Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the...
7.5CVSS
6.7AI Score
0.0004EPSS
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the...
7.5CVSS
7.7AI Score
0.0004EPSS
CVE-2024-3742 Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the...
7.5CVSS
7.7AI Score
0.0004EPSS
CVE-2024-3742 Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the...
7.5CVSS
6.8AI Score
0.0004EPSS
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall...
6AI Score
0.0004EPSS
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless...
5.8AI Score
0.0004EPSS
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall...
5.8AI Score
0.0004EPSS
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless...
6AI Score
0.0004EPSS
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall...
5.8AI Score
0.0004EPSS
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall...
6AI Score
0.0004EPSS
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless...
5.8AI Score
0.0004EPSS
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall...
6AI Score
0.0004EPSS
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless...
6AI Score
0.0004EPSS
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall...
5.8AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...
8.8AI Score
EPSS
Introduction In today's tech-driven world, cloud computing has completely changed how businesses store and manage their data. It offers many advantages, like flexibility, scalability, and cost savings, making it a go-to choice for organizations of all sizes. Keeping your data secure, especially in....
8.1AI Score
VectorKernel - PoCs For Kernelmode Rootkit Techniques Research
PoCs for Kernelmode rootkit techniques research or education. Currently focusing on Windows OS. All modules support 64bit OS only. NOTE Some modules use ExAllocatePool2 API to allocate kernel pool memory. ExAllocatePool2 API is not supported in OSes older than Windows 10 Version 2004. If you want.....
7.6AI Score
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AGILELOGIX Store Locator WordPress.This issue affects Store Locator WordPress: from n/a through...
6.8CVSS
6.6AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AGILELOGIX Store Locator WordPress.This issue affects Store Locator WordPress: from n/a through...
6.8CVSS
6.5AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AGILELOGIX Store Locator WordPress.This issue affects Store Locator WordPress: from n/a through...
6.8CVSS
6.8AI Score
0.0004EPSS
New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks
A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure. The malware is "notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android.....
7AI Score
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless...
6AI Score
0.0004EPSS
7.8CVSS
7AI Score
EPSS
Amazon Linux 2 : tigervnc (ALAS-2024-2510)
The version of tigervnc installed on the remote host is prior to 1.8.0-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2510 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function....
7.8CVSS
7.3AI Score
0.0005EPSS
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall...
6AI Score
0.0004EPSS
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall...
6AI Score
0.0004EPSS
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless...
6AI Score
0.0004EPSS
Amazon Linux 2 : xorg-x11-server (ALAS-2024-2511)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2511 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies,...
7.8CVSS
7.2AI Score
0.0005EPSS
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall...
6AI Score
0.0004EPSS
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless...
6AI Score
0.0004EPSS
The Windows Registry Adventure #2: A brief history of the feature
Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values",...
6.3AI Score
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command...
5.5CVSS
6.6AI Score
0.0004EPSS
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command...
5.5CVSS
5.5AI Score
0.0004EPSS
CVE-2024-29952 Clear text storage of sensistive information by manipulating command variables
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command...
5.5CVSS
6.8AI Score
0.0004EPSS
CVE-2024-29952 Clear text storage of sensistive information by manipulating command variables
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command...
5.5CVSS
5.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: fix out of bounds memory access The problem is detected by KASAN. btrtl driver uses private hci data to store 'struct btrealtek_data'. If btrtl driver is used with btusb, then memory for private hci data is...
6.9AI Score
0.0004EPSS
linux-xilinx-zynqmp vulnerabilities
Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash)....
7.8CVSS
7.6AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: fix out of bounds memory access The problem is detected by KASAN. btrtl driver uses private hci data to store 'struct btrealtek_data'. If btrtl driver is used with btusb, then memory for private hci data is...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: fix out of bounds memory access The problem is detected by KASAN. btrtl driver uses private hci data to store 'struct btrealtek_data'. If btrtl driver is used with btusb, then memory for private hci data is...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: fix out of bounds memory access The problem is detected by KASAN. btrtl driver uses private hci data to store 'struct btrealtek_data'. If btrtl driver is used with btusb, then memory for private hci data is...
7.4AI Score
0.0004EPSS
CVE-2024-26890 Bluetooth: btrtl: fix out of bounds memory access
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: fix out of bounds memory access The problem is detected by KASAN. btrtl driver uses private hci data to store 'struct btrealtek_data'. If btrtl driver is used with btusb, then memory for private hci data is...
6.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
7.8CVSS
7AI Score
EPSS
Amazon Linux AMI : tigervnc (ALAS-2024-1927)
The version of tigervnc installed on the remote host is prior to 1.8.0-21.36. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1927 advisory. A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when...
7.8CVSS
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: fix out of bounds memory access The problem is detected by KASAN. btrtl driver uses private hci data to store 'struct btrealtek_data'. If btrtl driver is used with btusb, then memory for private hci data is...
6.6AI Score
0.0004EPSS
Essential Addons for Elementor < 5.9.15 - Contributor+ Store XSS via Widget URL
Description The plugin is vulnerable to Stored Cross-Site Scripting via the URL attributes of widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
6.4CVSS
5.8AI Score
0.0004EPSS
WP EasyCart < 5.6.0 - Cross-Site Request Forgery
Description The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.19. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to...
5.4CVSS
6.5AI Score
0.0004EPSS
Linux kernel (Xilinx ZynqMP) vulnerabilities
Releases Ubuntu 20.04 LTS Packages linux-xilinx-zynqmp - Linux kernel for Xilinx ZynqMP processors Details Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference...
7.8CVSS
7.5AI Score
EPSS