Compromising Bank Customer Trust: The Price of Inadequate Data Protection
Banks hold not just money, but also emotions and aspirations. Countless stories unfold within bank walls, reflecting the intimate connection between money and emotion. Beyond the numbers and transactions, every dollar represents individuals’ hopes, dreams, and livelihoods. As the trusted custodian....
7.5AI Score
SEO Plugin by Squirrly SEO < 12.3.17 - Reflected Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...
7.1CVSS
6.5AI Score
0.0004EPSS
5.4CVSS
7.2AI Score
0.0004EPSS
Data Security Fears: Congress Bans Staff Use of Microsoft’s AI Copilot
By Waqas Microsoft has acknowledged the concerns! This is a post from HackRead.com Read the original post: Data Security Fears: Congress Bans Staff Use of Microsoft's AI...
7.4AI Score
A week in security (March 25 – March 31)
Last week on Malwarebytes Labs: MFA bombing taken to the next level How to back up your Mac How to back up your Windows 10/11 PC to OneDrive How to back up your iPhone to a Windows computer How to back up your iPhone to a Mac How to back up your iPhone to iCloud Powering the future of ThreatDown...
7.4AI Score
WatchGuard XTM Firebox Unauthenticated Remote Command Execution Exploit
This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This...
9.8CVSS
8.2AI Score
0.842EPSS
SEO Backlink Monitor < 1.6.0 - Reflected Cross-Site Scripting
Description The SEO Backlink Monitor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
7.1CVSS
6.5AI Score
0.0004EPSS
MyBookTable Bookstore < 3.3.8 - Authenticated (Author+) Stored Cross-Site Scripting
Description The MyBookTable Bookstore plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SEO post data in versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access....
6.5CVSS
5.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech AI Twitter Feeds (Twitter widget & shortcode) allows Stored XSS.This issue affects AI Twitter Feeds (Twitter widget & shortcode): from n/a through...
6.5CVSS
9.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stephan Spencer SEO Title Tag allows Reflected XSS.This issue affects SEO Title Tag: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stephan Spencer SEO Title Tag allows Reflected XSS.This issue affects SEO Title Tag: from n/a through...
7.1CVSS
9.3AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech AI Twitter Feeds (Twitter widget & shortcode) allows Stored XSS.This issue affects AI Twitter Feeds (Twitter widget & shortcode): from n/a through...
6.5CVSS
6.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Techblissonline.Com (Rajesh) Platinum SEO allows Stored XSS.This issue affects Platinum SEO: from n/a through...
5.9CVSS
5.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Techblissonline.Com (Rajesh) Platinum SEO allows Stored XSS.This issue affects Platinum SEO: from n/a through...
5.9CVSS
9.1AI Score
0.0004EPSS
CVE-2024-31089 WordPress Platinum SEO plugin <= 2.4.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Techblissonline.Com (Rajesh) Platinum SEO allows Stored XSS.This issue affects Platinum SEO: from n/a through...
5.9CVSS
5.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stephan Spencer SEO Title Tag allows Reflected XSS.This issue affects SEO Title Tag: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech AI Twitter Feeds (Twitter widget & shortcode) allows Stored XSS.This issue affects AI Twitter Feeds (Twitter widget & shortcode): from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Yogurt Heist Reveals a Rampant Form of Online Fraud
Plus: “MFA bombing” attacks target Apple users, Israel deploys face recognition tech on Gazans, AI gets trained to spot tent encampments, and OSINT investigators find fugitive Amond...
6.9AI Score
The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the meta description field in all versions up to, and including, 1.6.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
7.6AI Score
0.0004EPSS
The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the meta description field in all versions up to, and including, 1.6.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
5.7AI Score
0.0004EPSS
The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the meta description field in all versions up to, and including, 1.6.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
5.8AI Score
0.0004EPSS
The Golden Age of Automated Penetration Testing is Here
Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often...
7.3AI Score
langchain_core is vulnerable to XML External Entity (XXE). The vulnerability is due to the usage of the etree module from the XML parser within the XMLOutputParser component of LangChain, allowing attackers to inject malicious input into the...
5.9CVSS
6.8AI Score
0.0004EPSS
Exploit for Server-Side Request Forgery in Anyscale Ray
PoC for a remote command execution vulnerability in Ray...
