A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery(CSRF) attacks. By tricking an authenticated victim user to click a malicious link, an attacker could...
7.8CVSS
0.0004EPSS
Top 10 Critical Pentest Findings 2024: What You Need to Know
One of the most effective ways for information technology (IT) professionals to uncover a company's weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable insights into an organization's...
9.8CVSS
8.9AI Score
0.975EPSS
7.3AI Score
8CVSS
7.1AI Score
0.001EPSS
8CVSS
7.1AI Score
0.001EPSS
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...
6.1CVSS
0.0004EPSS
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...
6.1CVSS
6.2AI Score
0.0004EPSS
CVE-2024-34686 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...
6.1CVSS
0.0004EPSS
CVE-2024-34686 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...
6.1CVSS
6.8AI Score
0.0004EPSS
Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the...
7AI Score
0.0004EPSS
5.3CVSS
5.3AI Score
0.001EPSS
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-071)
The version of kernel installed on the remote host is prior to 5.4.226-129.415. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-071 advisory. 2024-06-19: CVE-2022-3435 was added to this advisory. 2024-06-19: CVE-2022-3169 was added to this...
7.1CVSS
7.8AI Score
0.002EPSS
Ubuntu 23.10 : Linux kernel vulnerabilities (USN-6819-2)
The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...
7.8CVSS
8.1AI Score
0.001EPSS
KB5039274: Windows Server 2008 R2 Security Update (June 2024)
The remote Windows host is missing security update 5039274. It is, therefore, affected by multiple vulnerabilities Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (CVE-2024-30080) Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability...
9.8CVSS
7.7AI Score
0.003EPSS
openSUSE 15 Security Update : opera (openSUSE-SU-2024:0156-1)
The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0156-1 advisory. Update to 110.0.5130.64 * CHR-9748 Update Chromium on desktop-stable-124-5130 to 124.0.6367.243 * DNA-116317 Create outline or shadow...
9.6CVSS
8AI Score
0.003EPSS
Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the...
0.0004EPSS
Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep...
0.0004EPSS
Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep...
6.8AI Score
0.0004EPSS
Event Tickets with Ticket Scanner < 2.3.2 - Reflected Cross-Site Scripting
Description The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
7.1CVSS
6.3AI Score
0.0005EPSS
7.8CVSS
8.8AI Score
0.001EPSS
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...
4.4CVSS
4.9AI Score
0.0004EPSS
KB5039266: Windows Server 2008 Security Update (June 2024)
The remote Windows host is missing security update 5039266. It is, therefore, affected by multiple vulnerabilities Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (CVE-2024-30080) Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability...
9.8CVSS
7.7AI Score
0.003EPSS
Blocksy < 2.0.51 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary....
6.4CVSS
6.3AI Score
0.0004EPSS
Emergency Password Reset < 9.0 - Cross-Site Request Forgery
Description The Emergency Password Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0. This is due to missing or incorrect nonce validation in the index.php file. This makes it possible for unauthenticated attackers to update the plugin's...
6.1AI Score
EPSS
WP-Recall <= 16.26.6 - Cross-Site Request Forgery
Description The WP-Recall plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 16.26.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a...
5.4CVSS
6.4AI Score
0.0004EPSS
Ubuntu 20.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6828-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6828-1 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...
8CVSS
8.9AI Score
EPSS
Adobe Experience Manager 6.5.0 < 6.5.21 Multiple Vulnerabilities (APSB24-28)
The version of Adobe Experience Manager installed on the remote host is prior to 6.5.21. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-28 advisory. Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query ...
9.8CVSS
7.1AI Score
EPSS
KLA68914 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: A denial of service vulnerability in DNS...
9.8CVSS
9AI Score
0.003EPSS
6.6CVSS
7AI Score
0.001EPSS
A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...
7.8CVSS
0.0005EPSS
A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...
7.8CVSS
7.1AI Score
0.0005EPSS
A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
4.7CVSS
0.0005EPSS
A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
4.7CVSS
6.5AI Score
0.0005EPSS
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
6.1CVSS
7AI Score
0.0005EPSS
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
7.8CVSS
7.2AI Score
0.0005EPSS
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
7.8CVSS
0.0005EPSS
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
6.1CVSS
0.0005EPSS
A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...
7.8CVSS
7.1AI Score
0.0005EPSS
A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...
7.8CVSS
0.0005EPSS
A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
4.7CVSS
6.5AI Score
0.0005EPSS
A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
4.7CVSS
0.0005EPSS
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
6.1CVSS
7AI Score
0.0005EPSS
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
6.1CVSS
0.0005EPSS
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
7.8CVSS
0.0005EPSS
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
7.8CVSS
7.2AI Score
0.0005EPSS
7.5CVSS
7.3AI Score
0.0005EPSS
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....
7.8CVSS
8AI Score
0.001EPSS
More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack
Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024,...
7.5AI Score
Bypassing 2FA with phishing and OTP bots
Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. Most of today's websites offer some form of it, and some of them won't even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain...
7.2AI Score
Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS