RHEL 6 : pidgin (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. pidgin: Out-of-bounds write in purple_markup_unescape_entity triggered by invalid XML (CVE-2017-2640) ...
5.5CVSS
5.8AI Score
0.021EPSS
RHEL 8 : libvirt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libvirt: Insecure sVirt label generation (CVE-2021-3631) An improper locking issue was found in the...
6.5CVSS
8.7AI Score
0.002EPSS
Aquatronica Control System 5.1.6 Password Disclosure Exploit
Aquatronica Control System version 5.1.6 has a tcp.php endpoint on the controller that is exposed to unauthenticated attackers over the network. This vulnerability allows remote attackers to send a POST request which can reveal sensitive configuration information, including plaintext passwords....
7.5AI Score
Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2024-3253)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3253 advisory. hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog...
7CVSS
7.1AI Score
0.001EPSS
Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to...
6.8AI Score
0.0004EPSS
Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to...
6.6AI Score
0.0004EPSS
CVE-2024-1275 Vulnerability in Baxter Welch Allyn Connex Spot Monitor
Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to...
6.9AI Score
0.0004EPSS
CVE-2024-1275 Vulnerability in Baxter Welch Allyn Connex Spot Monitor
Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to...
6.6AI Score
0.0004EPSS
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
7.4AI Score
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks
My wife (no stranger to weird types of scams) recently received a fake text message from someone claiming to be New Jersey's E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There....
9.8CVSS
7.4AI Score
0.001EPSS
Baxter Welch Allyn Connex Spot Monitor
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely Vendor: Baxter Equipment: Welch Allyn Connex Spot Monitor (CSM) Vulnerability: Use of Default Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify device...
7AI Score
0.0004EPSS
How to Build Your Autonomous SOC Strategy
Security leaders are in a tricky position trying to discern how much new AI-driven cybersecurity tools could actually benefit a security operations center (SOC). The hype about generative AI is still everywhere, but security teams have to live in reality. They face constantly incoming alerts from.....
7.2AI Score
Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
Okta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing attacks orchestrated by threat actors. "We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing...
7.6AI Score
The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete....
5.4CVSS
5.5AI Score
0.0004EPSS
The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete....
5.4CVSS
6.3AI Score
0.0004EPSS
CVE-2024-3269 Download Monitor <= 4.9.13 - Missing Authorization
The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete....
5.4CVSS
6.5AI Score
0.0004EPSS
CVE-2024-3269 Download Monitor <= 4.9.13 - Missing Authorization
The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete....
5.4CVSS
5.5AI Score
0.0004EPSS
7.4AI Score
virt:ol and virt-devel:rhel security update
hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma) [8.0.0-23.1.el8] - remote: check for negative array lengths before allocation...
6.2CVSS
7.7AI Score
0.001EPSS
Aquatronica Control System 5.1.6 Passwords Leak Vulnerability
Title: Aquatronica Control System 5.1.6 Passwords Leak Vulnerability Advisory ID: ZSL-2024-5824 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data Risk: (5/5) Release Date:...
7.5AI Score
6 insights from Microsoft’s 2024 state of multicloud risk report to evolve your security strategy
Multicloud computing has become the foundation for digital businesses, with 86% of organizations having already adopted a multicloud approach.1 However, for all its benefits around increased agility, flexibility, and choice, we also see unique challenges with multicloud—including the need to...
7.1AI Score
Privacy Implications of Tracking Wireless Access Points
Brian Krebs reports on research into geolocating routers: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geolocate devices. Researchers from the University of...
6.9AI Score
Download Monitor < 4.9.14 - Missing Authorization
Description The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the...
5.4CVSS
6.4AI Score
0.0004EPSS
Exploit for OS Command Injection in Fortinet Fortisiem
CVE-2024-23108 POC Proof of concept exploit to blindly...
10CVSS
8AI Score
0.001EPSS
Trusted relationship attacks: trust, but verify
IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...