9.8CVSS
7.9AI Score
0.014EPSS
[SECURITY] Fedora 38 Update: chromium-123.0.6312.86-1.fc38
Chromium is an open-source web browser, powered by WebKit...
6.7AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: chromium-123.0.6312.86-1.fc39
Chromium is an open-source web browser, powered by WebKit...
6.7AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: onnx-1.14.0-9.fc39
onnx provides an open source format for AI models, both deep learning and traditional ML. It defines an extensible computation graph model, as well as definitions of built-in operators and standard data...
7.5CVSS
7.7AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: chromium-123.0.6312.86-1.fc40
Chromium is an open-source web browser, powered by WebKit...
6.7AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: onnx-1.14.1-2.fc40
onnx provides an open source format for AI models, both deep learning and traditional ML. It defines an extensible computation graph model, as well as definitions of built-in operators and standard data...
7.5CVSS
7.7AI Score
0.0004EPSS
Fedora: Security Advisory for onnx (FEDORA-2024-abe1e34fdb)
The remote host is missing an update for...
7.5CVSS
7.7AI Score
0.0004EPSS
9.8CVSS
7AI Score
0.842EPSS
7.1AI Score
0.0004EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-85531c965e)
The remote host is missing an update for...
8.8AI Score
0.0004EPSS
Fedora: Security Advisory for onnx (FEDORA-2024-270e3b5e9b)
The remote host is missing an update for...
7.5CVSS
7.7AI Score
0.0004EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-0bb0e8f2a0)
The remote host is missing an update for...
8.8AI Score
0.0004EPSS
Description The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the meta description field in all versions up to, and including, 1.6.13 due to insufficient input sanitization and output escaping on user supplied attributes. This...
6.4CVSS
5.7AI Score
0.0004EPSS
Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pg_signal_backend role. to superuser processes using the pg_signal_backend role. Exploitation of the vulnerability could allow a remote attacker to cause a...
8.8CVSS
9.5AI Score
0.015EPSS
Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pg_signal_backend role. to superuser processes using the pg_signal_backend role. Exploitation of the vulnerability could allow a remote attacker to cause a...
8.8CVSS
9.5AI Score
0.015EPSS
Powering the future of ThreatDown with AI
Nobody can deny the influence of AI today. In just a few years, we have observed AI's capacity to be as transformative as the internet and smartphones, especially for cybersecurity. Indeed, the potential of AI to radically simplify complex security environments is unmistakable, and aligns closely.....
7AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 18, 2024 to March 24, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 94 vulnerabilities disclosed in 81 WordPress.....
9.9CVSS
9.4AI Score
0.001EPSS
Masa Network Integrates with LayerZero to Power Its Cross-chain AI Data Network
By Waqas Masa Network’s AI Data Marketplace will be an interoperable network for the world’s personal data, launching across multiple blockchains from day one. This is a post from HackRead.com Read the original post: Masa Network Integrates with LayerZero to Power Its Cross-chain AI Data...
7.3AI Score
Welcome to this week's threat source newsletter with Jon out, you've got me as your substitute teacher. I'm taking you back to those halcyon days of youth and that moment when you found out that you had a sub that day, will I be the teacher that just rolls in the TV cart and delivers the single...
7.7AI Score
From ChatBot To SpyBot: ChatGPT Post Exploitation
In the second installment of our blog post series on ChatGPT, we delve deeper into the security implications that come with the integration of AI into our daily routines. Building on the discoveries shared in our initial post, "XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT," where we...
6.1AI Score
New Webinar: Avoiding Application Security Blind Spots with OPSWAT and F5
Considering the ever-changing state of cybersecurity, it's never too late to ask yourself, "am I doing what's necessary to keep my organization's web applications secure?" The continuous evolution of technology introduces new and increasingly sophisticated threats daily, posing challenges to...
7AI Score
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through...
9.1CVSS
6.9AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through...
9.1CVSS
9.3AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through...
6.8CVSS
6.8AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through...
6.8CVSS
6.7AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through...
6.8CVSS
6.9AI Score
0.0004EPSS
CVE-2024-29100 WordPress AI Engine plugin <= 2.1.4 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through...
9.1CVSS
9.4AI Score
0.0004EPSS