9.8CVSS
9.8AI Score
0.975EPSS
Exploit for Improper Initialization in Linux Linux Kernel
CVE-2022-0847 CVE-2022-0847 used to achieve container escape...
7.8CVSS
8AI Score
0.076EPSS
Exploit for Improper Initialization in Linux Linux Kernel
CVE-2022-0847 CVE-2022-0847 used to achieve container escape...
7.8CVSS
8AI Score
0.076EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
'Follina' MS-MSDT n-day Microsoft Office RCE—修改版 根据...
7.8CVSS
8.7AI Score
0.961EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
CVE-2022-30190 Microsoft Office Word Rce 复现(CVE-2022-30190)...
7.8CVSS
8.3AI Score
0.961EPSS
7.5CVSS
2.7AI Score
0.026EPSS
9.9AI Score
Exploit for Incorrect Authorization in Vmware Spring Security
CVE-2022-22978 Spring-Security bypass Demo 在Spring...
9.8CVSS
0.7AI Score
0.009EPSS
Exploit for Path Traversal in F5 Big-Ip Access Policy Manager
F5-BIG-IP POC go语言编写CVE-2020-5902 CVE-2021-22986...
7.3AI Score
Exploit for OS Command Injection in Zyxel Usg Flex 100W Firmware
CVE-2022-30525 Zyxel 防火墙命令注入漏洞 CVE-2022-30525 POC&EXP ...
9.8CVSS
-0.5AI Score
0.975EPSS
The Rapid7 Sales Culture and Experience: An Inside Look From 2 VPs
Sales roles are all about people. That holds true not only when you're building relationships with prospects but also in your day-to-day experience on the team. Having the right culture and people around you can make or break your success, satisfaction, and long-term growth. If you're a job seeker....
-0.8AI Score
Open Automation Software OAS Platform文件写入漏洞
Open Automation Software OAS Platform is an industrial Internet of Things (IoT) suite from Open Automation Software, Inc. Open Automation Software OAS Platform V16.00.0112 contains a file-writing vulnerability that can be exploited by attackers to cause remote code execution with specially crafted....
9.8CVSS
6.2AI Score
0.005EPSS
SiteServer CMS sql injection vulnerability
SiteServer CMS is a content management system (CMS) from Beijing Bailong Thousand Domain Software Technology Development Company. SQL injection vulnerability exists in SiteServer CMS V6.15.51. An attacker can exploit this vulnerability to perform sql...
8.8CVSS
2.5AI Score
0.001EPSS
Magento 2 Community Edition DoS vulnerability
A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant.....
7.5CVSS
6.9AI Score
0.001EPSS
Magento 2 Community Edition DoS vulnerability
A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant.....
7.5CVSS
6.9AI Score
0.001EPSS
paypal/adaptivepayments-sdk-php vulnerable to a reflected XSS
paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code...
6.1CVSS
6.4AI Score
0.001EPSS
paypal/adaptivepayments-sdk-php vulnerable to a reflected XSS
paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code...
6.1CVSS
6.4AI Score
0.001EPSS
New Unpatched Bug Could Let Attackers Steal Money from PayPal Users
A security researcher claims to have discovered an unpatched vulnerability in PayPal's money transfer service that could allow attackers to trick victims into unknowingly completing attacker-directed transactions with a single click. Clickjacking, also called UI redressing, refers to a technique...
0.4AI Score
9.8CVSS
9.7AI Score
0.006EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
一、Spring Cloud Gateway远程代码执行漏洞 危害等级:高危 POC/EXP情况:已公开...
10CVSS
10AI Score
0.975EPSS
Cardiologist moonlighted as successful ransomware developer
The US has charged a 55-year-old French-Venezuelan cardiologist from Venezuela with "attempted computer intrusions and conspiracy to commit computer intrusions". This was revealed in an unsealed complaint in a federal court in Brooklyn, New York. Moises Luis Zagala Gonzales worked as a ransomware.....
0.2AI Score
Malicious code in paypal-rest-sample (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (4f5c6beb6bf6ebdd58d3baff1e4017eacb25c5cda9a802eb8dbb5e2d2abbd8b9) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
WordPress Administration Apertas plugin文件包含漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Amministrazione Apertas plugin versions prior to 3.8 have a file inclusion vulnerability that stems.....
