SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL...
9.8CVSS
9.9AI Score
0.001EPSS
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL...
9.9CVSS
8.2AI Score
0.001EPSS
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command...
9.8CVSS
7.5AI Score
0.001EPSS
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command...
9.1CVSS
9.4AI Score
0.001EPSS
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command...
9.1CVSS
7.1AI Score
0.001EPSS
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL...
9.9CVSS
9.9AI Score
0.001EPSS
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL...
9.9CVSS
7.7AI Score
0.001EPSS
How to Lead an Army of Digital Sleuths in the Age of AI
Eliot Higgins and his 28,000 forensic foot soldiers at Bellingcat have kept a miraculous nose for truth—and a sharp sense of its limits—in Gaza, Ukraine, and everywhere else atrocities hide...
7.4AI Score
gradio is vulnerable to Command Injection. The vulnerability is due to improper neutralization of special elements within the test-functional.yml CI work flow, which results in unauthorized modification of the base repository or exfiltration of the GITHUB_TOKEN, COMMENT_TOKEN, or...
7.5CVSS
6.7AI Score
0.0004EPSS
7.4AI Score
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages qemu - Machine emulator and virtualizer Details USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in certain environments. This update fixes the...
8.8CVSS
8.3AI Score
0.002EPSS
Ubuntu 20.04 LTS / 22.04 LTS : QEMU regression (USN-6567-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6567-2 advisory. USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in...
8.8CVSS
7.8AI Score
0.002EPSS
FreeBSD : cyrus-imapd -- unbounded memory allocation (14908bda-232b-11ef-b621-00155d645102)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 14908bda-232b-11ef-b621-00155d645102 advisory. Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2...
6.5CVSS
6.6AI Score
0.0005EPSS
Missing Access Check in TYPO3 CMS
Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to...
7.9AI Score
Missing Access Check in TYPO3 CMS
Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to...
7.9AI Score
Securing AI Development in the Cloud: Navigating the Risks and Opportunities
AI-TRiSM - Trust, Risk and Security Management in the Age of AI Co-authored by Lara Sunday and Pojan Shahrivar As artificial intelligence (AI) and machine learning (ML) technologies continue to advance and proliferate, organizations across industries are investing heavily in these transformative...
7.4AI Score
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1813-1)
The remote host is missing an update for...
7.5AI Score
Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Db2 Database Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s)...
6.8AI Score
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through...
7.2CVSS
9.4AI Score
0.0005EPSS
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through...
9.1CVSS
7.3AI Score
0.0005EPSS
CVE-2024-34792 WordPress Dextaz Ping plugin <= 0.65 - Remote Code Execution (RCE) vulnerability
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through...
9.1CVSS
9.4AI Score
0.0005EPSS
CVE-2024-34792 WordPress Dextaz Ping plugin <= 0.65 - Remote Code Execution (RCE) vulnerability
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through...
9.1CVSS
7AI Score
0.0005EPSS
Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number.....
7.5AI Score
A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...
7.5CVSS
7.4AI Score
0.0004EPSS
A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...
7.5CVSS
7.7AI Score
0.0004EPSS
A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...
7.5CVSS
6.9AI Score
0.0004EPSS
CVE-2024-4253 Command Injection in gradio-app/gradio
A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...
7.5CVSS
7.2AI Score
0.0004EPSS
CVE-2024-4253 Command Injection in gradio-app/gradio
A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...
7.5CVSS
7.7AI Score
0.0004EPSS
FreeBSD : chromium -- multiple security fixes (b058380e-21a4-11ef-8a0f-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b058380e-21a4-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 11 security fixes: Tenable has extracted the...
9.8AI Score
0.0004EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
This week on the Lock and Code podcast… This is a story about how the FBI got everything it wanted. For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal...
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by.....
6.3AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through...
7.6CVSS
8.1AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through...
7.6CVSS
8AI Score
0.0004EPSS
Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...
6.9AI Score
CVE-2024-35630 WordPress WP TripAdvisor Review Slider plugin <= 12.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through...
7.6CVSS
7.7AI Score
0.0004EPSS
CVE-2024-35630 WordPress WP TripAdvisor Review Slider plugin <= 12.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through...
7.6CVSS
8.1AI Score
0.0004EPSS
RHEL 5 : firefox (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Malicious Extension could obtain auth codes from OAuth login flows (CVE-2020-6823) Mozilla...
9.8CVSS
7.1AI Score
0.579EPSS
RHEL 6 : firefox (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Type confusion for special arguments in IonMonkey (CVE-2020-15656) Mozilla: Malicious Extension...
9.8CVSS
7.8AI Score
0.012EPSS
RHEL 7 : firefox (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Type confusion for special arguments in IonMonkey (CVE-2020-15656) Mozilla: Malicious Extension...
9.8CVSS
6.9AI Score
0.012EPSS
RHEL 7 : cifs-utils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. cifs-utils: stack-based buffer overflow mount.cifs may lead to local privilege escalation to root ...
7.8CVSS
8.2AI Score
0.002EPSS
RHEL 7 : postgresql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. postgresql: Uncontrolled search path element in pg_dump and other client applications (CVE-2018-1058) It...
8.8CVSS
7.4AI Score
0.005EPSS
RHEL 8 : librsvg2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. librsvg: Arbitrary file read when xinclude href has special characters (CVE-2023-38633) Note that Nessus has not...
5.5CVSS
5.5AI Score
0.002EPSS
RHEL 8 : firefox (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Type confusion for special arguments in IonMonkey (CVE-2020-15656) Mozilla: Malicious Extension...
9.8CVSS
6.1AI Score
0.012EPSS
[SECURITY] Fedora 39 Update: rust-sd-1.0.0-2.fc39
Intuitive find & replace CLI. * Painless regular expressions sd uses regex syntax that you already know from JavaScript and Python. Forget about dealing with quirks of sed or awk - get productive immediately. * String-literal mode Non-regex find & replace. No more backslashes or...
7.2AI Score
I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....
7.4AI Score
Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker.....
7.4AI Score
0.0004EPSS