April 9, 2024-KB5037034 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.7.2 and 4.8 Summary This article describes the security and cumulative update for 3.5, 4.7.2 and 4.8 for...
7.3CVSS
8.2AI Score
0.0004EPSS
April 9, 2024-Security Only Update for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2008 R2 SP1 (KB5037127) Applies to: Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2....
7.3CVSS
8AI Score
0.0004EPSS
April 9, 2024-KB5037033 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows Server 2022 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows Server 2022. **...
7.3CVSS
8.2AI Score
0.0004EPSS
April 9, 2024-KB5037087 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Azure Stack HCI, version 22H2 Release Date: April 9, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Azure Stack HCI,...
7.3CVSS
8.2AI Score
0.0004EPSS
Cisco Emergency Responder Multiple Vulnerabilities (cisco-sa-cem-csrf-suCmNjFr)
According to its self-reported version, Cisco Emergency Responder is affected by multiple vulnerabilities. A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary...
4.9CVSS
7.9AI Score
0.0004EPSS
April 9, 2024-KB5036617 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 Release Date: April 9, 2024 Version: .NET Framework 3.5 and 4.8.1 The April 9, 2024 update for Microsoft server operating system, version 23H2 includes security and...
7.3CVSS
8.2AI Score
0.0004EPSS
Oracle Linux 8 : nodejs:20 (ELSA-2024-1687)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1687 advisory. On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with...
7.9CVSS
7.1AI Score
EPSS
Oracle Linux 9 : nodejs:20 (ELSA-2024-1688)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1688 advisory. A vulnerability in the privateDecrypt() API of the crypto library, allowed a covert timing side-channel during PKCS#1 v1.5 padding error handling....
7.9CVSS
7.1AI Score
EPSS
7.4AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle, gradle-bootstrap (SUSE-SU-2024:1119-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1119-1 advisory. The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for...
9.8CVSS
9.4AI Score
0.006EPSS
home-teach.ru Cross Site Scripting vulnerability OBB-3906267
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Alleged Home Depot Data Breach: IntelBroker Leaks 22,000 Employee Data
By Waqas Another day, another data breach by IntelBroker hacker targeting a US-based giant! This is a post from HackRead.com Read the original post: Alleged Home Depot Data Breach: IntelBroker Leaks 22,000 Employee...
7.3AI Score
Cisco Unified Communications Manager IM & Presence XSS (cisco-sa-cucm-imps-xss-quWkd9yF)
According to its self-reported version, Cisco Unified Communications Manager IM & Presence running on the report host is affected by a coss-site scripting (XSS) vulnerability. The vulnerability exists in the web-based management interface due to improper validation of user-supplied input before...
6.1CVSS
6.8AI Score
0.0004EPSS
There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the...
6.1CVSS
6.6AI Score
0.0004EPSS
There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the...
6.1CVSS
6.6AI Score
0.0004EPSS
There is a difficult to exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 10.8.1 through 11.2 on Windows and Linux, and ArcGIS Enterprise 11.1 and below on Kubernetes which, under unique circumstances, could potentially allow a remote,...
8.5CVSS
8.6AI Score
0.0004EPSS
There is a difficult to exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 10.8.1 through 11.2 on Windows and Linux, and ArcGIS Enterprise 11.1 and below on Kubernetes which, under unique circumstances, could potentially allow a remote,...
8.5CVSS
7AI Score
0.0004EPSS
CVE-2024-25699 Portal for ArcGIS has an invalid authentication vulnerability
There is a difficult to exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 10.8.1 through 11.2 on Windows and Linux, and ArcGIS Enterprise 11.1 and below on Kubernetes which, under unique circumstances, could potentially allow a remote,...
8.5CVSS
8.8AI Score
0.0004EPSS
CVE-2024-25698 Reflected XSS in Portal for ArcGIS
There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the...
6.1CVSS
6.5AI Score
0.0004EPSS
Jackson County hit by ransomware, declares state of emergency
On April 2, 2024, Jackson County tweeted that it had identified significant disruptions within its IT systems, "potentially attributable to a ransomware attack". Jackson County is one of 114 counties in Missouri, with a population of approximately 718,000 people, mostly in Kansas City. We have...
