openSUSE: Security Advisory for openssl (SUSE-SU-2024:2066-1)
The remote host is missing an update for...
6.7AI Score
EPSS
openSUSE: Security Advisory for openssl (SUSE-SU-2024:2051-1)
The remote host is missing an update for...
6.7AI Score
EPSS
openSUSE: Security Advisory for podman (SUSE-SU-2024:2050-1)
The remote host is missing an update for...
8.3CVSS
7.4AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
openSUSE: Security Advisory for bouncycastle (SUSE-SU-2024:1539-2)
The remote host is missing an update for...
7.1AI Score
0.0004EPSS
7.8CVSS
7.1AI Score
0.001EPSS
7.2AI Score
0.0004EPSS
openSUSE: Security Advisory for php8 (SUSE-SU-2024:2039-1)
The remote host is missing an update for...
5.3CVSS
5.4AI Score
0.001EPSS
openSUSE: Security Advisory for python (SUSE-SU-2024:2064-1)
The remote host is missing an update for...
7.5CVSS
7.6AI Score
0.001EPSS
Moodle uses the same key for QR login and auto-login
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...
6.9AI Score
0.0004EPSS
Moodle uses the same key for QR login and auto-login
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...
6.9AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...
3.7CVSS
0.0004EPSS
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...
3.7CVSS
4.3AI Score
0.0004EPSS
CVE-2024-6129 spa-cartcms Username login observable behavioral discrepancy
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...
3.7CVSS
0.0004EPSS
PocketBase performs password auth and OAuth2 unverified email linking
In order to be exploited you must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: - a malicious actor register with the targeted user's email (it is unverified) - at some later point in time the targeted user stumble on your app and decides to sign-up with.....
5.4CVSS
6.5AI Score
0.0004EPSS
PocketBase performs password auth and OAuth2 unverified email linking
In order to be exploited you must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: - a malicious actor register with the targeted user's email (it is unverified) - at some later point in time the targeted user stumble on your app and decides to sign-up with.....
5.4CVSS
6.5AI Score
0.0004EPSS
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...
6.6AI Score
0.0004EPSS
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...
0.0004EPSS
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...
6.8AI Score
0.0004EPSS
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...
0.0004EPSS
Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...
5.4CVSS
5.3AI Score
0.0004EPSS
Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...
5.4CVSS
0.0004EPSS
CVE-2024-38351 Password auth and OAuth2 unverified email linking
Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...
5.4CVSS
0.0004EPSS
Explained: Android overlays and how they are used to trick people
Sometimes you’ll see the term "overlays" used in articles about malware and you might wonder what they are. In this post we will try to explain what overlays—particularly on Android devices—are, and how cybercriminals deploy them. Most of the time, overlays are used to make people think they are...
7.2AI Score
43% of couples experience pressure to share logins and locations, Malwarebytes finds
All isn’t fair in love and romance today, as 43% of people in a committed relationship said they have felt pressured by their own partners to share logins, passcodes, and/or locations. A worrying 7% admitted that this type of pressure has included the threat of breaking up or the threat of...
6.8AI Score
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data,...
6.9AI Score
Analysis of user password strength
The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of...
6.9AI Score
XWiki < 4.10.20 - Remote code execution
XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have...
10CVSS
8.2AI Score
0.82EPSS
A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been classified as problematic. Affected is an unknown function of the file /vood/cgi-bin/vood_view.cgi?act=index&lang=EN# of the component Login. The manipulation of the argument errmsg leads to basic cross...
4.3CVSS
0.0004EPSS
A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been classified as problematic. Affected is an unknown function of the file /vood/cgi-bin/vood_view.cgi?act=index&lang=EN# of the component Login. The manipulation of the argument errmsg leads to basic cross...
4.3CVSS
4.4AI Score
0.0004EPSS
CVE-2024-6108 Genexis Tilgin Home Gateway Login cross site scripting
A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been classified as problematic. Affected is an unknown function of the file /vood/cgi-bin/vood_view.cgi?act=index&lang=EN# of the component Login. The manipulation of the argument errmsg leads to basic cross...
4.3CVSS
6.2AI Score
0.0004EPSS
CVE-2024-6108 Genexis Tilgin Home Gateway Login cross site scripting
A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been classified as problematic. Affected is an unknown function of the file /vood/cgi-bin/vood_view.cgi?act=index&lang=EN# of the component Login. The manipulation of the argument errmsg leads to basic cross...
4.3CVSS
0.0004EPSS
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level....
4.3CVSS
6.5AI Score
0.0004EPSS
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level....
4.3CVSS
0.0004EPSS
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level....
4.3CVSS
0.0004EPSS
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level....
4.3CVSS
6.7AI Score
0.0004EPSS
7.5CVSS
7.7AI Score
0.05EPSS
7.5CVSS
5.8AI Score
0.001EPSS
4.4CVSS
7.1AI Score
0.0004EPSS
5.3CVSS
6.6AI Score
0.001EPSS
7.1AI Score
0.0004EPSS
Debian dsa-5714 : roundcube - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5714 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5714-1 [email protected] ...
6.2AI Score
0.0004EPSS
7.1AI Score
EPSS
7.1CVSS
7.5AI Score
0.0004EPSS
Fedora: Security Advisory for mariadb (FEDORA-2024-d61bffd77f)
The remote host is missing an update for...
4.9CVSS
5.2AI Score
0.0005EPSS
Fedora: Security Advisory for galera (FEDORA-2024-d61bffd77f)
The remote host is missing an update for...
4.9CVSS
5.2AI Score
0.0005EPSS
7.1AI Score
EPSS
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...
6.7AI Score
0.0004EPSS
6.7AI Score
EPSS
5.3CVSS
5.7AI Score
0.001EPSS