openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:2859-1)
The remote host is missing an update for...
7.8CVSS
7.4AI Score
0.001EPSS
7.8CVSS
7.3AI Score
0.001EPSS
The Battle Against Business Logic Attacks: Why Traditional Security Tools Fall Short
As the digital landscape continues to evolve, so do the tactics utilized by bad actors that are seeking to exploit application vulnerabilities. Among the most insidious types of attacks are business logic attacks (BLAs). Unlike known attacks, which can be identified by signatures or patterns, such....
8.5AI Score
Business Logic Attacks: Why Should You Care?
Imagine this: You've just launched an amazing new application with top-of-the-line API security, reinforced it with client-side protection, and even set up defenses against bot attacks. You're feeling safe and secure, congratulating yourself on a job well done. But, despite all your efforts, your.....
7.2AI Score
YARPP - Yet Another Related Posts Plugin < 5.30.3 - Subscriber+ SQLi
The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection...
7.5AI Score
0.001EPSS
When Dave Liebenberg started his first day at Talos, he had never even opened Terminal on a Mac before -- let alone written a Snort rule or infiltrated a dark web forum. He jokes that he was a trendsetter at Talos, becoming the first of many to break into security without having any prior...
6.4AI Score
X (Formerly Twitter): Ability to getting Twitter Blue verified badge without purchase it
Summary: Hi there. In this report, I submit a bug about getting Twitter Blue verified badge without purchasing it. Steps To Reproduce: First, you should buy a Twitter Blue subscription for your account. Change the profile photo of your Twitter account 1 day before your Twitter Blue...
6.8AI Score
Ubuntu Server snap-confine must_mkdir_and_open_with_perms() Race Condition Vulnerability
Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu...
7.8CVSS
7.6AI Score
0.0005EPSS
7.8CVSS
-0.6AI Score
0.0005EPSS
CATS - REST API Fuzzer And Negative Testing Tool For OpenAPI Endpoints
REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort! Comprehensive: tests are generated automatically based on a large number scenarios and cover every field and header Intelligent: tests are generated based on data types and...
6.9AI Score
A.S. Watson Group : PII Disclosure At `theperfumeshop.com/register/forOrder`
Summary: Hello there! I found a way to accesing any user's PII (full address, phone number, full name, ** all orders**, payment details [if the victim already saved before] ) who created a order in The Perfume Shop. This is happening via https://theperfumeshop.com/register/forOrder endpoint. I...
7AI Score
Unbreakable Enterprise kernel-container security update
[4.14.35-2047.511.5.2.el7] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33876756] {CVE-2022-0492} - scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33876755] [4.14.35-2047.511.5.1] - arm64, mm, efi: Account for...
7.8CVSS
-0.2AI Score
0.095EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.511.5.2] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33876756] {CVE-2022-0492} - scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33876755] [4.14.35-2047.511.5.1] - arm64, mm, efi: Account for GICv3...
7.8CVSS
-0.2AI Score
0.095EPSS
alp-bayern.de Improper Access Control vulnerability OBB-2232377
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.6AI Score
There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly...
4.6CVSS
4.7AI Score
0.001EPSS
There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly...
4.6CVSS
0.001EPSS
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a...
7.8CVSS
7.9AI Score
0.001EPSS
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a...
7.8CVSS
7.9AI Score
0.001EPSS
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a...
7.8CVSS
7.9AI Score
0.001EPSS
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a...
7.9AI Score
0.001EPSS
There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful...
4.6CVSS
0.001EPSS
There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful...
4.7AI Score
0.001EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2020-1586)
The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-0404: In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local ...
7.8CVSS
8AI Score
EPSS