An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack...
10CVSS
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Web API Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code...
7.7AI Score
0.0004EPSS
Google’s Chrome changes make life harder for ad blockers
Despite protests, Google is rolling out changes in the Chrome browser that make it harder for ad blockers to do their job. Starting last Monday, June 3, 2024, Chrome Beta, Dev, and Canary channels will see the effects of the implementation of the new extension platform Manifest V3. The gradual...
7AI Score
Sensitive Information Exposure
h2o is vulnerable to Sensitive Information Exposure. The vulnerability is due the Typeahead API call which allows an attacker to lookup arbitrary system paths in the entire file system where h2o-3 is...
5.3CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through...
5.3CVSS
0.0004EPSS
zenml is vulnerable to Improper Authorization. The vulnerability is due to improper authorization controls in the API PUT /api/v1/users/id endpoint, allowing any authenticated user to modify other users' information, including deactivating...
6.5CVSS
6.5AI Score
0.0004EPSS
Update 24.1 for Microsoft Dynamics 365 Business Central (on-premises) 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...
8.8CVSS
8.9AI Score
0.001EPSS
Description of the security update for SharePoint Server 2019: June 11, 2024 (KB5002602)
Description of the security update for SharePoint Server 2019: June 11, 2024 (KB5002602) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...
7.8CVSS
8AI Score
0.001EPSS
Description of the security update for SharePoint Enterprise Server 2016: June 11, 2024 (KB5002604)
Description of the security update for SharePoint Enterprise Server 2016: June 11, 2024 (KB5002604) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...
7.8CVSS
8AI Score
0.001EPSS
Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign
As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought. Google-owned Mandiant, which is assisting the.....
8AI Score
litellm is vulnerable to SQL Injection. The vulnerability is due to improper handling of the 'user_id' parameter in the raw SQL query used for deleting users. This allows an attacker to inject malicious SQL commands, leading to potential unauthorized access to sensitive information such as API...
4.9CVSS
6.7AI Score
0.0004EPSS
9.8CVSS
7.1AI Score
0.853EPSS
The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
4.4CVSS
5.4AI Score
0.0004EPSS
KB5039217: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2024)
The remote Windows host is missing security update 5039217. It is, therefore, affected by multiple vulnerabilities Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability (CVE-2024-30097) Windows Remote Access Connection Manager Information Disclosure...
9.8CVSS
7.8AI Score
0.003EPSS
Linux kernel (OEM) vulnerabilities
Releases Ubuntu 24.04 LTS Packages linux-oem-6.8 - Linux kernel for OEM systems Details Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this...
7.8CVSS
8.6AI Score
0.0005EPSS
The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
4.4CVSS
6.7AI Score
0.0004EPSS
KB5039294: Windows Server 2012 R2 Security Update (June 2024)
The remote Windows host is missing security update 5039294. It is, therefore, affected by multiple vulnerabilities Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (CVE-2024-30080) DHCP Server Service Denial of Service Vulnerability (CVE-2024-30070) Windows OLE Remote...
9.8CVSS
7.6AI Score
0.003EPSS
RHEL 8 : fence-agents (RHSA-2024:3795)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3795 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...
5.4CVSS
7.3AI Score
0.0004EPSS
Ubuntu 23.10 : Linux kernel vulnerabilities (USN-6819-2)
The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...
7.8CVSS
8.1AI Score
0.001EPSS
KB5039236: Windows 11 version 22H2 / Windows Server version 23H2 Security Update (June 2024)
The remote Windows host is missing security update 5039236. It is, therefore, affected by multiple vulnerabilities Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability (CVE-2024-30097) Windows Remote Access Connection Manager Information Disclosure...
9.8CVSS
7.3AI Score
0.003EPSS
KB5039274: Windows Server 2008 R2 Security Update (June 2024)
The remote Windows host is missing security update 5039274. It is, therefore, affected by multiple vulnerabilities Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (CVE-2024-30080) Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability...
9.8CVSS
7.7AI Score
0.003EPSS
KB5039211: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (June 2024)
The remote Windows host is missing security update 5039211. It is, therefore, affected by multiple vulnerabilities Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability (CVE-2024-30097) Windows Remote Access Connection Manager Information Disclosure...
