Lucene search

K

Windows Defender On Windows Server, Version 2004 (Server Core Installation) Security Vulnerabilities

openbugbounty
openbugbounty

goettrupvand.dk Cross Site Scripting vulnerability OBB-3939282

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-27 02:25 PM
1
openbugbounty
openbugbounty

khabarbharat24.co.in Cross Site Scripting vulnerability OBB-3939277

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-27 02:18 PM
1
openbugbounty
openbugbounty

sameera.co.in Cross Site Scripting vulnerability OBB-3939274

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-27 02:14 PM
1
malwarebytes
malwarebytes

‘Poseidon’ Mac stealer distributed via Google ads

On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity. It was previously used to drop a Windows...

6.5AI Score

2024-06-27 01:00 PM
1
openbugbounty
openbugbounty

arnd.nl Cross Site Scripting vulnerability OBB-3939273

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-27 12:49 PM
2
openbugbounty
openbugbounty

goedbezigvalkenswaard.nl Cross Site Scripting vulnerability OBB-3939272

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-27 12:45 PM
2
nvd
nvd

CVE-2024-6367

A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp of the component POST Request Handler. The manipulation of the argument...

3.5CVSS

EPSS

2024-06-27 12:15 PM
1
cve
cve

CVE-2024-6367

A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp of the component POST Request Handler. The manipulation of the argument...

3.5CVSS

3.9AI Score

EPSS

2024-06-27 12:15 PM
3
talosblog
talosblog

Snowflake isn’t an outlier, it’s the canary in the coal mine

By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login credentials for...

7.6AI Score

2024-06-27 12:01 PM
1
thn
thn

The Secrets of Hidden AI Training on Your Data

While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing's research indicates that an astounding 99.7% of organizations utilize applications embedded with AI functionalities. These AI-driven tools are indispensable,...

6.7AI Score

2024-06-27 11:40 AM
3
cvelist
cvelist

CVE-2024-6367 LabVantage LIMS POST Request cross site scripting

A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp of the component POST Request Handler. The manipulation of the argument...

3.5CVSS

EPSS

2024-06-27 11:31 AM
2
openbugbounty
openbugbounty

eromon.net Open Redirect vulnerability OBB-3939266

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.9AI Score

2024-06-27 11:24 AM
2
cve
cve

CVE-2024-6262

The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....

6.4CVSS

5.7AI Score

EPSS

2024-06-27 11:15 AM
2
nvd
nvd

CVE-2024-6262

The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....

6.4CVSS

EPSS

2024-06-27 11:15 AM
1
cve
cve

CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...

6.6AI Score

EPSS

2024-06-27 11:15 AM
11
nvd
nvd

CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...

EPSS

2024-06-27 11:15 AM
3
cvelist
cvelist

CVE-2024-6262 Portfolio Gallery – Image Gallery Plugin <= 1.6.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....

6.4CVSS

EPSS

2024-06-27 11:03 AM
2
openbugbounty
openbugbounty

lectitopublishing.nl Cross Site Scripting vulnerability OBB-3939260

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-27 10:52 AM
2
openbugbounty
openbugbounty

pusob.edu.np Open Redirect vulnerability OBB-3939259

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-27 10:49 AM
6
cvelist
cvelist

CVE-2024-5535 SSL_select_next_proto buffer overread

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...

EPSS

2024-06-27 10:30 AM
4
vulnrichment
vulnrichment

CVE-2024-5535 SSL_select_next_proto buffer overread

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...

6.9AI Score

EPSS

2024-06-27 10:30 AM
1
nvd
nvd

CVE-2024-0949

Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...

9.8CVSS

EPSS

2024-06-27 10:15 AM
4
cve
cve

CVE-2024-0949

Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...

9.8CVSS

9.5AI Score

EPSS

2024-06-27 10:15 AM
cve
cve

CVE-2024-0947

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...

9.8CVSS

9.6AI Score

EPSS

2024-06-27 10:15 AM
2
nvd
nvd

CVE-2024-0947

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...

9.8CVSS

EPSS

2024-06-27 10:15 AM
3
thn
thn

Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case of prompt...

8.1CVSS

8.6AI Score

0.0004EPSS

2024-06-27 10:04 AM
9
cvelist
cvelist

CVE-2024-0949 Improper Access Control in Talya Informatics' Elektraweb

Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...

9.8CVSS

EPSS

2024-06-27 09:36 AM
2
thn
thn

How to Use Python to Build Secure Blockchain Applications

Did you know it's now possible to build blockchain applications, known also as decentralized applications (or "dApps" for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now. AlgoKit, an...

6.9AI Score

2024-06-27 09:30 AM
4
vulnrichment
vulnrichment

CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...

9.8CVSS

7AI Score

EPSS

2024-06-27 09:27 AM
cvelist
cvelist

CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...

9.8CVSS

EPSS

2024-06-27 09:27 AM
2
cbl_mariner
cbl_mariner

CVE-2004-2779 affecting package libid3tag 0.15.1b-33

CVE-2004-2779 affecting package libid3tag 0.15.1b-33. No patch is available...

