A vulnerability classified as problematic has been found in Beijing Baichuo Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the...
5.3CVSS
6.5AI Score
0.001EPSS
CVE-2024-0716 Byzoro Smart S150 Management Platform Backup File download.php information disclosure
A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack...
3.1CVSS
5.3AI Score
0.001EPSS
Preventing Data Loss: Backup and Recovery Strategies for Exchange Server Administrators
In the current digital landscape, data has emerged as a crucial asset for organizations, akin to currency. It's the lifeblood of any organization in today's interconnected and digital world. Thus, safeguarding the data is of paramount importance. Its importance is magnified in on-premises Exchange....
7.7AI Score
U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities (KEV) catalog, stating it's being actively exploited in the wild. The...
10CVSS
8.8AI Score
0.969EPSS
Veeam Installer Service Displays Previous Version Despite Being Updated
The method used to update the Veeam Installer Service component does not update the uninstaller version entry, causing the package to appear outdated despite being...
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 8, 2024 to January 14, 2024)
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 67 vulnerabilities disclosed in 60 WordPress Plugins and no WordPress themes that have been added to the Wordfence...
9.8CVSS
9.2AI Score
0.033EPSS
9.8CVSS
7.4AI Score
0.935EPSS
InstaWP Connect < 0.1.0.9 - Missing Authorization to Arbitrary Options Update
Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_management_settings function in all versions up to, and including, 0.1.0.8. This makes it possible for...
6.1AI Score
0.0004EPSS
8.8CVSS
6.7AI Score
0.0004EPSS
Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through...
4.3CVSS
5.5AI Score
0.0004EPSS
Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through...
5.4CVSS
4.6AI Score
0.0004EPSS
Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through...
4.3CVSS
7.1AI Score
0.0004EPSS
Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through...
5.4CVSS
5.8AI Score
0.0004EPSS
Security Bulletin: AIX is vulnerable to cache poisoning due to ISC BIND (CVE-2021-25220)
Summary A vulnerability in ISC BIND could allow a remote attacker to poison the cache (CVE-2021-25220). AIX uses ISC BIND as part of its DNS functions. Vulnerability Details ** CVEID: CVE-2021-25220 DESCRIPTION: **ISC BIND could allow a remote attacker to bypass security restrictions, caused by...
6.8CVSS
6.8AI Score
0.002EPSS
Begin This Exploration: Unraveling the Mysteries of PantheraNegra Malware As new forks in the road of online threats emerge, an innovative peril has cast its shadow in the digital landscape – a danger we have identified as PantheraNegra Malware. What sets PantheraNegra Malware apart? Let's unravel....
7.7AI Score
New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone
Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator. Kaspersky, which analyzed a set of iPhones that were...
6.3AI Score
The evolution of the Kuiper ransomware
Kuiper Ransomware’s Evolution By Max Kersten · January 17, 2024 The Golang-based Kuiper ransomware is presented as an opportunity for other criminals to make money by ransoming one or more targets. Additionally, RobinHood, the actor behind Kuiper, states that help with operations can be provided...
6.5AI Score
The evolution of the Kuiper ransomware
Kuiper Ransomware’s Evolution By Max Kersten · January 17, 2024 The Golang-based Kuiper ransomware is presented as an opportunity for other criminals to make money by ransoming one or more targets. Additionally, RobinHood, the actor behind Kuiper, states that help with operations can be provided...
6.5AI Score
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the...
9.1CVSS
9.2AI Score
0.969EPSS
Summary UPDATED May 17 (Corrected the affected fileset levels for AIX 7.2 TL5 and removed bos.net.tcp.bind 7.2.5.200.): A vulnerability in ISC BIND could allow a remote attacker to cause a denial of service (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795). AIX uses ISC BIND as part...
7.5CVSS
7.2AI Score
0.005EPSS
Ivanti ICS - Authentication Bypass
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control...
9.1CVSS
9AI Score
0.969EPSS
Unified security operations with Microsoft Sentinel and Microsoft Defender XDR
Numerous cybersecurity tools exist to help organizations protect their data, people, and systems. There are different tools that check emails for phishing attempts, secure infrastructure and cloud, and provide generative AI to detect threats and uplevel response beyond human ability. While each of....
