8.6CVSS
7.4AI Score
0.957EPSS
Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read
...
8.6CVSS
8.9AI Score
0.957EPSS
8.6CVSS
8.9AI Score
0.957EPSS
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build....
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build....
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build....
8.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build....
6.7AI Score
0.0004EPSS
CVE-2021-47009 KEYS: trusted: Fix memory leak on object td
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build....
6.6AI Score
0.0004EPSS
CVE-2021-47009 KEYS: trusted: Fix memory leak on object td
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build....
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build....
6.6AI Score
0.0004EPSS
The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking...
7.4AI Score
0.0004EPSS
The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking...
7.2AI Score
0.0004EPSS
The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking...
7.8AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking...
7.5AI Score
0.0004EPSS
7.4AI Score
How are attackers using QR codes in phishing emails and lure documents?
Though QR codes were once on the verge of extinction, many consumers are used to seeing them in the wild for ordering at restaurants, or as mainstays on storefront doors informing customers how they can sign up for a newsletter or score a sweet deal. The use of QR codes saw a resurgence during the....
7AI Score
7.4AI Score
phpMyFAQ vulnerable to stored XSS on attachments filename
Summary Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side (XSS) Details On that snippet code of rendering the file attachments from user tables ``` <tr> ...
6.5CVSS
6.3AI Score
0.001EPSS
phpMyFAQ vulnerable to stored XSS on attachments filename
Summary Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side (XSS) Details On that snippet code of rendering the file attachments from user tables ``` <tr> ...
6.5CVSS
6.3AI Score
0.001EPSS
7.4AI Score
A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by...
5.3CVSS
5.3AI Score
0.006EPSS
Mysterious patch Let's start this time with the patch that...
7AI Score
pyload Unauthenticated Flask Configuration Leakage vulnerability
Summary Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. Details Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. PoC Run pyload in the default configuration by...
7.5CVSS
7.3AI Score
0.118EPSS
pyload Unauthenticated Flask Configuration Leakage vulnerability
Summary Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. Details Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. PoC Run pyload in the default configuration by...
7.5CVSS
7.3AI Score
0.118EPSS
SMTP smuggling is a technique that allows an attacker to send an email from pretty much any address they like. The intended goal is email spoofing—sending emails with false sender addresses. Email spoofing allows criminals to make malicious emails more believable. Let’s take a closer look at what.....
7AI Score
Craft CMS 4.4.14 Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 4.0.0-RC1 through...
10CVSS
8AI Score
0.873EPSS
9.8CVSS
7.4AI Score
0.873EPSS
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164 : Apache Struts 2 vulnerable Docker container...
9.8CVSS
10AI Score
0.09EPSS
Craft CMS unauthenticated Remote Code Execution (RCE)
This module exploits Remote Code Execution vulnerability (CVE-2023-41892) in Craft CMS which is a popular content management system. Craft CMS versions between 4.0.0-RC1 - 4.4.14 are affected by this vulnerability allowing attackers to execute arbitrary code remotely, potentially compromising the.....
10CVSS
9.8AI Score
0.873EPSS
ownCloud Phpinfo Reader Exploit
Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo() to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker.....
10CVSS
6.6AI Score
0.939EPSS
7.4AI Score
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vulnerability
R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup...
7.9AI Score
Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo() to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker.....
10CVSS
7.1AI Score
0.939EPSS
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
Title: R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Advisory ID: ZSL-2023-5802 Type: Local/Remote Impact: Exposure of Sensitive Information, Security Bypass Risk: (5/5) Release Date: 03.12.2023 Summary R Radio FM Transmitter that includes FM Exciter and FM Amplifier...
7.8AI Score
7.4AI Score
7.4AI Score
Akira Ransomware By Max Kersten · November 29, 2023 This blog was also written by Alexandre Mundo First discovered in early 2023, Akira ransomware seemed to be just another ransomware family that entered the market. Its continued activity and numerous victims are our main motivators to...
7.7AI Score
0.023EPSS
Akira Ransomware By Alexandre Mundo, Max Kersten · November 29, 2023 First discovered in early 2023, Akira ransomware seemed to be just another ransomware family that entered the market. Its continued activity and numerous victims are our main motivators to investigate the malware’s inner...
7.6AI Score
0.023EPSS
ownCloud Information Disclosure Vulnerability (Nov 2023) - Active Check
ownCloud is prone to an information disclosure...
10CVSS
6.2AI Score
0.939EPSS
Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before...
6.1CVSS
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before...
7.1CVSS
6.2AI Score
0.0005EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before...
6.1CVSS
6.8AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before...
7.1CVSS
6.8AI Score
0.0005EPSS