7.1AI Score
7.1AI Score
AI Score
Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk
Description Stored XSS via parameter [title] when create new ticket Details At the table tickets in admin, when rendering data for column [Ticket] it allows for arbitrary execution of JavaScript Vulnerability code { data: "ticket", render: function...
6.1CVSS
0.4AI Score
0.001EPSS
7.1AI Score
Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting (XSS)
...
7.4AI Score
7.1AI Score
7.4AI Score
7.1AI Score
7.4AI Score
7.1AI Score
7.4AI Score
SmartStoreNET - Malicious Message leading to E-Commerce Takeover
SmartStoreNET is the leading open-source e-commerce platform for .NET, which makes it suitable for companies running Windows Server. Next to the operation of an online business, it offers advanced features, such as CRM tools, a blog and a forum. As a result, a SmartStoreNET instance handles highly....
9.8CVSS
10.2AI Score
0.004EPSS
-0.3AI Score
There is an out of bounds write vulnerability in some Huawei ...
7.5CVSS
7.2AI Score
0.001EPSS
-0.1AI Score
There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions...
7.5CVSS
7.4AI Score
0.001EPSS
There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions...
7.5CVSS
0.001EPSS
There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions...
7.5CVSS
7.4AI Score
0.001EPSS
There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions...
7.6AI Score
0.001EPSS
Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD
GoCD, written in Java, is a popular CI/CD solution with a large range of users from NGOs to Fortune 500 companies with billions of dollars in revenue. Naturally, this makes it a critical piece of infrastructure and an extremely attractive target for attackers. In order to automate build and...
AI Score
0.463EPSS
-0.1AI Score
-0.5AI Score
-0.5AI Score
-0.4AI Score
-0.2AI Score
Security Advisory - Out of Bounds Write Vulnerability in Some Huawei Products
There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition. (Vulnerability ID:...
7.5CVSS
6.9AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in msaari/relevanssi
Description Good afternoon. Beginning on 12 October 2021, our XSS catcher started receiving callbacks from a group of sites that are using the Relevanssi plugin for Wordpress. It appears to us that the software is not properly filtering Unsuccessful searches before displaying the information to...
-0.3AI Score
Squirrel Sandbox Escape allows Code Execution in Games and Cloud Services
SquirrelLang is an interpreted, open-source programming language that is used by video games and cloud services for customization and plugin development. For example, the extremely popular game Counter-Strike: Global Offensive (CS:GO) attracts millions of players on a monthly basis and utilizes...
0.2AI Score
0.005EPSS
-0.3AI Score
-0.1AI Score
6.1CVSS
6.3AI Score
EPSS
0.2AI Score
Multiple Huawei products cross the border to write vulnerabilities
Huawei Ngfw Module is a firewall module from Huawei, China.Huawei IPS Module is an Intrusion Prevention System (IPS) module from Huawei, China.Huawei S5700, Huawei S12700, Huawei S2700 and Huawei The Huawei S5700, Huawei S12700, Huawei S2700 and Huawei S6700 are all enterprise-class switches from.....
7.5CVSS
1.5AI Score
0.001EPSS
AI Score
6.1CVSS
-0.2AI Score
0.001EPSS
Career Navigator talk for IT Hub College
Last week I gave a "Career Navigator" talk for the students of the IT Hub College in Moscow. By the way, this college has a very interesting practical information security program. If it is relevant for you, check it out. I've never talked so much about myself in public. It was like giving advises....
-0.5AI Score
0.2AI Score
7.4AI Score
-0.2AI Score
Informatica: CVE-2021-40870 in [███]
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. The IP has a SSL certificate pointing to Informatica LLC. curl -kvI...
9.8CVSS
9.6AI Score
0.934EPSS
Elastic: CVE-2021-40870 on [52.204.160.31]
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. The IP has a SSL certificate pointing to ElasticSearch. curl -kv...
9.8CVSS
2.5AI Score
0.934EPSS
Cachet 2.4: Code Execution via Laravel Configuration Injection
Status pages are now an essential service offered by all Software-as-a-Service companies (we do it too!). To help their adoption, startups quickly conceived status pages as-a-service, and open-source self-hosted alternatives were made available. Cachet, also sometimes referred to as CachetHQ, is a....
9.8CVSS
0.8AI Score
0.456EPSS
7.4AI Score
1.3AI Score
1AI Score
ECOA Building Automation System Remote Privilege Escalation
Title: ECOA Building Automation System Remote Privilege Escalation Advisory ID: ZSL-2021-5677 Type: Local/Remote Impact: Privilege Escalation Risk: (4/5) Release Date: 08.09.2021 Summary 1 The Risk-Terminator Web Graphic control BEMS (Building Energy Management System) are designed to provide...
8.8CVSS
8.9AI Score
0.001EPSS
Cisco Patches Critical Bug With Public Exploit
Cisco has patched a near-max critical bug in its NFVIS software for which there’s a publicly available proof-of-concept (PoC) exploit. On Wednesday, Cisco released patches for the flaw – an authentication bypass vulnerability in Enterprise NFV Infrastructure Software (NFVIS) that’s tracked as...
8.1CVSS
0.4AI Score
0.068EPSS
td-is.cz Cross Site Scripting vulnerability OBB-2131339
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its...
AI Score
Ghost CMS 4.3.2 - Cross-Origin Admin Takeover
Ghost is one of the most popular Node.js-based Content Management Systems (CMS). According to the vendor, there are currently more than 2.5 million installs of it and the project has more than 38k stars on GitHub. During our research on open-source applications, we analyzed the code and found a...
6.1CVSS
-0.3AI Score
0.015EPSS