RHEL 7 : openstack-nova (RHSA-2019:2652)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2652 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
6.5CVSS
6.5AI Score
0.001EPSS
RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-nova) (RHSA-2023:1948)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1948 advisory. OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines,creating a ...
3.3CVSS
4.5AI Score
0.0005EPSS
RHEL 7 / 8 : Red Hat OpenStack Platform (openstack-nova) (RHSA-2023:1278)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1278 advisory. OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines, creating a ...
5.7CVSS
5.7AI Score
0.003EPSS
RHEL 9 : Red Hat OpenStack Platform 17.0 (openstack-nova) (RHSA-2023:1015)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1015 advisory. OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines,creating a ...
5.7CVSS
5.7AI Score
0.003EPSS
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping....
4.4CVSS
5.7AI Score
0.0004EPSS
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping....
4.4CVSS
4.3AI Score
0.0004EPSS
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping....
4.4CVSS
4.5AI Score
0.0004EPSS
RHEL 7 : openstack-nova (RHSA-2018:0241)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0241 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
6.5CVSS
6.7AI Score
0.001EPSS
RHEL 7 : openstack-nova (RHSA-2018:0314)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0314 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
6.5CVSS
6.7AI Score
0.001EPSS
RHEL 7 : openstack-nova (RHSA-2018:2855)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2855 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
7.5CVSS
6.3AI Score
0.003EPSS
RHEL 7 : openstack-nova (RHSA-2018:2714)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2714 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
7.5CVSS
6.4AI Score
0.003EPSS
RHEL 7 : openstack-nova (RHSA-2019:2631)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2631 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
6.5CVSS
6.5AI Score
0.001EPSS
RHEL 7 : openstack-nova (RHSA-2019:2622)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2622 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
6.5CVSS
6.5AI Score
0.001EPSS
RHEL 7 : openstack-nova and python-novaclient (RHSA-2018:0369)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0369 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....
6.5CVSS
6.7AI Score
0.001EPSS
10 Critical Endpoint Security Tips You Should Know
In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide...
7.4AI Score
New 'Brokewell' Android Malware Spread Through Fake Browser Updates
Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis...
7.2AI Score
Form Maker by 10Web < 1.15.25 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting
Description The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output...
4.4CVSS
5.7AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...
9.9AI Score
EPSS
Description The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.15.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9CVSS
7.8AI Score
0.0004EPSS
Unveiling the Hidden Power of the CMDB in Cybersecurity
In the ever-evolving landscape of cybersecurity, where attacks grow increasingly sophisticated, organizations must leverage every tool at their disposal to stay one step ahead. While CISOs and SecOps teams often focus on disciplines such as vulnerability detection, attack surface management, and...
6.9AI Score
Securing millions of developers through 2FA
Though technology has advanced significantly to combat the proliferation of sophisticated security threats, the reality is that preventing the next cyberattack depends on getting the security basics right, and efforts to secure the software ecosystem must protect the developers who design, build,.....
7.4AI Score
museum-fuer-kunst-und-kulturgeschichte.de Cross Site Scripting vulnerability OBB-3921756
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users
Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent,...
7.2AI Score
U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse
The U.S. Department of State on Monday said it's taking steps to impose visa restrictions on 13 individuals who are allegedly involved in the development and sale of commercial spyware or who are immediately family members of those involved in such businesses. "These individuals have facilitated...
7AI Score
Arbitrary Code Execution in Gitea
The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code...
7.2CVSS
7.9AI Score
0.973EPSS
Arbitrary Code Execution in Gitea
The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code...
7.2CVSS
7.4AI Score
0.973EPSS
An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of com.factory.mmigroup (versionCode='3', versionName='2.1)....
7.4AI Score
0.0004EPSS
An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of com.factory.mmigroup (versionCode='3', versionName='2.1)....
7.2AI Score
0.0004EPSS
An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...
6.4AI Score
0.0004EPSS
An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...
6.7AI Score
0.0004EPSS
Pytorch is vulnerable to an Out-of-bounds Read. The vulnerability is caused due to a missing validation for mobile_ivalue_size_ variable for a value greater than ivalues->size() in function FlatbufferLoader::parseModule within torch/csrc/jit/mobile/flatbuffer_loader.cpp. This introduces potentia...
6.6AI Score
0.0004EPSS
An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...
6.6AI Score
0.0004EPSS
An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...
6.8AI Score
0.0004EPSS
Arbitrary Code Execution in Gitea
The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code...
7.2CVSS
7.3AI Score
0.973EPSS
7.4AI Score
An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of com.factory.mmigroup (versionCode='3', versionName='2.1)....
7.4AI Score
0.0004EPSS
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component...
7.3AI Score
0.0004EPSS
6.5AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component...
6.8AI Score
0.0004EPSS
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component...
7.4AI Score
0.0004EPSS
Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?
If you're a regular reader of this newsletter, you already know about how strongly I feel about the dangers of spreading fake news, disinformation and misinformation. And honestly, if you're reading this newsletter, I probably shouldn't have to tell you about that either. But one of the things...
7.8AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...
8.8AI Score
EPSS
Torch is vulnerable to a use-after-free vulnerability. The vulnerability is due to missing validation checks in the run function within interpreter.cpp, which can potentially lead to a Denial of Service...
6.8AI Score
0.0004EPSS
Should you share your location with your partner?
Every relationship has its disagreements. Who takes out the trash and washes the dishes? Who plans the meals and writes out the grocery list? And when is it okay to start tracking one another’s location? Location sharing is becoming the norm between romantic partners—50% of people valued...
6.9AI Score
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in...
7.7AI Score
0.0004EPSS
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in...
7.1AI Score
0.0004EPSS
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in...
7.6AI Score
0.0004EPSS
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in...
6.9AI Score
0.0004EPSS