Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake...
EPSS
Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake...
7.5AI Score
EPSS
Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake...
EPSS
Summary Multiple vulnerabilities in Open Container Initiative runc used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2024-21626 DESCRIPTION: **Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by an...
8.6CVSS
7.8AI Score
0.051EPSS
3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords
Update #1: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update #2: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made...
7.1AI Score
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
Summary There are vulnerabilities in IBM® Java™ Version 8 and IBM WebSphere Application Server Liberty used by IBM Cognos Analytics. IBM Cognos Analytics has addressed these vulnerabilities by upgrading IBM® Java™ and IBM WebSphere Application Server Liberty. There are vulnerabilities in...
10CVSS
10AI Score
EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.7AI Score
EPSS
‘Poseidon’ Mac stealer distributed via Google ads
On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity. It was previously used to drop a Windows...
6.5AI Score
Security Bulletin: IBM MQ Appliance vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)
Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM MQ Appliance has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms...
5.9CVSS
6.9AI Score
0.963EPSS
The Windows Registry Adventure #3: Learning resources
Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry......
5.5CVSS
6.7AI Score
0.001EPSS
FreeBSD : Gitlab -- Vulnerabilities (589de937-343f-11ef-8a7b-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 589de937-343f-11ef-8a7b-001b217b3468 advisory. Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit...
9.6CVSS
6.8AI Score
EPSS
War Crime Prosecutions Enter a New Digital Age
A custom platform developed by SITU Research aided the International Criminal Court’s prosecution in a war crimes trial for the first time. It could change how justice is enacted on an international...
7.3AI Score
Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance">Reconnaissance phase. And in...
7AI Score
Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware
Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023. While one cluster of activity has been associated with the ChamelGang (aka...
7AI Score
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein. Vulnerability Details ** CVEID: CVE-2023-49569 DESCRIPTION: **go-git could allow a remote attacker to traverse directories on the system. By sending a specially crafted request using the...
9.8CVSS
10AI Score
EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ghostscript (SUSE-SU-2024:2198-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2198-1 advisory. - CVE-2024-33871: Prevent OPVP device arbitrary code execution via custom Driver library. (bsc#1225491) ....
7.8AI Score
EPSS
6.7AI Score
EPSS
SUSE SLES12 Security Update : ghostscript (SUSE-SU-2024:2199-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2199-1 advisory. - CVE-2024-33871: Prevent OPVP device arbitrary code execution via custom Driver library. (bsc#1225491) Tenable has extracted the preceding.....
7.8AI Score
EPSS
Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's...
9.6CVSS
6AI Score
EPSS
6.7AI Score
EPSS
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
Malicious code in react-select-custom-commit (npm)
-= Per source details. Do not edit below this...
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
Summary IBM Jazz for Service Management is vulnerable due to Apache camel-core-3.2.0.jar. Exposure of sensitive data by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability Details ** CVEID: CVE-2024-22371 DESCRIPTION: **Apache...
2.9CVSS
6.5AI Score
0.0004EPSS
7.1AI Score
7.1AI Score
7.1AI Score
The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including,...
4.3CVSS
6.6AI Score
0.001EPSS
The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including,...
4.3CVSS
0.001EPSS
The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including,...
4.3CVSS
0.001EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.7AI Score
0.0004EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1816)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.7AI Score
0.0004EPSS
Ease the Burden with AI-Driven Threat Intelligence Reporting
_Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill's threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk. _ Cybersecurity.....
6.8AI Score
Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident (social engineering) In our first article on the XZ backdoor, we analyzed its code from initial infection to the function hooking it performs. As we mentioned then, its initial goal was to...
8.6AI Score
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2135-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following...
8CVSS
8.4AI Score
EPSS
Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign
A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023. "SneakyChef uses lures that are...
7.4AI Score
Military-themed Email Scam Spreads Malware to Infect Pakistani Users
Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan using a custom backdoor. Dubbed PHANTOM#SPIKE by Securonix, the unknown threat actors behind the activity have leveraged military-related phishing documents to activate the....
7.2AI Score
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...
4.9CVSS
5.1AI Score
0.0004EPSS
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...
4.9CVSS
5.1AI Score
0.0004EPSS
The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.8AI Score
0.001EPSS
The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...
5.4CVSS
0.001EPSS
The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.8AI Score
0.001EPSS
The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
0.001EPSS