ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing rate limit to be triggered thus increasing server load. This causes a denial of service for all...
7.5CVSS
7.1AI Score
0.0005EPSS
CVE-2023-52075 ReVanced API vulnerable to Denial of Service due to lack of error caching
ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing rate limit to be triggered thus increasing server load. This causes a denial of service for all...
7.5CVSS
7.6AI Score
0.0005EPSS
Improper Neutralization Of Special Elements
gitlab is vulnerable to Improper Neutralization of Special Elements. The vulnerability is due to there is no proper validation for user-supplied input, specifically when committing directories containing LF (Line Feed) characters. This flaw results in HTTP 500 errors when viewing the affected...
5.3CVSS
6.7AI Score
0.001EPSS
9.8CVSS
7.2AI Score
0.002EPSS
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 16 vulnerabilities disclosed in 16 WordPress Plugins and no WordPress themes that have been added to the Wordfence...
9.8CVSS
7.8AI Score
0.935EPSS
Lines of code https://github.com/code-423n4/2023-12-initcapital/blob/main/contracts/lending_pool/LendingPool.sol#L125 Vulnerability details Impact Users might not always be able to burn() or borrow() due to being frontrunned by other borrow or burn calls, potentially in a malicious manner so funds....
6.9AI Score
Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts
Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. "Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive, and Discord...
7.5AI Score
Meet the entirely legal, iPhone-crashing device, the Flipper Zero: Lock and Code S04E25
This week on the Lock and Code podcast… It talks, it squawks, it even blocks! The stocking-stuffer on every hobby hacker’s wish list this year is the Flipper Zero. “Talk” across low-frequency radio to surreptitiously change TV channels, emulate garage door openers, or even pop open your friend’s...
7AI Score
Fedora: Security Advisory for seamonkey (FEDORA-2023-deb5cf6515)
The remote host is missing an update for...
7.5AI Score
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair.This issue affects Fix My Feed RSS Repair: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair.This issue affects Fix My Feed RSS Repair: from n/a through...
8.8CVSS
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through...
8.8CVSS
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through...
8.8CVSS
7.2AI Score
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair.This issue affects Fix My Feed RSS Repair: from n/a through...
8.8CVSS
7.2AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through...
5.4CVSS
8.9AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair.This issue affects Fix My Feed RSS Repair: from n/a through...
4.3CVSS
8.9AI Score
0.001EPSS
[SECURITY] Fedora 38 Update: seamonkey-2.53.18-1.fc38
SeaMonkey is an all-in-one Internet application suite (previously made popular by Netscape and Mozilla). It includes an Internet browser, advanced e-mail, newsgroup and feed client, a calendar, IRC client, HTML editor and a tool to inspect the DOM for web pages. It is derived from the application.....
7.1AI Score
GTG Product Feed for Shopping <= 1.2.4 - Unauthenticated Settings Update
Description The plugin does not have authorisation check when updating its settings, which could allow unauthenticated users to update...
5.3CVSS
6.3AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were.....
9.8CVSS
9.6AI Score
EPSS
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting
On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject...
6.4CVSS
5.9AI Score
0.001EPSS
KB5033376: Cumulative security update for Internet Explorer: December 12, 2023
KB5033376: Cumulative security update for Internet Explorer: December 12, 2023 IMPORTANT Certain versions of Microsoft Internet Explorer have reached end of servicing. Note that some versions of Internet Explorer may be supported past the latest OS end date when Extended Security Updates (ESUs)...
8.1CVSS
8.6AI Score
0.035EPSS
[SECURITY] Fedora 39 Update: seamonkey-2.53.18-1.fc39
SeaMonkey is an all-in-one Internet application suite (previously made popular by Netscape and Mozilla). It includes an Internet browser, advanced e-mail, newsgroup and feed client, a calendar, IRC client, HTML editor and a tool to inspect the DOM for web pages. It is derived from the application.....
7.1AI Score
Fedora: Security Advisory for seamonkey (FEDORA-2023-76db6c040e)
The remote host is missing an update for...
7.5AI Score
Fix My Feed RSS Repair <= 1.4 - Cross-Site Request Forgery
Description The Fix My Feed RSS Repair plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...
8.8CVSS
6.6AI Score
0.001EPSS
Product Catalog Feed by PixelYourSite < 2.2.0 - Cross-Site Request Forgery
Description The Product Catalog Feed by PixelYourSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the set_disable_status(), set_wpwoof_schedule() and check_feed_name() functions....
8.8CVSS
6.3AI Score
0.001EPSS
Upgraded Q -> 3 from #534 [1702060375162]
Judge has assessed an item in Issue #534 as 3 risk. The relevant finding follows: [L-03] Consider use stETH/UDS oracle Issue Description: The sponsor has confirmed their choice of Chainlink as an oracle to fetch prices. Since all other LST price feeds are 18 decimal places, they will most likely...
