9.8CVSS
7AI Score
0.039EPSS
Bread - BIOS Reverse Engineering And Advanced Debugging
BREAD (BIOS Reverse Engineering & Advanced Debugging) is an 'injectable' real-mode x86 debugger that can debug arbitrary real-mode code (on real HW) from another PC via serial cable. Introduction BREAD emerged from many failed attempts to reverse engineer legacy BIOS. Given that the vast majority.....
7.8AI Score
8.8CVSS
9AI Score
0.005EPSS
ghostscript security and bug fix update
[9.27-11] - fix for CVE-2023-4042 - Resolves: rhbz#2228153 [9.27-10] - fix for CVE-2023-38559 - Resolves: rhbz#2224371 [9.27-9] - fix for CVE-2023-28879 - Resolves: rhbz#2188297 [9.27-8] - fix embedding of CIDFonts - Resolves: rhbz#2169890 [9.27-7] - fix bbox device calculating bounding box...
9.8CVSS
9.6AI Score
0.003EPSS
FREE Cybersecurity Education Courses
Navigating the nuanced realm of digital defense doesn't need to feel like a herculean task. This section aims to shed light on the intricacies of digital defense and aid you in leveraging freely available Cybersecurity Learning Programs. Deciphering Digital Defense Digital defense, also referred...
7.5AI Score
Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite
The future of security with AI The increasing speed, scale, and sophistication of recent cyberattacks demand a new approach to security. Traditional tools are no longer enough to keep pace with the threats posed by cybercriminals. In just two years, the number of password attacks detected by...
7.8AI Score
Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite
The future of security with AI The increasing speed, scale, and sophistication of recent cyberattacks demand a new approach to security. Traditional tools are no longer enough to keep pace with the threats posed by cybercriminals. In just two years, the number of password attacks detected by...
7.8AI Score
Microsoft and Adobe Patch Tuesday, November 2023 Security Update Review
Microsoft released its second last Patch Tuesday edition of the year. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday for November 2023 In this month's Patch Tuesday edition, Microsoft has addressed a total of 75...
9.8CVSS
9.8AI Score
0.57EPSS
Insufficient covariance check makes self_cell unsound
All public versions prior to 1.02 used an insufficient check to ensure that users correctly marked the dependent type as either covariant or not_covariant. This allowed users to mark a dependent as covariant even though its type was not covariant but invariant, for certain invariant types...
7AI Score
Insufficient covariance check makes self_cell unsound
All public versions prior to 1.02 used an insufficient check to ensure that users correctly marked the dependent type as either covariant or not_covariant. This allowed users to mark a dependent as covariant even though its type was not covariant but invariant, for certain invariant types...
7AI Score
Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
6AI Score
0.0004EPSS
6.9AI Score
0.002EPSS
Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Create a form and navigate to....
4.8CVSS
5.8AI Score
0.0004EPSS
Top 5 Marketing Tech SaaS Security Challenges
Effective marketing operations today are driven by the use of Software-as-a-Service (SaaS) applications. Marketing apps such as Salesforce, Hubspot, Outreach, Asana, Monday, and Box empower marketing teams, agencies, freelancers, and subject matter experts to collaborate seamlessly on campaigns...
7.1AI Score
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc is vulnerable to Denial of Service. The vulnerability is caused by the grpc unary server interceptor having out of the box labels. The labels net.peer.sock.addr and net.peer.sock.port have unbound cardinality. This leads...
7.5CVSS
7AI Score
0.001EPSS
7.4AI Score
EPSS
Popup box < 3.8.6 - Admin+ Stored XSS in Popup Settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Add a new Popup 2. In the...
4.8CVSS
5.9AI Score
0.0004EPSS
Popup box < 3.8.6 - Admin+ Stored XSS in Categories
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
6AI Score
0.0004EPSS
Popup box < 3.8.6 - Admin+ Stored XSS in Categories
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to "Popup Box >...
4.8CVSS
5.9AI Score
0.0004EPSS
7.4AI Score
EPSS
7AI Score
EPSS
Popup box < 3.8.6 - Admin+ Stored XSS in Popup Settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
6AI Score
0.0004EPSS
7.4AI Score
EPSS
otelgrpc DoS vulnerability due to unbound cardinality metrics
Summary The grpc Unary Server Interceptor opentelemetry-go-contrib/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go // UnaryServerInterceptor returns a grpc.UnaryServerInterceptor suitable // for use in a grpc.NewServer call. func UnaryServerInterceptor(opts ...Option)...