6.9AI Score
my-home-zen-spa.com Cross Site Scripting vulnerability OBB-3902522
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Fake Lawsuit Threat Exposes Privnote Phishing Sites
A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and...
6.7AI Score
Nextcloud: Weak ssh algorithms and CVE-2023-48795 Discovered on various subdomains of nextcloud.com
Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection's security by breaking the integrity of the secure channel. Called Terrapin (CVE-2023-48795, CVSS...
5.9CVSS
7.4AI Score
0.963EPSS
An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System (Hardware Rev B1) truncates Wireless Access Point Passwords (WPA-PSK) allowing an attacker to gain unauthorized network access via weak authentication...
7.2AI Score
0.0004EPSS
An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System (Hardware Rev B1) truncates Wireless Access Point Passwords (WPA-PSK) allowing an attacker to gain unauthorized network access via weak authentication...
6.9AI Score
0.0004EPSS
Google Chrome gets ‘Device Bound Session Credentials’ to stop cookie theft
Google has announced the introduction of Device Bound Session Credentials (DBSC) to secure Chrome users against cookie theft. In January we reported how hackers found a way to gain unauthorized access to Google accounts, bypassing multi-factor authentication (MFA), by stealing authentication...
7.4AI Score
Hello fellow readers! Have you ever wondered how the GitHub Security Lab performs security research? In this post, you'll learn how we leverage GitHub products and features such as code scanning, CodeQL, Codespaces, and private vulnerability reporting. By the time we conclude, you'll have mastered....
6.9AI Score
apache_airflow is vulnerable to a Information Disclosure. The vulnerability is due to an insecure umask configuration in numerous Airflow components when running with the --daemon flag, resulting in a race condition that results in setting files within the airflow home directory world writable...
4.7CVSS
6.5AI Score
0.0004EPSS
An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System (Hardware Rev B1) truncates Wireless Access Point Passwords (WPA-PSK) allowing an attacker to gain unauthorized network access via weak authentication...
7.2AI Score
0.0004EPSS
Challenges Drive Career Growth: Meet Rudina Tafhasaj
Starting a career for the first time in a new country can be intimidating. For Rudina Tafhasaj, her path to Senior Application Engineer at Rapid7 was paved with both unique challenges, and incredible rewards. Growing up, Rudina was inspired to get into technology by her older brother. “He loved...
6.9AI Score
Adversaries are leveraging remote access tools now more than ever — here’s how to stop them
Remote system management/desktop access tools such as AnyDesk and TeamViewer have grown in popularity since 2020. While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns. There is no easy way to effectively...
7.3AI Score
Microsoft Windows 10 1909 Pro SEoL
Microsoft Windows 10 1909 Pro is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 1803 Home SEoL
Microsoft Windows 10 1803 Home is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 1803 Pro SEoL
Microsoft Windows 10 1803 Pro is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 21H2 Home SEoL
Microsoft Windows 10 21H2 Home is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 2004 SEoL
Microsoft Windows 10 2004 is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 20H2 Business SEoL
Microsoft Windows 10 20H2 Business is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 1507 Home SEoL
Microsoft Windows 10 1507 Home is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 1607 Pro SEoL
Microsoft Windows 10 1607 Pro is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 22H2 SEoL
Microsoft Windows 10 22H2 is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 1703 Pro SEoL
Microsoft Windows 10 1703 Pro is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 1809 Home SEoL
Microsoft Windows 10 1809 Home is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 1903 SEoL
Microsoft Windows 10 1903 is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 1607 Home SEoL
Microsoft Windows 10 1607 Home is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Microsoft Windows 10 1709 Home SEoL
Microsoft Windows 10 1709 Home is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
9.8CVSS
7.1AI Score
0.006EPSS
9.8CVSS
7.1AI Score
0.006EPSS
Microsoft Windows 10 1709 Pro SEoL
Microsoft Windows 10 1709 Pro is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score
Oracle Enterprise Manager Agent (January 2023 CPU)
The 13.4.0.0 and 13.5.0.0 versions of Enterprise Manager Base Platform installed on the remote host are affected by a vulnerability as referenced in the January 2023 CPU advisory. Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...
9.8CVSS
9.9AI Score
0.972EPSS
Microsoft Windows 10 21H2 Pro SEoL
Microsoft Windows 10 21H2 Pro is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...
7.4AI Score