Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker.....
7.1AI Score
0.0004EPSS
Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker.....
7.1AI Score
0.0004EPSS
Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker.....
7.5AI Score
0.0004EPSS
Fedora 39 : roundcubemail (2024-a591b4dc74)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a591b4dc74 advisory. Release 1.6.7 - Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313) - Fix bug where HTML entities in URLs were not decoded on HTML to plain...
6.6AI Score
Fedora 40 : roundcubemail (2024-680b8ba54e)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-680b8ba54e advisory. Release 1.6.7 - Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313) - Fix bug where HTML entities in URLs were not decoded on HTML to plain...
6.6AI Score
TYPO3 Brute Force Protection Bypass in backend login
The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more...
7.1AI Score
TYPO3 Brute Force Protection Bypass in backend login
The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more...
7.1AI Score
CVE-2024-2421 LenelS2 NetBox Improper Neutralization of Special Elements
LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated...
7.6AI Score
0.0004EPSS
CVE-2024-2421 LenelS2 NetBox Improper Neutralization of Special Elements
LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated...
8AI Score
0.0004EPSS
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...
9.8CVSS
8.7AI Score
0.039EPSS
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...
9.8CVSS
7.2AI Score
0.039EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by.....
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by.....
7.4AI Score
0.0004EPSS
CVE-2024-36905 tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by.....
7.3AI Score
0.0004EPSS
CVE-2024-36905 tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by.....
6.7AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
9.8CVSS
10AI Score
0.035EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through...
7.2AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through...
7.6AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: LenelS2 Equipment: NetBox Vulnerabilities: Use of Hard-coded Password, OS Command Injection, Argument Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
9.3AI Score
0.0004EPSS
CVE-2024-1100 SQLi in Vadi Corporate Information Systems' DIGIKENT GIS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through...
7.2AI Score
0.0004EPSS
CVE-2024-1100 SQLi in Vadi Corporate Information Systems' DIGIKENT GIS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through...
7.7AI Score
0.0004EPSS
U.S. Dismantles World's Largest 911 S5 Botnet with 19 Million Infected Devices
The U.S. Department of Justice (DoJ) on Wednesday said it dismantled what it described as "likely the world's largest botnet ever," which consisted of an army of 19 million infected devices that was leased to other threat actors to commit a wide array of offenses. The botnet, which has a global...
7.5AI Score
ethyca-fides is vulnerable to Partial Password Leakage. The vulnerability is due to improper sanitization/redaction of the SQLAlchemy password string in error logs, which partially exposes the database password when special characters are used inside the...
2.3CVSS
7.2AI Score
0.0004EPSS
EulerOS 2.0 SP12 : python-jinja2 (EulerOS-SA-2024-1749)
According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is...
6.1CVSS
6.8AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by.....
6.9AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-1772)
The remote host is missing an update for the Huawei...
6.1CVSS
6.9AI Score
0.001EPSS
EulerOS 2.0 SP12 : python-jinja2 (EulerOS-SA-2024-1772)
According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is...
6.1CVSS
6.8AI Score
0.001EPSS
FreeBSD : chromium -- security fix (6926d038-1db4-11ef-9f97-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6926d038-1db4-11ef-9f97-a8a1599412c6 advisory. Chrome Releases reports: This update includes 1 security fix: Tenable has extracted the preceding...
8.8CVSS
6.4AI Score
0.003EPSS
A Bootiful Podcast: Microsoft's Sandra Ahlgrimm on cloud, Java, AI, and more
Hi, Spring fans, from the amazing Spring IO conference in Barcelona, Spain! In this interview I talked to Microsoft's Sandra Ahlgrimm on all things cloud, Java, AI, and more. Also, a special and quick discussion with Spring IO founder Sergi Almar, who was last on the show in, I think,...
7.1AI Score
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-1749)
The remote host is missing an update for the Huawei...
6.1CVSS
6.9AI Score
0.001EPSS
FreeBSD : nginx-devel -- Multiple Vulnerabilities in HTTP/3 (320a19f7-1ddd-11ef-a2ae-8c164567ca3c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 320a19f7-1ddd-11ef-a2ae-8c164567ca3c advisory. The nginx development team reports: This update fixes the following vulnerabilities: Tenable...
6.5CVSS
7.2AI Score
0.0004EPSS
Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...
2.3CVSS
6.8AI Score
0.0004EPSS
Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...
2.3CVSS
6.6AI Score
0.0004EPSS
Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...
2.3CVSS
3.5AI Score
0.0004EPSS
CVE-2024-34715 Partial Password Exposure Vulnerability in Fides Webserver Logs
Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...
2.3CVSS
3.4AI Score
0.0004EPSS
CVE-2024-34715 Partial Password Exposure Vulnerability in Fides Webserver Logs
Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...
2.3CVSS
6.7AI Score
0.0004EPSS
6 insights from Microsoft’s 2024 state of multicloud risk report to evolve your security strategy
Multicloud computing has become the foundation for digital businesses, with 86% of organizations having already adopted a multicloud approach.1 However, for all its benefits around increased agility, flexibility, and choice, we also see unique challenges with multicloud—including the need to...
7.1AI Score
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...
2.3CVSS
6.9AI Score
0.0004EPSS
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...
2.3CVSS
7.2AI Score
0.0004EPSS
(RHSA-2024:3467) Important: Red Hat OpenStack Platform 16.1 (etcd) security update
A highly-available key value store for shared configuration Security Fix(es): Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform (CVE-2024-4438) Incomplete fix for CVE-2021-44716 in OpenStack Platform (CVE-2024-4437) Incomplete fix for CVE-2022-41723 in OpenStack Platform...
7.3AI Score
0.732EPSS
Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group
A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks targeting individuals and organizations in the software and information technology, education, and defense industrial base sectors with ransomware and bespoke malware previously...
7.4AI Score
RHEL 8 : Red Hat OpenStack Platform 16.1 (etcd) (RHSA-2024:3467)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3467 advisory. A highly-available key value store for shared configuration Security Fix(es): * Incomplete fix for CVE-2023-39325/CVE-2023-44487 in...
7.5CVSS
8AI Score
0.732EPSS
FreeBSD : OpenSSL -- Use after free vulnerability (73a697d7-1d0f-11ef-a490-84a93843eb75)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 73a697d7-1d0f-11ef-a490-84a93843eb75 advisory. The OpenSSL project reports: Use After Free with SSL_free_buffers (low). Calling the OpenSSL API...
6.6AI Score
EPSS
dbt allows Binding to an Unrestricted IP Address via socketsocket
Summary Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address....
5.3CVSS
6.5AI Score
0.0004EPSS
dbt allows Binding to an Unrestricted IP Address via socketsocket
Summary Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address....
5.3CVSS
6.9AI Score
0.0004EPSS
Indian National Pleads Guilty to $37 Million Cryptocurrency Theft Scheme
An Indian national has pleaded guilty in the U.S. over charges of stealing more than $37 million by setting up a website that impersonated the Coinbase cryptocurrency exchange platform. Chirag Tomar, 30, pleaded guilty to wire fraud conspiracy, which carries a maximum sentence of 20 years in...
7.5AI Score
Trusted relationship attacks: trust, but verify
IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...
7.8AI Score
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as CVE-2024-5035, carries a CVSS score of 10.0. It impacts all versions...
9.8CVSS
8.5AI Score
0.0004EPSS
MediaWiki < 1.39.7, 1.40.x < 1.40.3, 1.41.x < 1.41.1 Multiple Vulnerabilities - Linux
MediaWiki is prone to multiple...
6.4AI Score
0.0004EPSS