0.024EPSS
RHEL 7 : apache-commons-compress (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive ...
7.5CVSS
8AI Score
0.025EPSS
RHEL 7 : Red Hat Single Sign-On 7.6.9 security update on RHEL 7 (Low) (RHSA-2024:3566)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3566 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on...
7.5CVSS
6.8AI Score
0.0004EPSS
RHEL 4 : util-linux (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. util-linux: umount may fail to remove /etc/mtab~ lock file (CVE-2011-1677) mount in util-linux 2.19 and...
7.2AI Score
0.001EPSS
RHEL 6 : binutils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. binutils: heap-based buffer overflow in finish_stab in stabs.c (CVE-2018-12699) The srec_scan function...
7.8CVSS
8.8AI Score
0.049EPSS
RHEL 8 : runc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based...
7.8CVSS
7.9AI Score
0.008EPSS
RHEL 8 : opencv (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. opencv: out-of-bounds read in function cv::predictOrdered in modules/objdetect/src/cascadedetect.hpp...
7.5CVSS
7.7AI Score
0.005EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...
8CVSS
8.3AI Score
EPSS
EulerOS 2.0 SP11 : bind (EulerOS-SA-2024-1795)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several...
7.5CVSS
8AI Score
0.05EPSS
EulerOS 2.0 SP11 : bind (EulerOS-SA-2024-1783)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several...
7.5CVSS
8.1AI Score
0.05EPSS
RHEL 6 : autotrace (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ..CVE-2017-9200 autotrace: Multiple security issues (CVE-2017-9200) Integer underflow in the...
9.8CVSS
8.4AI Score
0.004EPSS
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1797)
The remote host is missing an update for the Huawei...
7.8CVSS
7AI Score
0.024EPSS
RHEL 8 : apache-commons-compress (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive ...
7.5CVSS
8AI Score
0.025EPSS
EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1797)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...
7.8CVSS
7.7AI Score
0.024EPSS
RHEL 8 : Red Hat Single Sign-On 7.6.9 security update on RHEL 8 (Low) (RHSA-2024:3567)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3567 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on...
7.5CVSS
7.1AI Score
0.0004EPSS
RHEL 9 : Red Hat Single Sign-On 7.6.9 security update on RHEL 9 (Low) (RHSA-2024:3568)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3568 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on...
7.5CVSS
7.1AI Score
0.0004EPSS
7.4AI Score
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1785)
The remote host is missing an update for the Huawei...
7.8CVSS
7AI Score
0.024EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1783)
The remote host is missing an update for the Huawei...
7.5CVSS
7.1AI Score
0.05EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1795)
The remote host is missing an update for the Huawei...
7.5CVSS
7.1AI Score
0.05EPSS
RHEL 7 : libmtp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libmtp: Integer overflow in ptp_unpack_OPL function (CVE-2017-9832) An integer overflow vulnerability in...
6.8CVSS
7.5AI Score
0.009EPSS
RHEL 6 : libmtp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libmtp: Integer overflow in ptp_unpack_OPL function (CVE-2017-9832) An integer overflow vulnerability in...
6.8CVSS
8.7AI Score
0.009EPSS
RHEL 7 : nutch (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions ...
7.5CVSS
7.4AI Score
0.057EPSS
Exploit for Type Confusion in Google Chrome
Chrome Renderer 1day RCE via Type Confusion in Async Stack...
8.8CVSS
6.7AI Score
0.001EPSS
**CVE-2024-24919 Potentially allowing an attacker to read...
8.6CVSS
8.5AI Score
0.945EPSS
**CVE-2024-24919 Potentially allowing an attacker to read...
8.6CVSS
6AI Score
0.945EPSS
Online Payment Hub System 1.0 SQL Injection Vulnerability
Online Payment Hub System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...
8.7AI Score
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied.....
6.4CVSS
6AI Score
0.0004EPSS
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied.....
6.4CVSS
5.9AI Score
0.0004EPSS
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied.....
6.4CVSS
5.9AI Score
0.0004EPSS
Check Point Security Gateway Arbitrary File Read
This module leverages an unauthenticated arbitrary root file read vulnerability for Check Point Security Gateway appliances. When the IPSec VPN or Mobile Access blades are enabled on affected devices, traversal payloads can be used to read any files on the local file system. Password hashes read...
8.6CVSS
7.4AI Score
0.945EPSS
Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.
More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users' access to the internet. The mysterious event, which took place between October 25 and 27, 2023,....
7.6AI Score
Ars0N-Framework - A Modern Framework For Bug Bounty Hunting
Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...
7AI Score
Beyond Threat Detection – A Race to Digital Security
Digital content is a double-edged sword, providing vast benefits while simultaneously posing significant threats to organizations across the globe. The sharing of digital content has increased significantly in recent years, mainly via email, digital documents, and chat. In turn, this has created...
7AI Score
Amazon Linux 2 : golist (ALAS-2024-2556)
The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2556 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read...
5.3CVSS
7.6AI Score
0.001EPSS
7.4AI Score
Popup Builder < 4.3.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS
Description The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on...
6.4CVSS
5.7AI Score
0.0004EPSS
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-058)
The version of kernel installed on the remote host is prior to 5.10.29-27.126. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-058 advisory. 2024-06-06: CVE-2021-28951 was added to this advisory. An issue was discovered in fs/io_uring.c in the...
7.5CVSS
7.5AI Score
0.002EPSS
Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. This bulletin identifies the...
8.2CVSS
6.6AI Score
0.0004EPSS
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks
My wife (no stranger to weird types of scams) recently received a fake text message from someone claiming to be New Jersey's E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There....
9.8CVSS
7.4AI Score
0.001EPSS
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-1086 (CVSS score: 7.8), the high-severity issue relates to....
8.6CVSS
8.8AI Score
0.945EPSS
Mitigate Http/2 continuations with Imperva WAF
As the threat landscape continues to grow, with new breaches being announced every day, Imperva continues to stay one step ahead of attackers. HTTP/2 exploits seem to be growing every quarter as more attackers use this vulnerability in new ways. We previously wrote about how Imperva protected its.....
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: use correct buffer size when parsing configfs lists This commit fixes uvc gadget support on 32-bit platforms. Commit 0df28607c5cb ("usb: gadget: uvc: Generalise helper functions for reuse") introduced a helper...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: use correct buffer size when parsing configfs lists This commit fixes uvc gadget support on 32-bit platforms. Commit 0df28607c5cb ("usb: gadget: uvc: Generalise helper functions for reuse") introduced a helper...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: use correct buffer size when parsing configfs lists This commit fixes uvc gadget support on 32-bit platforms. Commit 0df28607c5cb ("usb: gadget: uvc: Generalise helper functions for reuse") introduced a helper...
6.9AI Score
0.0004EPSS