A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled...
7.8CVSS
7.6AI Score
0.0004EPSS
Google Launches AI-Powered Theft and Data Protection Features for Android Devices
Google has announced a slew of privacy and security features in Android, including a suite of advanced protection features to help secure users' devices and data in the event of a theft. These features aim to help protect data before, during and after a theft attempt, the tech giant said, adding...
7AI Score
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
June 2024 update: At the end of May 2024, Microsoft Threat Intelligence observed Storm-1811 using Microsoft Teams as another vector to contact target users. Microsoft assesses that the threat actor uses Teams to send messages and initiate calls in an attempt to impersonate IT or help desk...
7.7AI Score
Cisco Crosswork Network Services Orchestrator Privilege Escalation Vulnerability
A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled...
7.5AI Score
0.0004EPSS
Summary IBM Asset Data Dictionary Component uses urllib3 which is vulnerable to CVE-2023-43804. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details ** CVEID: CVE-2023-43804 DESCRIPTION: **urllib3 could allow a remote authenticated attacker to...
8.1CVSS
5.8AI Score
0.001EPSS
The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it...
6.4CVSS
5.9AI Score
0.001EPSS
The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it...
6.4CVSS
5.7AI Score
0.001EPSS
The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it...
6.4CVSS
6AI Score
0.001EPSS
Exploit for Authentication Bypass by Spoofing in Booster Booster For Woocommerce
CVE-2021-34646 PoC for CVE-2021-34646 Exploit Title:...
9.8CVSS
9.9AI Score
0.032EPSS
Hakuin - A Blazing Fast Blind SQL Injection Optimization And Automation Framework
Hakuin is a Blind SQL Injection (BSQLI) optimization and automation framework written in Python 3. It abstracts away the inference logic and allows users to easily and efficiently extract databases (DB) from vulnerable web applications. To speed up the process, Hakuin utilizes a variety of...
8.2AI Score
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1644-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if...
7.8CVSS
6.9AI Score
EPSS
K000139618: MySQL vulnerabilities CVE-2024-21054, CVE-2024-21009, CVE-2024-20993, and CVE-2024-21102
Security Advisory Description CVE-2024-21054 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network...
5.7AI Score
0.001EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-2 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able...
7.8CVSS
7.5AI Score
EPSS
Important: .NET 7.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19....
6.3CVSS
7.3AI Score
0.0005EPSS
Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : .NET vulnerabilities (USN-6773-1)
The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6773-1 advisory. .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2024-30045) Visual Studio Denial of Service Vulnerability...
6.3CVSS
8.3AI Score
0.0005EPSS
K000139617: MySQL vulnerabilities CVE-2024-21049, CVE-2024-21060, CVE-2024-21061, and CVE-2024-21069
Security Advisory Description CVE-2024-21049 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols...
5.7AI Score
0.0004EPSS
K000139594: libxml2 vulnerability CVE-2022-40304
Security Advisory Description An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. (CVE-2022-40304). Impact This vulnerability allows a...
7.8CVSS
7.6AI Score
0.001EPSS
ShortPixel Adaptive Images < 3.8.4 - Authenticated (Admin+) Server-Side Request Forgery
Description The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.8.3 via the is_our_cdn() function. This makes it possible for unauthenticated attackers to make web requests to....
4.4CVSS
6.4AI Score
0.0004EPSS
Oracle Linux 9 : .NET / 8.0 (ELSA-2024-2842)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2842 advisory. Visual Studio Denial of Service Vulnerability (CVE-2024-30046) .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2024-30045) Note...
6.3CVSS
8.1AI Score
0.0005EPSS
Amazon Linux 2 : git (ALAS-2024-2535)
The version of git installed on the remote host is prior to 2.40.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2535 advisory. An issue was discovered in git where a client can convince upload-pack running on a server to allocate arbitrary amounts of memory,...
7.4AI Score
Oracle Linux 9 : .NET / 7.0 (ELSA-2024-2843)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2843 advisory. .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2024-30045) Visual Studio Denial of Service Vulnerability (CVE-2024-30046) Note...
6.3CVSS
8.1AI Score
0.0005EPSS
K000139616: MySQL vulnerability CVE-2024-21051
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
5.7AI Score
0.0004EPSS
K000139615: Node.js vulnerability CVE-2024-27982
Security Advisory Description The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly,...
5.8AI Score
0.0004EPSS
SUSE SLES15 Security Update : perl (SUSE-SU-2024:1630-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1630-1 advisory. Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set...
8.1CVSS
7.8AI Score
0.017EPSS
RHEL 9 : .NET 7.0 (RHSA-2024:2843)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2843 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
6.3CVSS
6.9AI Score
0.0005EPSS
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, by...
7.1CVSS
7.1AI Score
0.0004EPSS
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, by...
7.1CVSS
7.1AI Score
0.0004EPSS
(RHSA-2024:2843) Important: .NET 7.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19....
6.1AI Score
0.0005EPSS
(RHSA-2024:2842) Important: .NET 8.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5....
6.1AI Score
0.0005EPSS
After a relatively hefty Microsoft Patch Tuesday in April, this month's security update from the company only included one critical vulnerability across its massive suite of products and services. In all, May's slate of vulnerabilities disclosed by Microsoft included 59 total CVEs, most of which...
7.8CVSS
7.3AI Score
0.001EPSS
5.4CVSS
6.2AI Score
0.0005EPSS
7.8CVSS
6.3AI Score
0.0004EPSS
5.5CVSS
6.2AI Score
0.0004EPSS
5.5CVSS
7.3AI Score
0.0005EPSS
6.5CVSS
6.1AI Score
0.0005EPSS
7.8CVSS
6.4AI Score
0.0004EPSS
7.8CVSS
6.6AI Score
0.002EPSS
7.5CVSS
7AI Score
0.001EPSS
7.8CVSS
6.4AI Score
0.0004EPSS
7.8CVSS
6.4AI Score
0.0004EPSS
7.8CVSS
6.3AI Score
0.0004EPSS
7.5CVSS
7AI Score
0.001EPSS
7.5CVSS
7AI Score
0.001EPSS
7.5CVSS
7AI Score
0.001EPSS
8.1CVSS
6.9AI Score
0.001EPSS
6.5CVSS
6.3AI Score
0.0004EPSS
5.5CVSS
6.1AI Score
0.0004EPSS
7.5CVSS
7AI Score
0.001EPSS
7.5CVSS
7AI Score
0.001EPSS
8.8CVSS
7AI Score
0.001EPSS