IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
4.9CVSS
4.8AI Score
0.0004EPSS
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input. Mitigation Mitigation for this issue is either not available or the currently available options don't meet.....
5.7CVSS
6.4AI Score
0.0004EPSS
CVE-2024-28793 IBM Engineering Workflow Management cross-site scripting
IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
4.9CVSS
4.8AI Score
0.0004EPSS
CVE-2024-28793 IBM Engineering Workflow Management cross-site scripting
IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
4.9CVSS
5.8AI Score
0.0004EPSS
Campbell Scientific CSI Web Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Campbell Scientific Equipment: CSI Web Server Vulnerabilities: Path Traversal, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
8.1AI Score
0.0004EPSS
Trusted relationship attacks: trust, but verify
IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...
7.8AI Score
Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip file) to UTAU, an arbitrary file may be...
6.5AI Score
0.0004EPSS
Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip file) to UTAU, an arbitrary file may be...
6.7AI Score
0.0004EPSS
Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip file) to UTAU, an arbitrary file may be...
6.5AI Score
0.0004EPSS
JVN#71404925: Multiple vulnerabilities in UTAU
UTAU provided by ameya/ayame contains multiple vulnerabilities listed below. OS command injection (CWE-78) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Base Score 5.3 CVE-2024-28886 Path Traversal (CWE-22) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 3.3 CVE-2024-32944 ## Impact If a...
7.8AI Score
0.0004EPSS
AutomationDirect P3-550E Telnet Diagnostic Interface leftover debug code vulnerability
Talos Vulnerability Report TALOS-2024-1942 AutomationDirect P3-550E Telnet Diagnostic Interface leftover debug code vulnerability May 28, 2024 CVE Number CVE-2024-21785 SUMMARY A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E...
9.8CVSS
7.8AI Score
0.001EPSS
Talos Vulnerability Report TALOS-2024-1941 AutomationDirect P3-550E Programming Software Connection Remote Memory Diagnostics Read-What-Where vulnerability May 28, 2024 CVE Number CVE-2024-23315 SUMMARY A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory...
7.5CVSS
7AI Score
0.001EPSS
Talos Vulnerability Report TALOS-2024-1943 AutomationDirect P3-550E Programming Software Connection scan_lib.bin library code injection vulnerability May 28, 2024 CVE Number CVE-2024-23601 SUMMARY A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E...
9.8CVSS
8.3AI Score
0.001EPSS
Talos Vulnerability Report TALOS-2024-1939 AutomationDirect P3-550E Programming Software Connection FileSelect stack-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24963,CVE-2024-24962 SUMMARY A stack-based buffer overflow vulnerability exists in the Programming Software...
9.8CVSS
8AI Score
0.001EPSS
Talos Vulnerability Report TALOS-2024-1940 AutomationDirect P3-550E Programming Software Connection Remote Memory Diagnostics Write-What-Where vulnerability May 28, 2024 CVE Number CVE-2024-22187 SUMMARY A write-what-where vulnerability exists in the Programming Software Connection Remote Memory...
9.1CVSS
7.6AI Score
0.001EPSS
Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-2985)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2985 advisory. mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core...
8.2CVSS
7.2AI Score
0.016EPSS
Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves:...
9.8CVSS
7.2AI Score
0.034EPSS
Talos Vulnerability Report TALOS-2024-1936 AutomationDirect P3-550E Programming Software Connection FiBurn heap-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24851 SUMMARY A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn...
7.5CVSS
7.8AI Score
0.0005EPSS
Talos Vulnerability Report TALOS-2024-1937 AutomationDirect P3-550E Programming Software Connection CurrDir heap-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24947,CVE-2024-24946 SUMMARY A heap-based buffer overflow vulnerability exists in the Programming Software...
8.2CVSS
8AI Score
0.0005EPSS
Talos Vulnerability Report TALOS-2024-1938 AutomationDirect P3-550E Programming Software Connection FileSystem API out-of-bounds write vulnerabilities May 28, 2024 CVE Number CVE-2024-24956,CVE-2024-24957,CVE-2024-24959,CVE-2024-24958,CVE-2024-24955,CVE-2024-24954 SUMMARY Several out-of-bounds...
8.2CVSS
7.2AI Score
0.0005EPSS
Fedora 40 : glycin-loaders / gnome-tour / helix / helvum / libipuz / loupe / etc (2024-ce2936b568)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ce2936b568 advisory. This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix...