7.5CVSS
7.1AI Score
0.001EPSS
otelgrpc DoS vulnerability due to unbound cardinality metrics
Summary The grpc Unary Server Interceptor opentelemetry-go-contrib/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go // UnaryServerInterceptor returns a grpc.UnaryServerInterceptor suitable // for use in a grpc.NewServer call. func UnaryServerInterceptor(opts ...Option)...
7.5CVSS
7.1AI Score
0.001EPSS
otelgrpc DoS vulnerability due to unbound cardinality metrics
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustion....
7.5CVSS
7AI Score
0.001EPSS
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustion....
7.5CVSS
7.4AI Score
0.001EPSS
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustion....
7.5CVSS
0.001EPSS
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustion....
7.5CVSS
7.3AI Score
0.001EPSS
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustion....
7.5CVSS
7AI Score
0.001EPSS
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustion....
7.5CVSS
7.6AI Score
0.001EPSS
Insufficient covariance check makes self_cell unsound
All public versions prior to 1.02 used an insufficient check to ensure that users correctly marked the dependent type as either covariant or not_covariant. This allowed users to mark a dependent as covariant even though its type was not covariant but invariant, for certain invariant types...
7AI Score
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustion....
7.5CVSS
7.5AI Score
0.001EPSS
Effectively Measure, Communicate, and Eliminate Cloud Risks with TotalCloud
Cloud is a dynamic and ever-evolving environment characterized by transient workloads and an expansive attack surface. This inherent nature of cloud infrastructure contributes to the ongoing complexity and challenges in maintaining robust security measures. According to the 2023 Qualys TotalCloud.....
7.3AI Score
QNAP warns about critical vulnerabilities in NAS systems
QNAP has published a security advisory about two critical vulnerabilities that could allow remote attackers to execute commands via a network. One of the vulnerabilities affects the QTS and QuTS operating systems (OS) for QNAP’s network attached storage systems (NAS). The second one can be found...
9.8CVSS
8.6AI Score
0.001EPSS
Exploit for Improper Check for Unusual or Exceptional Conditions in Polkit Project Polkit
Polkit Vulnerability - CVE-2021-3560 :closed_book: ...
7.8CVSS
8.6AI Score
0.012EPSS
Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a through...
9.8CVSS
0.001EPSS
Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a through...
9.8CVSS
9.3AI Score
0.001EPSS
Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a through...
9.8CVSS
7.1AI Score
0.001EPSS
ThreatDown powered by Malwarebytes: A 15 Year Journey
November marks a significant shift in our legacy. After 15 years as Malwarebytes, we are proud to introduce our rebranded identity, ThreatDown powered by Malwarebytes. Building off Malwarebytes’ initial recognition for removing every trace of viruses that others missed, ThreatDown powered by...
7.1AI Score
CVE-2022-46803 WordPress Noptin Plugin <= 1.9.5 is vulnerable to CSV Injection
Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a through...
9.6AI Score
0.001EPSS
Rocky Linux 8 : gnome-shell (RLSA-2022:1814)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1814 advisory. An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog...
4.3CVSS
6.9AI Score
0.001EPSS
Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS
Description The plugin does not escape the custom shipping phone field no the checkout form leading to...
6.1CVSS
6.3AI Score
0.0005EPSS
Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS
Description The plugin does not escape the custom shipping phone field no the checkout form leading to XSS PoC 1) Install both WooCommerce and the plugin. 2) Set a WooCommerce shipping method, and the store's address to one that is in Vietnam. 3) Add product to cart, and proceed to checkout 4)...
6.1CVSS
6.2AI Score
0.0005EPSS
Imperva customers are protected against CVE-2023-22518 in Confluence Data Center and Server
Atlassian released patches for the recently released vulnerability CVE-2023-22518 in their Confluence Data Center and Confluence Server products. This is a critical vulnerability, allowing attackers to bypass the authentication mechanism to potentially gain unauthorized access to sensitive...
9.8CVSS
7.2AI Score
0.973EPSS
Announcing Microsoft Secure Future Initiative to advance security engineering
Today Microsoft’s Vice Chair and President Brad Smith shared insight on the global cybersecurity landscape and introduced our Secure Future Initiative. These engineering advances anticipate future cyberthreats, such as increasing digital attacks on identity systems. They also address how we will...
7.7AI Score
Announcing Microsoft Secure Future Initiative to advance security engineering
Today Microsoft’s Vice Chair and President Brad Smith shared insight on the global cybersecurity landscape and introduced our Secure Future Initiative. These engineering advances anticipate future cyberthreats, such as increasing digital attacks on identity systems. They also address how we will...
7.7AI Score
The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite...
4.8CVSS
5AI Score
0.0004EPSS
The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite...
4.8CVSS
4.9AI Score
0.0004EPSS
The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite...
4.8CVSS
4.9AI Score
0.0004EPSS