Insecure Unserialize in TYPO3 Import/Export
Failing to properly validate incoming import data, the Import/Export component is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is...
7AI Score
Insecure Unserialize in TYPO3 Import/Export
Failing to properly validate incoming import data, the Import/Export component is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is...
7AI Score
Financial sextortion scams on the rise
“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charlie....
6.8AI Score
[SECURITY] Fedora 40 Update: keepassxc-2.7.8-2.fc40
KeePassXC is a community fork of KeePassX KeePassXC is an application for people with extremely high demands on secure personal data management. KeePassXC saves many different information e.g. user names, passwords, urls, attachemts and comments in one single database. For a better management...
6.5AI Score
0.0004EPSS
Easy Table of Contents < 2.0.66 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed PoC You should create new post with two more heading. Go to the settings of the plugin...
5.2AI Score
0.0004EPSS
Easy Table of Contents < 2.0.66 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...
5.9AI Score
0.0004EPSS
Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CC-Link IE TSN Industrial Managed Switch Vulnerabilities: Observable Timing Discrepancy, Double Free 2. RISK EVALUATION Successful exploitation of these...
7.5CVSS
8.2AI Score
0.002EPSS
Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine
A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike and seize control of the compromised hosts. The attack chain, per Fortinet FortiGuard Labs, involves a Microsoft Excel file that carries an embedded VBA macro to...
7.4AI Score
typo3/cms-core is vulnerable to Broken Access Control. The vulnerability is due to improper restriction of import functionality, which normally is limited to admin users or those with explicit user TSconfig settings. The vulnerability enables file uploads bypassing file abstraction layer...
7.1AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
Microsoft is named a leader in the Forrester Wave for XDR
“Defenders think in lists, attackers think in graphs.”1 This remains a reality for the many organizations that operate across siloed security tools, fueling the demand on security operations (SOC) teams, as advanced cyberattacks continue to increase in frequency and speed. That’s where extended...
6.8AI Score
Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...
6.9AI Score
RHEL 4 : xfig (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Xfig, Transfig: Stack-based buffer overflow by loading malformed .FIG files (CVE-2009-4228) Xfig:...
7.3AI Score
0.171EPSS
7.4AI Score
7.4AI Score
RHEL 6 : xfig (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Xfig, Transfig: Stack-based buffer overflow by loading malformed .FIG files (CVE-2009-4228) Xfig:...
7.3AI Score
0.171EPSS
RHEL 7 : gimp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gimp: Heap-based buffer overflow in read_channel_data function in plug-ins/common/file-psp.c ...
9.1CVSS
7.6AI Score
0.002EPSS
7.4AI Score
7.4AI Score
7.4AI Score
RHEL 5 : xfig (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Xfig, Transfig: Stack-based buffer overflow by loading malformed .FIG files (CVE-2009-4228) Xfig:...
7.3AI Score
0.171EPSS
RHEL 9 : nodejs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552) Versions of the...
7.5CVSS
7.8AI Score
EPSS
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
RHEL 8 : nodejs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nodejs: Unitialized buffer due to incorrect encoding (CVE-2017-15897) nodejs: integrity checks according...
7.5CVSS
7.9AI Score
EPSS
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....
5.5CVSS
6.3AI Score
0.0004EPSS
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....
5.5CVSS
6.3AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: rust-cargo-readme-3.3.1-3.fc39
A cargo subcommand to generate README.md content from doc...
7.2AI Score
10CVSS
6.7AI Score
0.001EPSS
Aquatronica Control System 5.1.6 Password Disclosure Exploit
Aquatronica Control System version 5.1.6 has a tcp.php endpoint on the controller that is exposed to unauthenticated attackers over the network. This vulnerability allows remote attackers to send a POST request which can reveal sensitive configuration information, including plaintext passwords....
7.5AI Score
7.5CVSS
6.7AI Score
0.013EPSS
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it...
7.1CVSS
6.7AI Score
0.001EPSS
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it...
7.1CVSS
6.8AI Score
0.001EPSS
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it...
7.1CVSS
6.8AI Score
0.001EPSS
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it...
7.1CVSS
6.5AI Score
0.001EPSS
7.5CVSS
7.1AI Score
EPSS
7.5AI Score
7.4AI Score
Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.
More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users' access to the internet. The mysterious event, which took place between October 25 and 27, 2023,....
7.6AI Score
7.5AI Score
How to tell if a VPN app added your Windows device to a botnet
On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a.....
7.2AI Score
I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....
7.4AI Score
symfony is vulnerable to Code Injection. The vulnerability is due to lack of CSRF protection for the import/export feature, allowing attackers to exploit the PHP serialized string...
6.9AI Score
EPSS