7.4AI Score
A flaw was found in OpenAPI generator, where it allows the generation of API client libraries, for example, SDK generation, server stubs, documentation, and configuration, automatically given an OpenAPI Spec. This flaw allows an attacker to cause a path traversal vulnerability to read and delete...
8.3CVSS
6.1AI Score
0.0004EPSS
A flaw was found In gnome-shell. The GNOME Network Manager and GNOME Shell Portal Helper connectivity checks send DNS checks that, if intercepted, may be used to launch a GNOME Captive Portal in a WebKitGTK browser and load arbitrary HTML and Javascript code. Mitigation Mitigation for this issue...
6.2AI Score
EPSS
SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts
SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for...
7.4AI Score
Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud
Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that's behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. "Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate," the...
7AI Score
Report: The Dark Side of Phishing Protection
The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks are....
7.4AI Score
A flaw was found in the libarchive library. A heap-based buffer overflow in the execute_filter_e8 function in the libarchive/archive_read_support_format_rar.c file can be triggered when a specially crafted RAR archive is processed, causing a crash to the application linked to the library, and...
7.8CVSS
6.6AI Score
0.005EPSS
An out-of-bounds memory access flaw was found in the Linux kernel’s Ethernet DECchip cards driver. This flaw allows a local user to crash the system. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria...
6.1AI Score
0.0004EPSS
Threat landscape for industrial automation systems, Q1 2024
Global statistics Statistics across all threats In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of...
7.5AI Score
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2024-28793
Summary Vulnerability CVE-2024-28793 affects the Team Concert Git plugin of IBM Engineering Workflow Management (EWM). Vulnerability Details ** CVEID: CVE-2024-28793 DESCRIPTION: **IBM Engineering Workflow Management is vulnerable to stored cross-site scripting. Under certain configurations, this.....
4.9CVSS
5.7AI Score
0.0004EPSS
Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets
The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. "This cluster of activity spanned from late 2023 to April 2024 and is anticipated to...
7.6AI Score
Fedora: Security Advisory for rust-coreos-installer (FEDORA-2024-ce2936b568)
The remote host is missing an update for...
7.5AI Score
Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...
4.9CVSS
6.9AI Score
0.001EPSS
Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...
4.9CVSS
5AI Score
0.001EPSS
Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...
4.9CVSS
6.6AI Score
0.001EPSS
CVE-2024-4286 Improper Neutralization of Special Elements in mintplex-labs/anything-llm
Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...
4.9CVSS
6.7AI Score
0.001EPSS
CVE-2024-4286 Improper Neutralization of Special Elements in mintplex-labs/anything-llm
Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...
4.9CVSS
5AI Score
0.001EPSS
[SECURITY] Fedora 40 Update: rust-coreos-installer-0.21.0-3.fc40
coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines (or, occasionally, to virtual...
7.3AI Score
JA4+ - Suite Of Network Fingerprinting Standards
JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....
7AI Score
Experts Find Flaw in Replicate AI Service Exposing Customers' Models and Data
Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. "Exploitation of this vulnerability would have allowed...
8.2AI Score
Summary A privilege escalation vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-4185 DESCRIPTION: IBM InfoSphere Information Server containers are vulnerable to privilege escalation due to an insecurely configured component. CVSS Base Score:...
8.3CVSS
8.4AI Score
0.001EPSS
JAVS Courtroom Recording Software Backdoored - Deploys RustDoor Malware
Malicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that's associated with a known implant called RustDoor. The software supply chain attack, tracked as CVE-2024-4978 (CVSS score: 8.7),...
8.4CVSS
6.7AI Score
0.028EPSS
bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...
5.3CVSS
7.6AI Score
0.0004EPSS
python39:3.9 and python39-devel:3.9 security update
mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core dumped upon file upload >= 1GB Resolves: rhbz#2125172 [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt...
8.1CVSS
6.7AI Score
0.005EPSS
babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...
9.8CVSS
6.7AI Score
0.005EPSS
NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific.....
8.8CVSS
7.9AI Score
0.0005EPSS
NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific.....
8.8CVSS
9.1AI Score
0.0005EPSS
NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute...
7.8CVSS
7.1AI Score
0.0005EPSS
NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute...
7.8CVSS
7.8AI Score
0.0005EPSS
CVE-2024-5246 NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability
NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific.....
8.8CVSS
9.1AI Score
0.0005EPSS