RHEL 8 : webkitgtk (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. webkit: heap use-after-free may lead to arbitrary code execution (CVE-2023-42950) An inconsistent user...
8.8CVSS
8AI Score
0.001EPSS
Moderate: ruby:3.1 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) ruby: Buffer overread vulnerability in StringIO...
7.2AI Score
EPSS
Slack integration leaks sensitive information in logs
Impact Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it is possible under specific configurations, an attacker can forge...
2CVSS
6.5AI Score
0.0004EPSS
Slack integration leaks sensitive information in logs
Impact Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it is possible under specific configurations, an attacker can forge...
2CVSS
6.5AI Score
0.0004EPSS
A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched...
6.3CVSS
7.7AI Score
0.0004EPSS
A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched...
6.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-5588 itsourcecode Learning Management System processscore.php sql injection
A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched...
6.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-5588 itsourcecode Learning Management System processscore.php sql injection
A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched...
6.3CVSS
7.4AI Score
0.0004EPSS
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle...
9.1CVSS
7.3AI Score
0.0004EPSS
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle...
9.1CVSS
9.4AI Score
0.0004EPSS
CVE-2024-36391 MileSight DeviceHub - CWE-320: Key Management Errors
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle...
9.1CVSS
7AI Score
0.0004EPSS
CVE-2024-36391 MileSight DeviceHub - CWE-320: Key Management Errors
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle...
9.1CVSS
9.4AI Score
0.0004EPSS
7.4AI Score
6.7AI Score
0.0004EPSS
AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform
Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week. "We have suspicions that a subset of Spaces' secrets could have been accessed without authorization," it said in an advisory. Spaces offers a way for....
7.5AI Score
9.8CVSS
7.1AI Score
EPSS
Moodle CSRF risk in analytics management of models
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF...
6.4AI Score
0.0004EPSS
Moodle CSRF risk in analytics management of models
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF...
6.4AI Score
0.0004EPSS
Moodle CSRF risk in admin preset tool management of presets
Actions in the admin preset tool did not include the necessary token to prevent a CSRF...
6.4AI Score
0.0004EPSS
Moodle CSRF risk in admin preset tool management of presets
Actions in the admin preset tool did not include the necessary token to prevent a CSRF...
6.4AI Score
0.0004EPSS
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF...
6.7AI Score
0.0004EPSS
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF...
6.4AI Score
0.0004EPSS
CVE-2024-34008 moodle: CSRF risk in analytics management of models
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF...
6.3AI Score
0.0004EPSS
CVE-2024-34001 moodle: CSRF risk in admin preset tool management of presets
Actions in the admin preset tool did not include the necessary token to prevent a CSRF...
6.3AI Score
0.0004EPSS
CVE-2024-34001 moodle: CSRF risk in admin preset tool management of presets
Actions in the admin preset tool did not include the necessary token to prevent a CSRF...
6.7AI Score
0.0004EPSS
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....
2CVSS
3.8AI Score
0.0004EPSS
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....
2CVSS
7.1AI Score
0.0004EPSS
CVE-2024-35196 Slack integration leaks sensitive information in logs in Sentry
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....
2CVSS
6.9AI Score
0.0004EPSS
CVE-2024-35196 Slack integration leaks sensitive information in logs in Sentry
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....
2CVSS
3.8AI Score
0.0004EPSS
casgate is an Open Source Identity and Access Management system. In affected versions casgate allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR #201 which is pending merge. An attacker could use id...
9.8CVSS
9.6AI Score
0.0004EPSS
casgate is an Open Source Identity and Access Management system. In affected versions casgate allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR #201 which is pending merge. An attacker could use id...
9.8CVSS
7.2AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....
5.9CVSS
6.1AI Score
0.0004EPSS
CVE-2024-36108 Multiple Broken Function-Level Authorization vulnerabilities in casgate
casgate is an Open Source Identity and Access Management system. In affected versions casgate allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR #201 which is pending merge. An attacker could use id...
9.8CVSS
9.6AI Score
0.0004EPSS
Ars0N-Framework - A Modern Framework For Bug Bounty Hunting
Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...
7AI Score
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
CVE-2024-24919 An Vulnerability detection and Exploitation...
8.6CVSS
6.1AI Score
0.945EPSS
Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative...
8.3CVSS
6.5AI Score
0.0004EPSS
Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative...
8.3CVSS
8.1AI Score
0.0004EPSS
CVE-2024-5525 Improper privilege management vulnerability in Astrotalks
Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative...
8.3CVSS
8.1AI Score
0.0004EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....
7.2CVSS
6.4AI Score
0.001EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....
7.2CVSS
6AI Score
0.001EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....
7.2CVSS
6.1AI Score
0.001EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....
7.2CVSS
6.4AI Score
0.001EPSS
HP LaserJet Printers XSS (HPSBPI03940)
Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
6.1AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF...
6.6AI Score
0.0004EPSS
K000139859: Envoy vulnerability CVE-2024-30255
Security Advisory Description Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an....
5.3CVSS
6.7AI Score
0.0004EPSS
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even....
5.5CVSS
6.5AI Score
0.0004EPSS
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even....
5.5CVSS
6.7AI Score
0.0004EPSS