A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/vendor. The manipulation of the argument company_name/mobile leads to cross site scripting. It is possible to initiate the attack...
3.5CVSS
3.7AI Score
0.0004EPSS
Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This...
8.1CVSS
7.2AI Score
0.0005EPSS
Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This...
8.1CVSS
7.4AI Score
0.0005EPSS
Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This...
8.1CVSS
8.3AI Score
0.0005EPSS
Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This...
8.1CVSS
7.3AI Score
0.0005EPSS
Wiz assists Incident Response (IR) and SOC teams with containment through automated assessment of security incidents by identifying possible root causes and calculating the potential blast radius of compromised...
7.4AI Score
ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked,...
8.3CVSS
7AI Score
0.0004EPSS
ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked,...
8.3CVSS
8.3AI Score
0.0004EPSS
NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are...
7.3CVSS
5.7AI Score
0.0004EPSS
NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are...
7.3CVSS
6.7AI Score
0.0004EPSS
NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are...
7.3CVSS
5.5AI Score
0.0004EPSS
HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning...
6.5CVSS
6.4AI Score
0.0004EPSS
HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning...
6.5CVSS
6.7AI Score
0.0004EPSS
Cisco Talos is delighted to share updates about our ongoing partnership with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to combat cybersecurity threats facing civil society organizations. Talos has partnered with CISA on several initiatives through the Joint Cyber Defense...
7.4AI Score
Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls
Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation. "The incident involves a threat actor overwhelming a user's email with junk and...
7.7AI Score
6.8CVSS
7.3AI Score
0.001EPSS
6.1CVSS
6.4AI Score
0.0004EPSS
6.8CVSS
7.3AI Score
0.001EPSS
6.8CVSS
7.1AI Score
0.001EPSS
6.8CVSS
6.7AI Score
0.001EPSS
May 14, 2024—KB5037770 (OS Build 22000.2960)
May 14, 2024—KB5037770 (OS Build 22000.2960) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page. Note Follow @WindowsUpdate to find out...
8.8CVSS
7.3AI Score
0.008EPSS
6.8CVSS
6.7AI Score
0.001EPSS
6.8CVSS
7.1AI Score
0.001EPSS
6.8CVSS
6.7AI Score
0.001EPSS
6.8CVSS
7.3AI Score
0.001EPSS
6.8CVSS
7.3AI Score
0.001EPSS
6.8CVSS
7.3AI Score
0.001EPSS
6.8CVSS
6.7AI Score
0.001EPSS
nocodb is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient user input sanitization within the Formula virtual cell comments functionality, allowing attackers to inject malicious JavaScript code via crafted...
7.3CVSS
6.5AI Score
0.0004EPSS
A potential security vulnerability has been identified in certain HP PC products using HP Sure Admin, which might allow escalation of privilege. HP is releasing mitigation for the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that...
7.5AI Score
EPSS
Intel BIOS Guard and PPAM Firmware May 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® BIOS Guard and Platform Properties Assessment Module (PPAM) firmware, which might allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates...
7.2CVSS
7.6AI Score
0.0004EPSS
Intel Graphics Command Center Service Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Graphics Command Center Service software (bundled in some Intel® Graphics Windows DCH driver software), which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential...
6.7CVSS
7.5AI Score
0.0004EPSS
KB5037782: Windows 2022 / Azure Stack HCI 22H2 Security Update (May 2024)
The remote Windows host is missing security update 5037782 or Azure HotPatch 5037848. It is, therefore, affected by multiple vulnerabilities: Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege...
8.8CVSS
7.8AI Score
0.008EPSS
Intel PROSet/Wireless WiFi and Bluetooth May 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Bluetooth® products, which might allow denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the...
8.2CVSS
7.2AI Score
0.0004EPSS
Intel Arc™ & Iris® Xe Graphics Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Arc™ & Iris® Xe Graphics software which may allow escalation of privilege. Intel is releasing updates to mitigate the potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
7.8CVSS
7.4AI Score
0.0004EPSS
KB5037765: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2024)
The remote Windows host is missing security update 5037765 or 5039705. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability...
8.8CVSS
7.7AI Score
0.008EPSS
KB5037770: Windows 11 version 21H2 Security Update (May 2024)
The remote Windows host is missing security update 5037770. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
8.8CVSS
7.8AI Score
0.008EPSS
KB5037771: Windows 11 version 22H2 / Windows 11 version 23H2 Security Update (May 2024)
The remote Windows host is missing security update 5037771. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
8.8CVSS
7.8AI Score
0.008EPSS
Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This...
8.1CVSS
8.4AI Score
0.0005EPSS
Rocky Linux 9 : bind (RLSA-2024:2551)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2551 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...
7.5CVSS
7.7AI Score
0.05EPSS
KLA67433 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: A remote code...
8.8CVSS
9.8AI Score
0.008EPSS
Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-6767-2)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6767-2 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able to crash the...
7.8CVSS
8AI Score
0.0004EPSS
Rocky Linux 9 : tigervnc (RLSA-2024:2616)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2616 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped...
7.8CVSS
7.7AI Score
0.0005EPSS
KB5037768: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (May 2024)
The remote Windows host is missing security update 5037768. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
8.8CVSS
7.8AI Score
0.008EPSS
KB5037781: Windows 11 version 22H2 / Windows Server version 23H2 Security Update (May 2024)
The remote Windows host is missing security update 5037781. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
8.8CVSS
7.8AI Score
0.008EPSS
Intel Thunderbolt Driver May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Thunderbolt driver software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP...
7CVSS
7.4AI Score
0.0004EPSS
Exploit for Injection in Atlassian Confluence Data Center
REF2924 NAPLISTENER is a backdoor scanner for the Wmdtc.exe...
9.8CVSS
9.8AI Score
0.971EPSS
Exploit for Injection in Atlassian Confluence Data Center
REF2924 NAPLISTENER is a backdoor scanner for the Wmdtc.exe...
9.8CVSS
9.8AI Score
0.971EPSS
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
Summary A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. Details The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink(). This function....
7.3CVSS
5.8AI Score
0.0004EPSS
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
Summary A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. Details The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink(). This function....
7.3CVSS
6.1AI Score
0.0004EPSS