6.5CVSS
1.8AI Score
0.002EPSS
U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware
The U.S. Justice Department on Monday accused a 55-year-old cardiologist from Venezuela of being the mastermind behind Thanos ransomware, charging him with the use and sale of the malicious tool and entering into profit sharing arrangements. Moises Luis Zagala Gonzalez, also known by the monikers.....
0.4AI Score
Simple Social Networking Site文件删除漏洞
Simple Social Networking Site is a social networking site. Simple Social Networking Site has a security vulnerability that can be exploited by attackers to delete arbitrary...
4AI Score
Exploit for OS Command Injection in Zyxel Usg Flex 100W Firmware
CVE-2022-30525 Zyxel 防火墙未经身份验证的远程命令注入漏洞 影响组件 USG FLEX...
9.8CVSS
0.3AI Score
0.975EPSS
paypal/permissions-sdk-php reflected Cross-site Scripting (XSS)
paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code...
5.4CVSS
6.4AI Score
0.001EPSS
paypal/permissions-sdk-php reflected Cross-site Scripting (XSS)
paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code...
5.4CVSS
6.3AI Score
0.001EPSS
paypal/invoice-sdk-php reflected XSS
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code...
5.4CVSS
6.4AI Score
0.001EPSS
paypal/invoice-sdk-php reflected XSS
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code...
5.4CVSS
6.3AI Score
0.001EPSS
PayPal PHP Merchant SDK Cross-site scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token...
6.1CVSS
5.9AI Score
0.001EPSS
PayPal PHP Merchant SDK Cross-site scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token...
6.1CVSS
5.9AI Score
0.001EPSS
Exploit for OS Command Injection in Zyxel Usg Flex 100W Firmware
CVE-2022-30525 Zyxel 防火墙未经身份验证的远程命令注入 影响版本 影响组件 USG...
9.8CVSS
0.3AI Score
0.975EPSS
Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was...
5.3CVSS
6.5AI Score
0.002EPSS
Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was...
5.3CVSS
6.5AI Score
0.002EPSS
Esri ArcGIS Enterprise Portal for ArcGIS组件XXE漏洞
Esri ArcGIS Enterprise is a GIS (Geographic Information System) base software system from the Environmental Systems Research Institute (Esri), Inc. The system supports mapping and visualization, analysis, and data management, etc. An XXE vulnerability exists in the Esri ArcGIS Enterprise Portal...
2.8AI Score
WordPress plugin Metform information leakage vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Metform is vulnerable to an information disclosure vulnerability, which stems from...
7.5CVSS
0.1AI Score
0.033EPSS
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...
7.5CVSS
0.033EPSS
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...
7.5CVSS
7.2AI Score
0.033EPSS
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...
7.5CVSS
7.3AI Score
0.033EPSS
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...
7.5CVSS
7.5AI Score
0.033EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4Shell-obfuscated-payloads-generator...
7.3AI Score
7.3AI Score
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
CVE-2022-1388 https://support.f5.com/csp/article/K23605346...
9.8CVSS
1.1AI Score
0.975EPSS
WordPress LifterLMS PayPal plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress LifterLMS PayPal plugin...
6.1CVSS
1.2AI Score
0.001EPSS
Fake Cyberpunk Ape Executives target artists with malware-laden job offer
The wacky world of ape jpegs are at the heart of yet another increasingly bizarre internet scam, which contains malware, stolen accounts, a faint possibility of phishing, and zips full of ape pictures. The Ape Executives have a job offer you can, and must, refuse Lots of people with art profiles...
-1AI Score
Craft fair vendors targeted by fake event scammers on Facebook
A real world scam which sucks the fun out of craft fairs has caused nothing but stress for victims. It may sound bizarre, but it’s actually a fairly popular attack focused on small/self-run business owners selling their own creations. Are you ready for a trip to the craft fair? You’re a small...
-0.3AI Score
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting...
6.1CVSS
6AI Score
0.001EPSS
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting...
6.1CVSS
5.9AI Score
0.001EPSS
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting...
6.1CVSS
0.001EPSS