7.8AI Score
phpservermon/phpservermon is vulnerable to Cross-Site Scripting. The vulnerability is due to the lack of proper validation of input parameters in index.php, which allows an attacker to create a specially crafted URL and send it to a victim, to retrieve their session...
6.3CVSS
6.7AI Score
0.0004EPSS
AutomationDirect P3-550E Telnet Diagnostic Interface leftover debug code vulnerability
Talos Vulnerability Report TALOS-2024-1942 AutomationDirect P3-550E Telnet Diagnostic Interface leftover debug code vulnerability May 28, 2024 CVE Number CVE-2024-21785 SUMMARY A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E...
9.8CVSS
7.8AI Score
0.001EPSS
7.4AI Score
SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts
SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for...
7.4AI Score
New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI
Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent phishing or adversary-in-the-middle...
7.2AI Score
Fedora: Security Advisory for tcpdump (FEDORA-2024-e375e28b45)
The remote host is missing an update for...
6.2CVSS
6.7AI Score
0.0004EPSS
Fedora: Security Advisory for tcpdump (FEDORA-2024-272860364f)
The remote host is missing an update for...
6.2CVSS
6.7AI Score
0.0004EPSS
PHP Server Monitor vulnerable to Cross-site Scripting
PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session...
6.3CVSS
5.7AI Score
0.0004EPSS
PHP Server Monitor vulnerable to Cross-site Scripting
PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session...
6.3CVSS
5.7AI Score
0.0004EPSS
PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session...
6.3CVSS
5.7AI Score
0.0004EPSS
PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session...
6.3CVSS
6AI Score
0.0004EPSS
CVE-2024-5312 Cross-Site Scripting vulnerability in PHP Server Monitor
PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session...
6.3CVSS
6AI Score
0.0004EPSS
CVE-2024-5312 Cross-Site Scripting vulnerability in PHP Server Monitor
PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session...
6.3CVSS
5.8AI Score
0.0004EPSS
DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?
Introduction The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks exposed a critical challenge for Chief Information Security Officers (CISOs): holding their ground...
7.1AI Score
virt:ol and virt-devel:rhel security and enhancement update
hivex libguestfs [1.44.0-9.0.2] - libguestfs.spec: Add btrfs-progs RPM to appliance [Orabug: 35634755] [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] -...
7CVSS
8.3AI Score
0.002EPSS
Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them. These adversaries can range from criminals just looking to do something illegal for a range of reasons,...
6.7AI Score
ShrinkLocker: Turning BitLocker into ransomware
Introduction Attackers always find creative ways to bypass defensive features and accomplish their goals. This can be done with packers, crypters, and code obfuscation. However, one of the best ways of evading detection, as well as maximizing compatibility, is to use the operating system's own...
6.8AI Score
Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed
Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part of an ongoing cyber espionage campaign dubbed Operation Diplomatic Specter since at least late 2022. "An analysis of this threat actor's activity reveals long-term.....
7.5AI Score
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121: Fix invalid connector dereference Fix the NULL pointer dereference when no monitor is connected, and the sound card is opened from userspace. Instead return an empty buffer (of zeroes) as the EDID information....
6.5AI Score
0.0004EPSS
How AI will change your credit card behind the scenes
Many companies are starting to implement Artificial Intelligence (AI) within their services. Whenever there are large amounts of data involved, AI offers a way to turn that pile of data into actionable insights. And there's a big chance that our data are somewhere in that pile, whether they can be....
6.9AI Score
kernel security, bug fix, and enhancement update
[4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...
9.8CVSS
8AI Score
EPSS
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability. The specific flaw exists...
9.8CVSS
8.7AI Score
0.001EPSS
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability. The specific flaw exists...
9.8CVSS
10AI Score
0.001EPSS
CVE-2023-51637 Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability. The specific flaw exists...
9.8CVSS
10AI Score
0.001EPSS