Summary There is a vulnerability in Eclipse JGit used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2023-4759 DESCRIPTION: **Eclipse JGit could allow a remote...
8.8CVSS
7.3AI Score
0.001EPSS
Summary There is a vulnerability in Netty used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2023-34462 DESCRIPTION: **Netty is vulnerable to a denial of service,...
6.5CVSS
9AI Score
0.001EPSS
Summary There are multiple vulnerabilities in Golang Go used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-32149 DESCRIPTION: **Golang Go is vulnerable to a...
7.5CVSS
8.3AI Score
0.024EPSS
Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy
Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, "only 59% of organizations say their cybersecurity strategy has changed over the past two years." This stagnation in strategy adaptation can be traced back to several key...
7AI Score
WordPress NitroPack - Cache & Speed Optimization Plugin < 1.10.3 CSRF Vulnerability
The WordPress...
8.8CVSS
7AI Score
0.001EPSS
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Over the last two weeks, there were 263 vulnerabilities disclosed in 217 WordPress Plugins and 3 WordPress themes that have been added to the...
9.8CVSS
10AI Score
EPSS
Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...
8.8CVSS
8.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...
8.8CVSS
6.3AI Score
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...
8.8CVSS
7.2AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...
5.4CVSS
8.9AI Score
0.001EPSS
GitLab < 15.6.8 (CRITICAL-SECURITY-RELEASE-GITLAB-15-8-2-RELEASED)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to...
7.5CVSS
7AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection.This issue affects MDO: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any...
9.8CVSS
9.5AI Score
0.001EPSS
Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks
Microsoft on Thursday said it's once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. "The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access...
7.1CVSS
7AI Score
0.002EPSS
Financially motivated threat actors misusing App Installer
Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme (App Installer) to distribute malware. In addition to ensuring that...
7.1CVSS
7.3AI Score
0.002EPSS
GLSA-202312-15 : Git: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202312-15 (Git: Multiple Vulnerabilities) Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a .gitattributes file to...
9.8CVSS
7.9AI Score
0.013EPSS
[5.14.0-362.13.1.el9_3.OL9] - x86/retpoline: Document some thunk handling aspects (Borislav Petkov) {CVE-2023-20569} - objtool: Fix return thunk patching in retpolines (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Remove unnecessary semicolon (Yang Li) {CVE-2023-20569} - x86/calldepth: Rename...
7.8CVSS
7.7AI Score
0.001EPSS
unsafe-libyaml unaligned write of u64 on 32-bit and 16-bit platforms
Affected versions allocate memory using the alignment of usize and write data to it of type u64, without using core::ptr::write_unaligned. In platforms with sub-64bit alignment for usize (including wasm32 and x86) these writes are insufficiently aligned some of the time. If using an ordinary...
7AI Score
unsafe-libyaml unaligned write of u64 on 32-bit and 16-bit platforms
Affected versions allocate memory using the alignment of usize and write data to it of type u64, without using core::ptr::write_unaligned. In platforms with sub-64bit alignment for usize (including wasm32 and x86) these writes are insufficiently aligned some of the time. If using an ordinary...
7AI Score
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 16 vulnerabilities disclosed in 16 WordPress Plugins and no WordPress themes that have been added to the Wordfence...
9.8CVSS
7.8AI Score
0.935EPSS
Incorrect Termination Condition
Lines of code Vulnerability details The provided termination condition if (pos >= (size / 2) && pos <= size) is incorrect. This condition is not suitable for terminating the maxHeapify function. It should instead be based on comparing values in the heap to ensure the max heap property. The...
7.2AI Score
Unaligned write of u64 on 32-bit and 16-bit platforms
Affected versions allocate memory using the alignment of usize and write data to it of type u64, without using core::ptr::write_unaligned. In platforms with sub-64bit alignment for usize (including wasm32 and x86) these writes are insufficiently aligned some of the time. If using an ordinary...
7.1AI Score
VED-eBPF - Kernel Exploit And Rootkit Detection Using eBPF
VED (Vault Exploit Defense)-eBPF leverages eBPF (extended Berkeley Packet Filter) to implement runtime kernel security monitoring and exploit detection for Linux systems. Introduction eBPF is an in-kernel virtual machine that allows code execution in the kernel without modifying the kernel source.....
7.8AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were.....
9.8CVSS
9.6AI Score
EPSS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.5AI Score
0.732EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.326.6.el7] - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (Junxiao Bi) [Orabug: 35914789] - md: bypass block throttle for superblock update (Junxiao Bi) [Orabug: 35914789] [5.4.17-2136.326.5.el7] - Revert 'tracing: Increase trace array ref count on enable and filter...
