7.4AI Score
A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by...
5.3CVSS
5.3AI Score
0.005EPSS
An Intro to Kafka and RabbitMQ: The Masters of Messaging In the realm of messaging systems, two names stand out: Kafka and RabbitMQ. These two powerhouses have become the go-to solutions for developers and organizations looking to handle high-volume, real-time data processing and messaging. But...
7.2AI Score
espace-design.lu Improper Access Control vulnerability OBB-3845286
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Mysterious patch Let's start this time with the patch that...
7AI Score
pyload Unauthenticated Flask Configuration Leakage vulnerability
Summary Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. Details Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. PoC Run pyload in the default configuration by...
7.5CVSS
7.3AI Score
0.118EPSS
pyload Unauthenticated Flask Configuration Leakage vulnerability
Summary Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. Details Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. PoC Run pyload in the default configuration by...
7.5CVSS
7.3AI Score
0.118EPSS
SMTP smuggling is a technique that allows an attacker to send an email from pretty much any address they like. The intended goal is email spoofing—sending emails with false sender addresses. Email spoofing allows criminals to make malicious emails more believable. Let’s take a closer look at what.....
7AI Score
espace-enchere-sud-aquitaine.fr Improper Access Control vulnerability OBB-3824483
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Craft CMS 4.4.14 Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 4.0.0-RC1 through...
10CVSS
8AI Score
0.873EPSS
9.8CVSS
7.4AI Score
0.873EPSS
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164 : Apache Struts 2 vulnerable Docker container...
9.8CVSS
10AI Score
0.09EPSS
Craft CMS unauthenticated Remote Code Execution (RCE)
This module exploits Remote Code Execution vulnerability (CVE-2023-41892) in Craft CMS which is a popular content management system. Craft CMS versions between 4.0.0-RC1 - 4.4.14 are affected by this vulnerability allowing attackers to execute arbitrary code remotely, potentially compromising the.....
10CVSS
9.8AI Score
0.873EPSS
Scanning Danger: Unmasking the Threats of Quishing
Scanning Danger: Unmasking the Threats of Quishing By Shyava Tripathi, Raghav Kapoor and Rohan Shah · December 07, 2023 Phishing, a prevalent cybercrime worldwide, is responsible for as much as 90 percent of data breaches, making it a significant avenue for the theft of sensitive credentials and...
7.4AI Score
ownCloud Phpinfo Reader Exploit
Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo() to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker.....
10CVSS
6.6AI Score
0.939EPSS
Scanning Danger: Unmasking the Threats of Quishing
Scanning Danger: Unmasking the Threats of Quishing By Shyava Tripathi and Rohan Shah · December 7, 2023 This blog was also written by Raghav Kapoor Phishing, a prevalent cybercrime worldwide, is responsible for as much as 90 percent of data breaches, making it a significant avenue for the theft...
7.4AI Score
7.4AI Score
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vulnerability
R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup...
7.9AI Score
Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo() to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker.....
10CVSS
7.1AI Score
0.939EPSS
7.4AI Score
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
Title: R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Advisory ID: ZSL-2023-5802 Type: Local/Remote Impact: Exposure of Sensitive Information, Security Bypass Risk: (5/5) Release Date: 03.12.2023 Summary R Radio FM Transmitter that includes FM Exciter and FM Amplifier...
7.8AI Score
7.4AI Score
In any strategy aimed at combating cyber threats, the essential peace is the adequate regulation of possible frailties or susceptibility points. This concept embodies a broad spectrum of actions covering the spotting, categorizing, ranking, and rectification of possible risk areas within a digital....
7.8AI Score
Akira Ransomware By Max Kersten · November 29, 2023 This blog was also written by Alexandre Mundo First discovered in early 2023, Akira ransomware seemed to be just another ransomware family that entered the market. Its continued activity and numerous victims are our main motivators to...
7.7AI Score
0.023EPSS
Akira Ransomware By Alexandre Mundo, Max Kersten · November 29, 2023 First discovered in early 2023, Akira ransomware seemed to be just another ransomware family that entered the market. Its continued activity and numerous victims are our main motivators to investigate the malware’s inner...
7.6AI Score
0.023EPSS
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 126 vulnerabilities disclosed in 102 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence...
9.8CVSS
9AI Score
EPSS
ownCloud Information Disclosure Vulnerability (Nov 2023) - Active Check
ownCloud is prone to an information disclosure...
10CVSS
6.2AI Score
0.939EPSS
Namaste! LMS < 2.6.1.2 - Reflected Cross-Site Scripting
Description The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
6.1CVSS
6.5AI Score
0.001EPSS
Dominating an imperative role in boosting the so-called 'efficiency quotient' within a networking system is the Quality of Service or QoS. Let's dive in and explore the crucial components that make QoS pivotal. In essence, QoS is a blend of a multitude of methodologies and hi-tech devices,...
7.9AI Score
The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
6.1CVSS
0.001EPSS
The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
6.1CVSS
6.2AI Score
0.001EPSS
The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
6.1CVSS
6.6AI Score
0.001EPSS
The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
6.1CVSS
6.2AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before...
6.1CVSS
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before...
7.1CVSS
6.2AI Score
0.0005EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before...
6.1CVSS
6.8AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before...
7.1CVSS
6.8AI Score
0.0005EPSS
espace-diamant.ajaccio.fr Cross Site Scripting vulnerability OBB-3777428
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
accure interest function is likely failed to accure interest for token with low decimal
Lines of code Vulnerability details Impact loss of precision is too high when accuring interest Proof of Concept When intereste accures, we are calling uint256 interestAmount; { uint256 interestRate = IIRM(irm).getInterestRate(address(this), trancheIndex, totalDeposit, totalBorrow); ...
7AI Score
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML.....
7.2CVSS
8.8AI Score
0.001EPSS
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML.....
7.2CVSS
8.8AI Score
0.001EPSS
Enhanced Discovery and Resolution, or more commonly known as XDR, serves as a revolutionary model in cybersecurity. It works by combining multiple security apparatuses into a solitary system, thus uplifting the ability for threat detections and subsequent responses. Unlike the standard...
7.4AI Score
Cross-language email validation. Backed by a database of over 55 000 throwable email domains. Validate the format of your email (uses validator.js email regex underneath and FILTER_VALIDATE_EMAIL for PHP) Validate if the email is not a temporary mail (yopmail-like..., add your own dataset to...
7.1AI Score
Unpacking XDR: Broadened Acknowledgment and Response In the perpetually advancing domain of digital protection, new lingo and philosophies constantly emerge. Among the more recent additions is XDR, an acronym for Extended Detection and Response. This passage will provide a detailed insight into...
7.4AI Score
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft
PoC for the ThemeBleed CVE-2023-38146 exploit (Windows 11...
8.8CVSS
8.7AI Score
0.905EPSS
The Qualys Security Conference Mumbai: That’s a Wrap!
In recent years, the world of cybersecurity has experienced a dramatic transformation. The threat landscape has erupted, creating a host of complex challenges, with malicious actors continuously upping their game. In this high-stakes environment, the need for robust cloud security platforms...
7.3AI Score
espace-ultradanse.fr Cross Site Scripting vulnerability OBB-3728272
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
7.1AI Score
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credential Disclosure Vulnerability
The Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in login.htm and mail.htm that can allow security bypass and system...
7.4AI Score
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure
Title: Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure Advisory ID: ZSL-2023-5789 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, Exposure of System Information, Exposure of Sensitive Information Risk: (5/5) Release Date: 30.09.2023 ...
7.5CVSS
7.2AI Score
0.0004EPSS