7.5CVSS

7.1AI Score

0.001EPSS

2024-06-27 09:08 AM
7
cbl_mariner
cbl_mariner

CVE-2020-1472 affecting package samba for versions less than 4.12.5-4

CVE-2020-1472 affecting package samba for versions less than 4.12.5-4. A patched version of the package is...

5.5CVSS

7.2AI Score

0.467EPSS

2024-06-27 09:08 AM
4
wolfi
wolfi

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: neuvector-sigstore-interface, tkn, slsa-verifier, spire-server, flux-source-controller, wolfictl, policy-controller, falco, aactl, melange, gitsign, vexctl, tekton-chains, goreleaser, zot, falcoctl, kubescape, zarf, apko, ko,...

7.5AI Score

2024-06-27 09:08 AM
88
wolfi
wolfi

CVE-2024-29018 vulnerabilities

Vulnerabilities for packages: grype, loki, buildkitd, crossplane, up, kaniko, tkn, docker-compose, ctop, spire-server, syft, wolfictl, conftest, prometheus, datadog-agent, aactl, melange, trivy, goreleaser, dagger, zot, buf, kubescape, cadvisor, ko, kargo,...

5.9CVSS

6.1AI Score

0.0004EPSS

2024-06-27 09:08 AM
159
wolfi
wolfi

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: keda, tkn, slsa-verifier, spire-server, flux-source-controller, traefik, cilium-envoy, cloudflared, oauth2-proxy, terragrunt, cert-manager, kyverno, dex, falco, aactl, istio-pilot-discovery, gitsign, sops, vexctl, tekton-chains, kots, rekor, flux-kustomize-controller,....

7.5AI Score

2024-06-27 09:08 AM
347
wolfi
wolfi

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: grype, loki, buildkitd, crossplane, up, kaniko, tkn, docker-compose, ctop, spire-server, syft, wolfictl, conftest, prometheus, datadog-agent, aactl, melange, trivy, goreleaser, dagger, zot, buf, kubescape, cadvisor, ko, kargo,...

7.5AI Score

2024-06-27 09:08 AM
144
wolfi
wolfi

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...

7.8AI Score

0.0004EPSS

2024-06-27 09:08 AM
192
wolfi
wolfi

CVE-2024-21506 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, py3-pymongo,...

6.7AI Score

0.0004EPSS

2024-06-27 09:08 AM
45
cbl_mariner
cbl_mariner

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

7.5CVSS

7.3AI Score

0.005EPSS

2024-06-27 09:08 AM
7
cbl_mariner
cbl_mariner

CVE-2023-45284 affecting package golang for versions less than 1.21.6-1

CVE-2023-45284 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

5.3CVSS

7.3AI Score

0.001EPSS

2024-06-27 09:08 AM
6
cbl_mariner
cbl_mariner

CVE-2023-45287 affecting package golang for versions less than 1.21.6-1

CVE-2023-45287 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

7.5CVSS

7.3AI Score

0.001EPSS

2024-06-27 09:08 AM
7
cbl_mariner
cbl_mariner

CVE-2023-44487 affecting package golang for versions less than 1.21.6-1

CVE-2023-44487 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

7.5CVSS

7.3AI Score

0.732EPSS

2024-06-27 09:08 AM
12
wolfi
wolfi

CVE-2024-21885 vulnerabilities

Vulnerabilities for packages:...

7.8CVSS

7.1AI Score

0.0004EPSS

2024-06-27 09:08 AM
45
wolfi
wolfi

CVE-2024-21886 vulnerabilities

Vulnerabilities for packages:...

7.8CVSS

7.1AI Score

0.0004EPSS

2024-06-27 09:08 AM
45
wolfi
wolfi

GHSA-49WX-9H9F-8C9G vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-27 09:08 AM
44
wolfi
wolfi

CVE-2024-31080 vulnerabilities

Vulnerabilities for packages:...

7.3CVSS

7.1AI Score

0.0005EPSS

2024-06-27 09:08 AM
38
cbl_mariner
cbl_mariner

CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0

CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0. A patched version of the package is...

5.5CVSS

6AI Score

0.001EPSS

2024-06-27 09:08 AM
21
cbl_mariner
cbl_mariner

CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3

CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3. A patched version of the package is...

7.5CVSS

7.3AI Score

0.008EPSS

2024-06-27 09:08 AM
11
cbl_mariner
cbl_mariner

CVE-2023-39326 affecting package golang for versions less than 1.21.6-1

CVE-2023-39326 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

5.3CVSS

7.3AI Score

0.001EPSS

2024-06-27 09:08 AM
13
cbl_mariner
cbl_mariner

CVE-2023-7008 affecting package systemd for versions less than 123

CVE-2023-7008 affecting package systemd for versions less than 123. A patched version of the package is...

5.9CVSS

5.8AI Score

0.001EPSS

2024-06-27 09:08 AM
12
Total number of security vulnerabilities2403200