8.8CVSS
8AI Score
0.024EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.326.6.el8] - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (Junxiao Bi) [Orabug: 35914789] - md: bypass block throttle for superblock update (Junxiao Bi) [Orabug: 35914789] [5.4.17-2136.326.5.el8] - Revert 'tracing: Increase trace array ref count on enable and filter...
8.8CVSS
8AI Score
0.024EPSS
Unbreakable Enterprise kernel security update
[5.15.0-201.135.6] - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller (Johnathan Mantey) - netfilter: nf_tables: split async and sync catchall in two functions (Pablo Neira Ayuso) - netfilter: nf_tables: remove catchall element in GC sync path (Pablo Neira Ayuso) - scsi:...
8.8CVSS
8.8AI Score
0.024EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.326.6] - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (Junxiao Bi) [Orabug: 35914789] - md: bypass block throttle for superblock update (Junxiao Bi) [Orabug: 35914789] [5.4.17-2136.326.5] - Revert 'tracing: Increase trace array ref count on enable and filter files'...
8.8CVSS
9.8AI Score
0.024EPSS
Building an AppSec Program with Qualys WAS – Additional Configurations and Review & Confirm
Part 4 - Configuring a Web Application or API: Additional Configurations Now that we have completed the basic information, crawl settings, and default scan configurations, we can shift our attention to additional configurations designed to optimize scanning and provide granular control over how...
8AI Score
SpeedyCache < 1.1.3 - Authenticated (Subscriber+) Server-Side Request Forgery
Description The SpeedyCache – Cache, Optimization, Performance plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.2 via the speedycache_create_test_cache() function. This makes it possible for authenticated attackers, subscriber-level access....
4.3CVSS
6.5AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 27, 2023 to December 3, 2023)
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were.....
9.8CVSS
9.6AI Score
EPSS
Mitsubishi Electric FA Engineering Software Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Mitsubishi Electric Equipment: MELIPC , MELSEC iQ-R, and MELSEC Q Series Vulnerabilities: Processor Optimization Removal or Modification of Security-Critical Code, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these...
5.5CVSS
7.2AI Score
0.0005EPSS
Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through...
4.9CVSS
5AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through...
4.3CVSS
0.0004EPSS
Server side request forgery (ssrf)
Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through...
4.3CVSS
7.2AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through...
4.9CVSS
5.5AI Score
0.0004EPSS
Summary There is a vulnerability in the Apache Commons FileUpload library used by BM Jazz Reporting Service. This has been addressed in the remediation section. Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of...
7.5CVSS
6.8AI Score
0.034EPSS
Summary A vulnerability has been identified in the Apache Commons IO library, which is included in IBM® Jazz Reporting Service. This has been addressed in the remediation section. Vulnerability Details ** CVEID: CVE-2021-29425 DESCRIPTION: **Apache Commons IO could allow a remote attacker to...
4.8CVSS
6.6AI Score
0.002EPSS
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 126 vulnerabilities disclosed in 102 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence...
9.8CVSS
9AI Score
EPSS
Within the sphere of IT, 'network accessibility' is a term frequently used. Yet, does everyone understand its connotation? Simplistically put, network accessibility alludes to how readily a network or system can be accessed by its users. It quantifies to what extent a system is functioning and...
7.9AI Score
Website Optimization – Plerdy < 1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
4.8CVSS
6AI Score
0.001EPSS
The Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
4.8CVSS
5AI Score
0.001EPSS
The Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
4.8CVSS
0.001EPSS
The Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
4.8CVSS
6.1AI Score
0.001EPSS
The Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
4.4CVSS
5AI Score
0.001EPSS
AI Solutions Are the New Shadow IT
Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks Like the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot. Employees are covertly using AI with little regard for established IT and cybersecurity review procedures....
6.2AI Score
(RHSA-2023:7361) Moderate: ncurses security update
The ncurses (new curses) library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool...
7.2AI Score
0.0004EPSS
4.8CVSS
5.5AI Score
0.0005EPSS
container-tools:ol8 security and bug fix update
aardvark-dns [2:1.7.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.7.0 - Related: #2176055 [2:1.6.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.6.0 - Related: #2176055 buildah [1:1.31.3-1] - update to...
9.8CVSS
8.8AI Score
0.024EPSS
rubygem-abrt [0.3.0-4] - Execute test suite unconditionally. - Upload correct sources. [0.3.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.3.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.3.0-1] - Update to abrt 0.3.0. [0.2.0-2] - Rebuilt...
8.8CVSS
8.2AI Score
0.004EPSS