Handling untrusted input can result in a crash, leading to loss of availability / denial of service
Using particular inputs with @solana/web3.js will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a loss of...
7.5CVSS
7.6AI Score
0.0004EPSS
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with @solana/web3.js will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a.....
7.5CVSS
7.4AI Score
0.0004EPSS
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with @solana/web3.js will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a.....
7.5CVSS
7.4AI Score
0.0004EPSS
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with @solana/web3.js will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a.....
7.5CVSS
7.5AI Score
0.0004EPSS
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with @solana/web3.js will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a.....
7.5CVSS
7.6AI Score
0.0004EPSS
SoumniBot: the new Android banker’s unique techniques
The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very...
7.4AI Score
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the...
5.6AI Score
0.0004EPSS
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the...
8AI Score
0.0004EPSS
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the...
8AI Score
0.0004EPSS
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the...
5.6AI Score
0.0004EPSS
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the...
5.8AI Score
0.0004EPSS
CVE-2024-2102 Salon booking system < 9.6.3 - Unauthenticated Stored XSS
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the...
5.8AI Score
0.0004EPSS
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the...
5.8AI Score
0.0004EPSS
RHEL 7 : Red Hat Single Sign-On 7.6.8 and security update on RHEL 7 (Important) (RHSA-2024:1860)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1860 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
8.1CVSS
7.1AI Score
0.0005EPSS
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in...
7.6AI Score
0.0004EPSS
RHEL 8 : Red Hat Single Sign-On 7.6.8 security update on RHEL 8 (Important) (RHSA-2024:1861)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1861 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
8.1CVSS
7.4AI Score
0.0005EPSS
RHEL 9 : Red Hat Single Sign-On 7.6.8 security update on RHEL 9 (Important) (RHSA-2024:1862)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1862 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
8.1CVSS
7.1AI Score
0.0005EPSS
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in...
7.2AI Score
0.0004EPSS
(RHSA-2024:1868) Important: Red Hat build of Keycloak security update
Red Hat build of Keycloak 22.0.10 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security Fix(es): path transversal in redirection validation (CVE-2024-1132) ...
6.6AI Score
EPSS
(RHSA-2024:1867) Moderate: Red Hat build of Keycloak 22.0.10 enhancement and security update
Red Hat build of Keycloak 22.0.10 is an integrated solution, available as a Red Hat JBoss Middleware for OpenShift containerized image, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security Fix(es): ...
6.6AI Score
EPSS
(RHSA-2024:1866) Important: Red Hat Single Sign-On 7.6.8 security update
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.8 serves as a replacement for Red Hat Single Sign-On 7.6.7, and....
8.1AI Score
0.0005EPSS
Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage...
7AI Score
0.05EPSS
(RHSA-2024:1862) Important: Red Hat Single Sign-On 7.6.8 security update on RHEL 9
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.8 on RHEL 9 serves as a replacement for Red Hat Single Sign-On.....
8.1AI Score
0.0005EPSS
(RHSA-2024:1861) Important: Red Hat Single Sign-On 7.6.8 security update on RHEL 8
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.8 on RHEL 8 serves as a replacement for Red Hat Single Sign-On.....
8.1AI Score
0.0005EPSS
(RHSA-2024:1860) Important: Red Hat Single Sign-On 7.6.8 enhancement and security update on RHEL 7
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.8 on RHEL 7 serves as a replacement for Red Hat Single Sign-On.....
8.1AI Score
0.0005EPSS
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted...
3.1CVSS
7AI Score
0.0004EPSS
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted...
3.1CVSS
4.1AI Score
0.0004EPSS
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted...
3.1CVSS
4.5AI Score
0.0004EPSS
Five Key Takeaways from the 2024 Imperva Bad Bot Report
Bad bots continue to affect consumers and organizations across all sectors. For over eleven years, Imperva has been dedicated to helping organizations manage and mitigate the threat of bad bots. We’ve published the 2024 Imperva Bad Bot Report as part of our commitment to helping organizations...
7AI Score
Navigating the EU NIS2 Directive
How Qualys Cybersecurity Solutions Ensure Compliance The European Union’s revised Network and Information Security (NIS2) Directive is a comprehensive cybersecurity regulation aimed at bolstering the resilience of critical entities and essential services across the EU. As organizations grapple...
7.6AI Score
Crickets from Chirp Systems in Smart Lock Key Leak
The U.S. government is warning that "smart locks" securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical.....
7AI Score
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through...
4.3CVSS
4.6AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users
Cybersecurity researchers have discovered a "renewed" cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy. "The latest iteration of LightSpy, dubbed 'F_Warehouse,' boasts a modular framework with extensive spying features,"....
7.5AI Score
IBM Security verify Access Appliance Denial of Service Vulnerability
IBM Security Verify Access (ISAM) is a service from International Business Machines (IBM) that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management...
6.2CVSS
6.5AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
7.4AI Score
IBM Security verify Access Appliance Security Vulnerability
IBM Security Verify Access (ISAM) is a service from International Business Machines (IBM) that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated...
7.5CVSS
6.4AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
Apple warns people of mercenary attacks via threat notification system
Apple has reportedly sent alerts to individuals in 92 nations on Wednesday, April 10, to say it's detected that they may have been a victim of a mercenary attack. The company says it has sent out these types of threat notifications to over 150 countries since the start in 2021. Mercenary spyware...
7.1AI Score