CVE-2022-1292 affecting package hvloader for versions less than 1.0.1-2
CVE-2022-1292 affecting package hvloader for versions less than 1.0.1-2. An upgraded version of the package is available that resolves this...
9.8CVSS
7.2AI Score
0.106EPSS
CVE-2024-29159 affecting package hdf5 for versions less than 1.14.4.3-1
CVE-2024-29159 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...
7AI Score
EPSS
CVE-2024-29163 affecting package hdf5 for versions less than 1.14.4.3-1
CVE-2024-29163 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...
7AI Score
EPSS
CVE-2022-28805 affecting package ntopng for versions less than 5.2.1-3
CVE-2022-28805 affecting package ntopng for versions less than 5.2.1-3. A patched version of the package is...
9.1CVSS
6.9AI Score
0.003EPSS
CVE-2019-19391 affecting package sysbench for versions less than 1.0.20-3
CVE-2019-19391 affecting package sysbench for versions less than 1.0.20-3. A patched version of the package is...
9.1CVSS
7AI Score
0.002EPSS
CVE-2024-33877 affecting package hdf5 for versions less than 1.14.4.3-1
CVE-2024-33877 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...
7AI Score
EPSS
CVE-2024-32605 affecting package hdf5 for versions less than 1.14.4.3-1
CVE-2024-32605 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...
7AI Score
EPSS
CVE-2024-32613 affecting package hdf5 for versions less than 1.14.4.3-1
CVE-2024-32613 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...
6.9AI Score
EPSS
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass
An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the...
5.3CVSS
6.9AI Score
0.0004EPSS
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass
An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the...
5.3CVSS
6.9AI Score
0.0004EPSS
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...
5.4CVSS
7AI Score
0.0004EPSS
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...
5.4CVSS
7AI Score
0.0004EPSS
github.com/lightningnetwork/lnd is vulnerable to Improper Input Validation. The vulnerability is due to excessive memory allocation during the parsing process, which creates a Denial-Of-Service (DoS)...
6.5CVSS
6.7AI Score
0.0004EPSS
7.2AI Score
github.com/go-skynet/LocalAI is vulnerable to path traversal. The vulnerability is due to insufficient input validation of the model parameter during the model deletion process, which allows an attacker to delete arbitrary files on the host file...
7.5CVSS
7.1AI Score
0.0004EPSS
SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately
A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive...
8.6CVSS
6.8AI Score
0.343EPSS
US bans Kaspersky, warns: “Immediately stop using that software”
The US government will ban the sale of Kaspersky antivirus products to new customers in the United States starting July 20, with a follow-on deadline to prohibit the cybersecurity company from providing users with software updates after September 29. The move follows years of allegations that the.....
7.1AI Score
Gin-vue-admin is vulnerable to SQL injection. The vulnerability is due to insufficient validation user input which allows an attacker to execute arbitrary SQL...
8.8CVSS
8.2AI Score
0.0004EPSS
7.2AI Score
EPSS
7.5CVSS
7.2AI Score
0.002EPSS
8.8CVSS
7.2AI Score
0.002EPSS
6.1CVSS
6.7AI Score
0.003EPSS
6.5CVSS
6.7AI Score
0.001EPSS
7.5CVSS
6.7AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
7.4CVSS
6.7AI Score
0.003EPSS
7.5CVSS
6.7AI Score
0.001EPSS
7.5CVSS
6.6AI Score
0.02EPSS
8.8CVSS
8.7AI Score
0.001EPSS
typo3/cms is vulnerable to Information Disclosure. The vulnerability is due to improper permission checks, allowing editors to gain knowledge of protected storages and their folders. Attackers can exploit this by using a valid backend user account to include protected files in a collection...
7.2AI Score
silverstripe/framework is vulnerable to User Enumeration. The vulnerability is due to a timing attack on the login or password reset pages, allowing an attacker to determine the existence of user credentials based on response...
7.2AI Score
Was T-Mobile compromised by a zero-day in Jira?
A moderator of the notorious data breach trading platform BreachForums is offering data for sale they claim comes from a data breach at T-Mobile. The moderator, going by the name of IntelBroker, describes the data as containing source code, SQL files, images, Terraform data, t-mobile.com...
10CVSS
8.2AI Score
0.001EPSS
Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM Java. The flaws can lead to denial of service, confidentiality impact, integrity impact, availability impact, and sensitive information disclosure, as described in the "Vulnerability Details" section....
7.5CVSS
7.7AI Score
0.001EPSS
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...
4.9CVSS
5.1AI Score
0.0004EPSS
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...
4.9CVSS
5.1AI Score
0.0004EPSS
silverstripe/framework is vulnerable to SQL injection. The vulnerability is due to the 'start' querystring parameter not being safely escaped, which exposes a possible SQL injection...
8.4AI Score
github.com/drakkan/sftpgo is vulnerable to Incorrect Authorization. The vulnerability is due to a lack of session invalidation when a user or admin changes their password, which allows an attacker to regain access to restricted accounts by resetting the accounts password. Note that this...
5.4CVSS
6.8AI Score
0.0004EPSS
js2py is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the js2py.disable_pyimport() function failing to prevent JS sandbox escape, which allows an attacker to send crafted API calls which results in arbitrary code...
7.7AI Score
0.0004EPSS
io.undertow: undertow-core is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of URL-encoded request paths for concurrent requests on the ajp-listener, which can cause the wrong path to be processed, potentially leading to Denial Of Service...
7.5CVSS
6.7AI Score
0.0004EPSS
ClassGraph XML External Entity Reference
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE)...
6.8AI Score
0.0004EPSS
ClassGraph XML External Entity Reference
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE)...
6.5AI Score
0.0004EPSS
6.5AI Score
0.0004EPSS
silverstripe/framework is vulnerable to CSV injection. The vulnerability is due to the potential inclusion of executable macros and scripts in the exported CSV files, which allows an attacker to execute arbitrary code or commands on the user's...
8.4AI Score
Apache Superset is vulnerable to Improper Input Validation. The vulnerability is due to a lack of validation of user-supplied input. If an authenticated attacker creates a MariaDB connection with the local_infile option enabled, they can execute a specific MySQL/MariaDB SQL command which results...
6.8CVSS
7.4AI Score
0.0004EPSS
Improper Preservation Of Permissions
github.com/authzed/spicedb is vulnerable to Improper Preservation Of Permissions. The vulnerability is due to a failure in the exclusion dispatcher to request all the folders in which the user is a member, leading to an incorrect NO_PERMISSION response when the user should have...
3.7CVSS
7AI Score
0.0004EPSS
Security Bulletin: Cryptography cipher update
Summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as...
6.5CVSS
7.3AI Score
0.001EPSS
U.S. Bans Kaspersky Software, Citing National Security Risks
The U.S. Department of Commerce's Bureau of Industry and Security (BIS) on Thursday announced a "first of its kind" ban that prohibits Kaspersky Lab's U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company's....
6.9AI Score
Summary IBM i is vulnerable to a local user with command line access gaining elevated privilege due to a flaw in IBM TCP/IP Connectivity Utilities for i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...
7.8CVSS
6.9AI Score
0.0004EPSS