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 27, 2023 to December 3, 2023)
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were.....
9.8CVSS
9.6AI Score
EPSS
Star Blizzard increases sophistication and evasion in ongoing attacks
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard (formerly SEABORGIUM, also known as COLDRIVER and Callisto Group). Star Blizzard has improved their detection evasion capabilities since 2022...
7.2AI Score
Star Blizzard increases sophistication and evasion in ongoing attacks
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard (formerly SEABORGIUM, also known as COLDRIVER and Callisto Group). Star Blizzard has improved their detection evasion capabilities since 2022...
7.2AI Score
Why a ransomware gang tattled on its victim, with Allan Liska: Lock and Code S04E24
This week on the Lock and Code podcast… Like the grade-school dweeb who reminds their teacher to assign tonight's homework, or the power-tripping homeowner who threatens every neighbor with an HOA citation, the ransomware group ALPHV can now add itself to a shameful roster of pathetic, little...
7.2AI Score
As a follow-up to the Runtime efficiency with Spring blog post, I am happy to share that our exploration of Project Leyden optimizations has led to some interesting discoveries regarding the JDK's little-used CDS ("Class Data Sharing") feature and has materialized into a new feature that we have...
7.5AI Score
At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 4 million WordPress websites. Today we are announcing that for the next 20 days, Wordfence will be paying out some of the highest bug bounties in the history of WordPress to help find...
9AI Score
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 115 vulnerabilities disclosed in 87 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence...
9.8CVSS
10AI Score
EPSS
Glassdoor: Web Cache Deception
Thanks to our researcher who discovered a web caching issue on an arbitrary endpoint which, in a limited scenario, cached a Fishbowl user's feed page...
7.2AI Score
Feeds for YouTube < 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
5.4CVSS
5.8AI Score
0.001EPSS
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 126 vulnerabilities disclosed in 102 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence...
9.8CVSS
9AI Score
EPSS
7.8CVSS
7.8AI Score
0.001EPSS
Description The Social Feed | All social media in one place plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
4.8CVSS
7.9AI Score
0.0004EPSS
Tenable Nessus Arbitrary File Write Vulnerability (TNS-2023-39)
Tenable Nessus is prone to an arbitrary file write...
6.8CVSS
6.7AI Score
0.001EPSS
AI Solutions Are the New Shadow IT
Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks Like the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot. Employees are covertly using AI with little regard for established IT and cybersecurity review procedures....
6.2AI Score
Improving compliance management with mappings and automation
Based on the research in Coalfire's 2023 Securealities Compliance Report, the third blog in this series examines one of the top concerns of CISOs and compliance program managers: realizing the value of a platform to simplify...
7.2AI Score
Navigating the AI security landscape: The federal push for responsible AI adoption
This blog post discusses the U.S. government's commitment to responsible AI through the Executive Order and proposed legislation, outlines key provisions for AI risk management, highlights efforts to strengthen federal AI governance, and emphasizes Coalfire's role in promoting responsible AI...
7.5AI Score
9.8CVSS
7AI Score
0.039EPSS
Tenable Nessus < 10.5.7 (TNS-2023-39)
According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.5.7. It is, therefore, affected by a vulnerability as referenced in the TNS-2023-39 advisory. An arbitrary file write vulnerability exists where an authenticated, remote attacker with...
6.8CVSS
6.6AI Score
0.001EPSS
python27:2.7 security and bug fix update
babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...
6.1CVSS
6.5AI Score
0.002EPSS
python38:3.8 and python38-devel:3.8 security update
babel Cython mod_wsgi [4.6.8-5] - Remove rpath Resolves: rhbz#2213836 [4.6.8-4] - Core dumped upon file upload >= 1GB Resolves: rhbz#2125171 [4.6.8-3] - Exclude unsupported i686 arch (rhbz#1779142) [4.6.8-2] - Adjusted for Python 3.8 module in RHEL 8 [4.6.8-1] - update to 4.6.8 (#1721376)...
6.1CVSS
6.9AI Score
0.027EPSS
Guardians of IoT: Fortifying the financial sector in the age of IoT
The Internet of Things (IoT) has revolutionized the financial industry, but its associated security vulnerabilities and risks must be addressed to protect sensitive...
7.5AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 6, 2023 to November 12, 2023)
Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Please note there was a minor error in the heading of the email, and this report only runs from November 6th to November 12th. Last week,...
8.8CVSS
9.7AI Score
EPSS
Social Feed <= 1.5.4.6 - Author+ Stored XSS
Description The plugin does not validate and escape some of its socialfeed shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the Author role and above to perform Stored Cross-Site Scripting...
5.4CVSS
7.7AI Score
0.0004EPSS