7.8CVSS
7.8AI Score
0.001EPSS
6.8AI Score
6.8AI Score
7.4AI Score
7.4AI Score
6.8AI Score
6.8AI Score
6.5CVSS
5.7AI Score
0.001EPSS
8CVSS
5.6AI Score
EPSS
7.4AI Score
6.5CVSS
5.7AI Score
0.001EPSS
Gitea 1.1.0 - 1.12.5 - Remote Code Execution
Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook functionality, in customer environments where the documentation is not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the...
7.2CVSS
7.1AI Score
0.973EPSS
Possible loss of funds when withdrawing from L2 to L1
Lines of code https://github.com/code-423n4/2023-03-zksync/blob/main/contracts/libraries/SystemContractHelper.sol#L48 Vulnerability details Impact Context To initiate a withdrawal from L2 to L1, a user can call L2EthToken.withdraw method, then funds will be available to calim on L1 via...
6.9AI Score
Threat Advisory: Microsoft Outlook privilege escalation vulnerability being exploited in the wild
Update March 21, 2023: To aid defenders trying to detect and mitigate this vulnerability, we are providing a couple of additional resources. First, we are providing a ClamAV signature that detects this threat -- the rule can be found on our GitHub here and can be leveraged anywhere ClamAV...
9.8CVSS
9.8AI Score
0.902EPSS
Description of the security update for SharePoint Foundation 2013: March 14, 2023 (KB5002367)
Description of the security update for SharePoint Foundation 2013: March 14, 2023 (KB5002367) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2023-23395....
3.1CVSS
4.1AI Score
0.001EPSS
When Dave Liebenberg started his first day at Talos, he had never even opened Terminal on a Mac before -- let alone written a Snort rule or infiltrated a dark web forum. He jokes that he was a trendsetter at Talos, becoming the first of many to break into security without having any prior...
6.4AI Score
8.8CVSS
0.3AI Score
0.537EPSS
SugarCRM 12.x Remote Code Execution / Shell Upload Exploit
This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to...
8.8CVSS
9AI Score
0.537EPSS
9.8CVSS
9.6AI Score
0.014EPSS
Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi....
7.1CVSS
6.7AI Score
0.0004EPSS
Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi....
7.1CVSS
6.4AI Score
0.0004EPSS
Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi....
6.6CVSS
6.8AI Score
0.0004EPSS
Malwarebytes wins 2023 CRN 'Coolest Endpoint And Managed Security Companies' award
CRN, a trusted source for IT channel news and analysis, has named Malwarebytes one of the "Coolest Endpoint And Managed Security Companies" on the 2023 CRN Security 100 list. The CRN Security 100 highlights channel-friendly cybersecurity vendors across a number of market segments including...
-0.2AI Score
7.5CVSS
7AI Score
0.001EPSS
Description of the security update for SharePoint Foundation 2013: February 14, 2023 (KB5002347)
Description of the security update for SharePoint Foundation 2013: February 14, 2023 (KB5002347) Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability and Microsoft Word remote code execution vulnerability. To learn more about the vulnerabilities,....
9.8CVSS
9.7AI Score
0.454EPSS
TD Bank: Reflected XSS on marketsandresearch.td.com
Summary: Hi TD security team, there is a reflected XSS vulnerability at http://marketsandresearch.td.com. As you are most likely aware, XSS vulnerabilities can have significant security implications, including allowing an attacker to inject malicious JS code into the application, which is then...
6.4AI Score
TD Bank: Search input is vulnerable for XSS in qa.td.com and dev.td.com
Summary: I was able to exploit search input in qa.td.com. Steps To Reproduce: Go to qa.td.com and use the search option to reproduce this vulnerability Supporting Material/References: {F2152622} [attachment / reference] Example-...
7.1AI Score
TD Bank: Server-Status leads to exposure information
Summary Hi team i hope you are well t is a pleasure to work in your program. I will begin to present the vulnerability that I found it: Server-status leads to disclosure information Steps Vulnerable subdomain : 1.https://cred.sit.td.com/ Example POC: https://cred.sit.td.com/server-status Path:...
-0.3AI Score
TD Bank: Reflected XSS on Admin Login Page
When you try to access private pages on the domain https://td.intelliresponse.com/a6 you are redirected to a login page, which has reflected values in the DOM from the URL on the parameter 'win'. Once there is no proper handle for the data reflected, it turns out into a vulnerable path on the...
AI Score
JetBlue: XSS via Vuln Rendertron Instance At `██████████.jetblue.com/render/*`
Summary I found that you have █████████ installed on your server, but it may not be up to date. i was able to get around ███'s xss block and get it to raise an alert. this is a type of xss that is mirrored and as soon as you send a link to a person, the xss runs. and in a malicious scenario, it...
10AI Score
Rocky Linux 9 : Image Builder (RLSA-2022:7950)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7950 advisory. A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial...
7.8AI Score
0.002EPSS
Exploit for Improper Input Validation in Google Chrome
Imperva Red Team recently revealed a vulnerability called...
8.8CVSS
1.8AI Score
0.002EPSS
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. Recent assessments: h00die-gr3y at January 18, 2023 8:56am UTC reported: Last December, 28th 2022, a zero.day vulnerability in the SugarCRM...
8.8CVSS
9.2AI Score
0.537EPSS
Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF...
6.5CVSS
0.3AI Score
0.001EPSS
OpenImageIO TIFF tile pels decoding heap-based buffer overflow
Talos Vulnerability Report TALOS-2022-1633 OpenImageIO TIFF tile pels decoding heap-based buffer overflow December 22, 2022 CVE Number CVE-2022-41639 SUMMARY A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and...
9.8CVSS
-0.3AI Score
0.004EPSS
td-safety.ru Cross Site Scripting vulnerability OBB-3101478
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.2AI Score
Description of the security update for SharePoint Foundation 2013: December 13, 2022 (KB5002319)
Description of the security update for SharePoint Foundation 2013: December 13, 2022 (KB5002319) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...
8.8CVSS
9AI Score
0.009EPSS
Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware
Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by an unauthenticated attacker to cause remote code execution or a denial-of-service (DoS) condition. The networking equipment major said.....
1.2AI Score
0.001EPSS
Cross Site Scripting (XSS) Reflected
Description Reflected cross-site scripting (or XSS) arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. # Proof of Concept ``` https://github.com/phpipam/phpipam/blob/master/app/subnets/mail-notify-subnet.php look in...
6.1CVSS
5.9AI Score
0.001EPSS