7.1AI Score
The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as...
6.1CVSS
6.1AI Score
0.0005EPSS
The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as...
6.1CVSS
6.1AI Score
0.0005EPSS
The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as...
6.1CVSS
6.3AI Score
0.0005EPSS
The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export...
5.6AI Score
0.0005EPSS
CVE-2023-0769 hiWeb Migration Simple <= 2.0.0.1 Reflected Cross-Site Scripting
The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as...
6.2AI Score
0.0005EPSS
Ivanti Connect Secure Unauthenticated Remote Code Execution
This module chains an authentication bypass vulnerability (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported...
9.1CVSS
9.6AI Score
0.969EPSS
A lightweight method to detect potential iOS malware
Introduction In the ever-evolving landscape of mobile security, hunting for malware in the iOS ecosystem is akin to navigating a labyrinth with invisible walls. Imagine having a digital compass that not only guides you through this maze, but also reveals the hidden mechanisms of iOS malware...
6.7AI Score
SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies
Overview A vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences (essentially the end of a single email message) in mail messages. An attacker can use this inconsistency to craft an email message that can bypass SMTP security policies. Description.....
5.3CVSS
5.6AI Score
0.003EPSS
Vulnerabilities in EDK2 NetworkPkg IP stack implementation.
Overview Multiple vulnerabilities were discovered in the TCP/IP stack (NetworkPkg) of Tianocore EDKII, an open source implementation of Unified Extensible Firmware Interface (UEFI). Researchers at Quarkslab have identified a total of 9 vulnerabilities that if exploited via network can lead to...
8.8CVSS
8.9AI Score
0.006EPSS
Introduction to the Universe of Kafka: A Detailed Synopsis Apache Kafka, frequently just labeled as Kafka, is a universally contributed event broadcasting framework, intended to manage live streaming of data. It is engineered to be a bridge for significant volumes of data, offering a mechanism...
7.4AI Score
Description The plugin does not prevent directory listing in sensitive directories containing export...
5.3CVSS
5.8AI Score
0.0005EPSS
Description The plugin does not prevent directory listing in sensitive directories containing export files. PoC 1) Run backup function http://your_site/wordpress/wp-admin/admin.php?page=njt-fastdup#/ 2) During backup creation, you can intercept the following paths:...
5.3CVSS
5.6AI Score
0.0005EPSS
CentOS Errata and Security Advisory CESA-2023:6805 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): squid: Denial of Service in HTTP Digest Authentication (CVE-2023-46847) For more details about the security...
8.6CVSS
6.9AI Score
0.03EPSS
Deciphering the Danger: Decoding Mallox Ransomware. Mallox Ransomware embodies a harmful software element, contributing to an ever-expanding repertoire of digital extortion threats. This cyber menace executes its mission by snaking its way into your computer system, applying a cipher to your data,....
7.2AI Score
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static...
7.5CVSS
7.5AI Score
0.001EPSS
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static...
7.5CVSS
7.5AI Score
0.001EPSS
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static...
7.5CVSS
7.2AI Score
0.001EPSS
CVE-2023-49256 Predictable encryption passphrase used in publicly accessible configuration file
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static...
7.7AI Score
0.001EPSS
2023 Ransomware Stats: A Look Back To Plan Ahead
Last year was not a year for the faint of heart. Organizations of every size found themselves faced with ransomware attacks at varying levels of sophistication, yet every one of them was damaging. And as we step into 2024, the first victims of ransomware attacks are already being reported. What...
6.9AI Score
8.2AI Score
EPSS
A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause.....
5.3CVSS
5.4AI Score
0.001EPSS
A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause.....
5.3CVSS
5.4AI Score
0.001EPSS
An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol...
5.9CVSS
5.8AI Score
0.0005EPSS
An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol...
5.9CVSS
5.8AI Score
0.0005EPSS
A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause.....
5.3CVSS
7.2AI Score
0.001EPSS
An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol...
5.9CVSS
7.3AI Score
0.0005EPSS
A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause.....
5.3CVSS
5.7AI Score
0.001EPSS
An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol...
5.9CVSS
6AI Score
0.0005EPSS