9.8CVSS
8.6AI Score
0.003EPSS
KB5039225: Windows 10 LTS 1507 Security Update (June 2024)
The remote Windows host is missing security update 5039225. It is, therefore, affected by multiple vulnerabilities Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability (CVE-2024-30097) Windows Remote Access Connection Manager Information Disclosure...
9.8CVSS
8.5AI Score
0.003EPSS
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...
5.5CVSS
6.7AI Score
0.0004EPSS
[4.10.0-62.3] - bundled jinja2: fix CVE-2024-34064 Resolves: RHEL-36482 [4.10.0-62.2] - fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer Resolves: RHEL-35273 [4.10.0-62.1] - ha-cloud-support: upgrade bundled pyroute2 libs to fix issue in gcp-vpc-move-route's stop-action Resolves:...
5.4CVSS
7.3AI Score
0.0004EPSS
7.8CVSS
8.8AI Score
0.0005EPSS
Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to...
9.8CVSS
6.7AI Score
0.001EPSS
7.8CVSS
8.8AI Score
0.001EPSS
How to Add a Blueprint Target Using Execution Hooks From the Policy API
This article explains how to set resources other than namespaces as the hooks for blueprint...
7AI Score
8CVSS
8AI Score
0.0004EPSS
Description The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create.....
6.5CVSS
6.9AI Score
0.0005EPSS
Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6820-2)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6820-2 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....
8CVSS
10AI Score
0.0004EPSS
KB5039227: Windows 2022 / Azure Stack HCI 22H2 Security Update (June 2024)
The remote Windows host is missing security update 5039227. It is, therefore, affected by multiple vulnerabilities Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability (CVE-2024-30097) Windows Remote Access Connection Manager Information Disclosure...
9.8CVSS
7.5AI Score
0.003EPSS
KB5039260: Windows Server 2012 Security Update (June 2024)
The remote Windows host is missing security update 5039260. It is, therefore, affected by multiple vulnerabilities Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (CVE-2024-30080) DHCP Server Service Denial of Service Vulnerability (CVE-2024-30070) Windows OLE Remote...
9.8CVSS
8AI Score
0.003EPSS
KB5039213: Windows 11 version 21H2 Security Update (June 2024)
The remote Windows host is missing security update 5039213. It is, therefore, affected by multiple vulnerabilities Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability (CVE-2024-30097) Windows Remote Access Connection Manager Information Disclosure...
9.8CVSS
8.7AI Score
0.003EPSS
KB5039214: Windows 10 Version 1607 / Windows Server 2016 Security Update (June 2024)
The remote Windows host is missing security update 5039214. It is, therefore, affected by multiple vulnerabilities Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability (CVE-2024-30097) Windows Remote Access Connection Manager Information Disclosure...
9.8CVSS
7.8AI Score
0.003EPSS
KB5039266: Windows Server 2008 Security Update (June 2024)
The remote Windows host is missing security update 5039266. It is, therefore, affected by multiple vulnerabilities Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (CVE-2024-30080) Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability...
9.8CVSS
7.7AI Score
0.003EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6821-3)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-3 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free...
8CVSS
8.6AI Score
0.0004EPSS
Ubuntu 20.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6828-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6828-1 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...
8CVSS
8.9AI Score
EPSS
CentOS 9 : openssl-3.2.2-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the openssl-3.2.2-1.el9 build changelog. Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact...
7.4AI Score
EPSS
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...
5.5CVSS
6.7AI Score
0.0004EPSS
Moderate: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): jinja2: accepts keys containing non-attribute characters...
5.4CVSS
7AI Score
0.0004EPSS
KB5039212: Windows 11 version 22H2 / Windows 11 version 23H2 Security Update (June 2024)
The remote Windows host is missing security update 5039212. It is, therefore, affected by multiple vulnerabilities Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability (CVE-2024-30097) Windows Remote Access Connection Manager Information Disclosure...
9.8CVSS
8.5AI Score
0.003EPSS
CVE-2024-22261 SQL Injection in Harbor scan log API
SQL-Injection in Harbor allows priviledge users to leak the task...
2.7CVSS
0.0004EPSS
Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation as part of UMS and as an application server for container deployments. This bulletin identifies the security fixes to apply to address the vulnerability. ...
7.5CVSS
8.2AI Score
0.732EPSS
Langflow remote code execution vulnerability
Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python...
9.8CVSS
7.8AI Score
0.001EPSS
Langflow remote code execution vulnerability
Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python...
9.8CVSS
8.1AI Score
0.001EPSS