RSSHub vulnerable to Server-Side Request Forgery
Summary Serveral Server-Side Request Forgery (SSRF) vulnerabilities in RSSHub allow remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. Details...
6.5CVSS
7AI Score
0.001EPSS
RSSHub vulnerable to Server-Side Request Forgery
Summary Serveral Server-Side Request Forgery (SSRF) vulnerabilities in RSSHub allow remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. Details...
6.5CVSS
6.9AI Score
0.001EPSS
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack....
5.5CVSS
6.8AI Score
0.001EPSS
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection...
7.7CVSS
6.9AI Score
0.003EPSS
Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...
7.1CVSS
6.3AI Score
0.0004EPSS
Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...
7.1CVSS
6.6AI Score
0.0004EPSS
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...
6.4CVSS
6AI Score
0.0004EPSS
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...
6.4CVSS
5.6AI Score
0.0004EPSS
Malicious code in frd-rsa-js (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (e8787b5e0e6583bf27e7ad1a0f2da3d1fc03021fa9a8957e681cc9c79c0f6acd) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
berlin-en-ligne.com Cross Site Scripting vulnerability OBB-3859645
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.4AI Score
7.4AI Score
Russian Government Software Backdoored to Deploy Konni RAT Malware
An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote access trojan called Konni RAT (aka UpDog). The findings come from German cybersecurity company DCSO, which linked the activity as originating...
9.4AI Score
decidim is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to improper handling of file names during dynamic file uploads. This allows attackers to craft malicious file names that get stored in the database and executed when viewed by other...
6.3CVSS
6.2AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation Vulnerabilities
OpenOLAT versions 18.1.4 and below and versions 18.1.5 and below suffer from multiple persistent cross site scripting...
6.3AI Score
0.0004EPSS
Cross-site scripting (XSS) in the dynamic file uploads
Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change....
6.3CVSS
5.9AI Score
0.0004EPSS
Cross-site scripting (XSS) in the dynamic file uploads
Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change....
6.3CVSS
6AI Score
0.0004EPSS
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...
6.4CVSS
5.7AI Score
0.0004EPSS
Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the...
6.3CVSS
5.9AI Score
0.0004EPSS
Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the...
6.3CVSS
5.8AI Score
0.0004EPSS
Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the...
6.3CVSS
6AI Score
0.0004EPSS
CVE-2023-51447 Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads
Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the...
6.3CVSS
6.2AI Score
0.0004EPSS
Cross-site scripting (XSS) in the dynamic file uploads
Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change....
6AI Score
EPSS
Cross-site scripting (XSS) in the dynamic file uploads
Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change....
6AI Score
EPSS
Post-quantum Cryptography for the Go Ecosystem
filippo.io/mlkem768 is a pure-Go implementation of ML-KEM-768 optimized for correctness and readability. ML-KEM (formerly known as Kyber, renamed because we can't have nice things) is a post-quantum key exchange mechanism in the process of being standardized by NIST and adopted by most of the...
6.8AI Score
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with...
5.4CVSS
5AI Score
0.001EPSS
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with...
5.4CVSS
5AI Score
0.001EPSS
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.4CVSS
5.2AI Score
0.001EPSS
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.4CVSS
5.1AI Score
0.001EPSS
ehe-berlin-brandenburg.de Cross Site Scripting vulnerability OBB-3831741
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.4CVSS
5.3AI Score
0.001EPSS
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with...
5.4CVSS
5.3AI Score
0.001EPSS
Description of the security update for SharePoint Server Subscription Edition: January 9, 2024 (KB5002540) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and...
8.8CVSS
9AI Score
0.002EPSS
Ruby on Rails: DoS with crafted "Range" header
I have crafted a request header for "range" against proxy url in Active Storage and confirmed that it will be a DoS. https://github.com/rails/rails/blob/v7.1.2/activestorage/app/controllers/active_storage/blobs/proxy_controller.rb#L14 ruby def show if request.headers["Range"].present? ...
6.8AI Score
Leap year not accounted for OLAS and veOLAS contract
Lines of code https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/governance/contracts/veOLAS.sol#L101 Vulnerability details Impact OLAS and veOLAS contract does not account for years with 366 days in it's state variables uint256 public constant oneYear =.....
7AI Score
GovernorOLAS is susceptible to DOS via proposal frontrunning
Lines of code https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/governance/package.json#L28 https://github.com/OpenZeppelin/openzeppelin-contracts/blob/0a25c1940ca220686588c4af3ec526f725fe2582/contracts/governance/Governor.sol#L263...
7.1AI Score
Lines of code https://github.com/code-423n4/2023-12-autonolas/blob/main/governance/contracts/GovernorOLAS.sol#L14-L15 Vulnerability details Impact In the "GovernorOLAS.sol" contract, as the comment line supports the OpenZeppelin functions are used as is. However, the inherited OpenZeppelin 4.8.3...
7AI Score
Researchers Crack Tesla Autopilot with ‘Elon Mode,’ Access Critical Data
By Deeba Ahmed German cybersecurity researchers from Technische Universität Berlin employed a €600 (£520 - $660) tool to gain root access to the ARM64-based circuit board of Tesla's autopilot. This is a post from HackRead.com Read the original post: Researchers Crack Tesla Autopilot with 'Elon...
7.5AI Score
ewen-lbh/ffcss Late-Unicode normalization vulnerability
Summary The function lookupPreprocess() is meant to apply some transformations to a string by disabling characters in the regex [-_ .]. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex [-_.....
5.3CVSS
6.7AI Score
0.0005EPSS
ewen-lbh/ffcss Late-Unicode normalization vulnerability
Summary The function lookupPreprocess() is meant to apply some transformations to a string by disabling characters in the regex [-_ .]. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex [-_.....
5.3CVSS
7.2AI Score
0.0005EPSS
Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update D)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R, Q, and L Series Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a...
7.5CVSS
7.7AI Score
0.003EPSS
Prefix Truncation Attack (Terrapin Attack)
libssh is vulnerable to Terrapin attack. The vulnerability is due to mishandling of the handshake phase and sequence numbers in the SSH Binary Packet Protocol (BPP) with certain OpenSSH extensions. This allows an attacker to bypass integrity checks and omit packets during extension negotiation,...
5.9CVSS
7.1AI Score
0.963EPSS
Rogue Session Attack (Terrapin)
asyncssh-pypi is vulnerable to Rogue Session Attack. The vulnerability is due to malicious negotiation of extensions during the SSH connection setup process. This issue can be exploited by an attacker via injecting malicious extensions during the negotiation process, resulting in a SSH security...
5.9CVSS
6.4AI Score
0.963EPSS
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at....
5.9CVSS
6.5AI Score
0.963EPSS
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at....
5.9CVSS
5.7AI Score
0.963EPSS
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a...
5.9CVSS
6.7AI Score
0.963EPSS
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a...
5.9CVSS
0.963EPSS
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a...
5.9CVSS
6.5AI Score
0.963EPSS
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a...
6.8AI Score
0.963EPSS