In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource...
6.9AI Score
In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource...
6.4AI Score
SimpleSAMLphp Reflected Cross-site Scripting vulnerability
Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via an....
6AI Score
SimpleSAMLphp Reflected Cross-site Scripting vulnerability
Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via an....
6AI Score
Treasury Sanctions Creators of 911 S5 Proxy Botnet
The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....
7.3AI Score
silverstripe/userforms file upload exposure on UserForms module
The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...
7AI Score
silverstripe/userforms file upload exposure on UserForms module
The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...
7AI Score
formwork Cross-site scripting vulnerability in Markdown fields
Impact Users with access to the administration panel with page editing permissions could insert <script> tags in markdown fields, which are exposed on the publicly accessible site pages, leading to potential XSS injections. Patches Formwork 1.13.0 has been released with a patch that solves th...
5.5AI Score
formwork Cross-site scripting vulnerability in Markdown fields
Impact Users with access to the administration panel with page editing permissions could insert <script> tags in markdown fields, which are exposed on the publicly accessible site pages, leading to potential XSS injections. Patches Formwork 1.13.0 has been released with a patch that solves th...
5.5AI Score
In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource...
6.6AI Score
In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource...
6.9AI Score
INE Security Enables CISOs to Secure Board Support for Cybersecurity Training
By Cyber Newswire Cary, United States, 28th May 2024, CyberNewsWire This is a post from HackRead.com Read the original post: INE Security Enables CISOs to Secure Board Support for Cybersecurity...
7.2AI Score
(RHSA-2024:3427) Important: kpatch-patch security update
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086) For more details about the security...
6.9AI Score
0.0004EPSS
Trusted relationship attacks: trust, but verify
IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...
7.8AI Score
silverstripe/framework allows upload of dangerous file types
Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...
7.2AI Score
silverstripe/framework allows upload of dangerous file types
Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...
7.2AI Score
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
6.9AI Score
Best Practices for Cloud Computing Security
By Owais Sultan Cloud security is crucial for businesses. Here are vital tips to safeguard your data, including choosing a secure… This is a post from HackRead.com Read the original post: Best Practices for Cloud Computing...
7.3AI Score
SilverStripe is vulnerable to Authentication Bypass. The vulnerability is caused by providing an empty token parameter with secure token parameters like isDev or flush, allowing bypass of normal authentication...
7.4AI Score
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
6.8AI Score
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
8.3CVSS
7.1AI Score
CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
6.9AI Score
Hajj Pilgrimage Hit by Extensive Phishing and Data Theft Scams
By Waqas Planning to perform Hajj this year? Ensure your journey to Saudi Arabia is secure and avoid online scams that could jeopardize your life savings and personal data. This is a post from HackRead.com Read the original post: Hajj Pilgrimage Hit by Extensive Phishing and Data Theft...
7.2AI Score
Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...
6.4AI Score
A vulnerability in the Botan C++ cryptographic library is related to improper certificate validation. Exploitation of the vulnerability could allow an attacker acting remotely to spoof OCSP...
7.1AI Score
0.001EPSS
A vulnerability in the Git distributed version control system exists due to a process control issue. Exploitation of the vulnerability could allow an attacker to execute arbitrary code when cloning specially crafted local repositories A vulnerability in the Git distributed version control system...
7.9AI Score
0.0004EPSS
A vulnerability in the CONNECT v5 component of the Mosquitto message broker is related to a lack of memory release after an effective lifetime. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A...
7.1AI Score
0.0004EPSS
Vulnerabilities in the idna.encode() functions of the Internationalized Domain Names in Applications (IDNA) are associated with an uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial...
7.1AI Score
7.5AI Score
0.002EPSS
[SECURITY] Fedora 40 Update: rust-bindgen-cli-0.69.4-2.fc40
Automatically generates Rust FFI bindings to C and C++...
7.3AI Score
7.1CVSS
6.9AI Score
0.001EPSS
JA4+ - Suite Of Network Fingerprinting Standards
JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....
7AI Score
Summary A privilege escalation vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-4185 DESCRIPTION: IBM InfoSphere Information Server containers are vulnerable to privilege escalation due to an insecurely configured component. CVSS Base Score:...
8.4AI Score
0.001EPSS
7.5AI Score
0.002EPSS
UK PSTI? You’ll need a Vulnerability Disclosure Program!
If you are distributing or selling smart devices in to the UK market, your products will need to be compliant with the UK Product Security and Telecommunications Act. One of the three mandatory areas is that you have a vulnerability disclosure program (VDP) In the supporting materials for the Act,....
7.4AI Score
bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...
7.6AI Score
0.0004EPSS
virt:ol and virt-devel:rhel security and enhancement update
hivex libguestfs [1.44.0-9.0.2] - libguestfs.spec: Add btrfs-progs RPM to appliance [Orabug: 35634755] [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] -...
8.3AI Score
0.001EPSS
Cisco Secure Email and Web Manager Multiple Vulnerabilities (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)
According to its self-reported version, Cisco Secure Email and Web Manager is affected by multiple vulnerabilities. A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email could allow an authenticated, remote attacker to conduct an XSS attack...
7.3AI Score
Cisco Secure Web Appliance XSS (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker...
5.5AI Score
Ivanti Policy Secure 22.x XSS Vulnerability
The Ivanti Policy Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a CRLF vulnerability. This vulnerability allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack. Note that...
6.1AI Score
Cisco Secure Client NAM Module Privilege Escalation (cisco-sa-secure-nam-priv-esc-szu2vYpZ)
A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit...
8AI Score
python39:3.9 and python39-devel:3.9 security update
mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core dumped upon file upload >= 1GB Resolves: rhbz#2125172 [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt...
6.7AI Score
0.005EPSS
A vulnerability in the rl_safe_eval() function of the ReportLab library is related to incorrect code generation control. Exploitation of the vulnerability could allow a remote attacker to bypass security restrictions and execute arbitrary code. security restrictions and execute arbitrary code...
8.2AI Score
0.006EPSS
Ivanti Connect Secure 9.x / 22.x XSS Vulnerability
The Ivanti Connect Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a CRLF vulnerability. This vulnerability allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack. Note that...
6.1AI Score
A vulnerability in Ruby Sinatra web application development framework is related to code loading without checking its integrity. of its integrity. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...
6.8AI Score
0.002EPSS
SBOM support in Spring Boot 3.3
Spring Boot 3.3.0 has been released, and it contains support for SBOMs. SBOM stands for "Software Bill of Materials" and describes the components used to build a software artifact. In the context of this blog post, that's your Spring Boot application. These SBOMs are useful because they describe...
6.5AI Score
babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...
6.7AI Score
0.005EPSS
Stark Industries Solutions: An Iron Hammer in the Cloud
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....
6.8AI Score
TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices...
5CVSS
7.5AI Score
0.001EPSS
CVE-2024-5244 TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability
TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices...
7.1AI Score
0.001EPSS