9.9CVSS
7.1AI Score
0.001EPSS
Argo-cd authenticated users can enumerate clusters by name
Impact It’s possible for authenticated users to enumerate clusters by name by inspecting error messages: ``` $ curl -k 'https://localhost:8080/api/v1/clusters/in-cluster?id.type=name' -H "Authorization: Bearer $token" {"error":"permission denied: clusters, get, , sub: alice, iat:...
4.3CVSS
4.5AI Score
0.0004EPSS
Argo-cd authenticated users can enumerate clusters by name
Impact It’s possible for authenticated users to enumerate clusters by name by inspecting error messages: ``` $ curl -k 'https://localhost:8080/api/v1/clusters/in-cluster?id.type=name' -H "Authorization: Bearer $token" {"error":"permission denied: clusters, get, , sub: alice, iat:...
4.3CVSS
4.5AI Score
0.0004EPSS
[slackware-security] Slackware 15.0 kernel
New kernel packages are available for Slackware 15.0 to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/linux-5.15.160/*: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel...
8CVSS
7.9AI Score
EPSS
7.5CVSS
6.9AI Score
0.964EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before...
7.5CVSS
6.8AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before...
7.5CVSS
6.9AI Score
0.001EPSS
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...
7.5CVSS
7.4AI Score
0.001EPSS
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...
7.5CVSS
5.4AI Score
0.001EPSS
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
5.3CVSS
7.1AI Score
0.004EPSS
Improper Access Control vulnerability in EMTA Grup PDKS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDKS: before 20240603. NOTE: The vendor was contacted early about this disclosure but did not respond in any...
7AI Score
0.0004EPSS
Improper Access Control vulnerability in EMTA Grup PDKS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDKS: before 20240603. NOTE: The vendor was contacted early about this disclosure but did not respond in any...
6.4AI Score
0.0004EPSS
7.5CVSS
6.5AI Score
0.013EPSS
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
Guide to Better Extended Threat Detection and Response (XDR)
Discover how XDR can enhance threat detection and response to improve a SecOps team’s efficiency and...
7.2AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
CVE-2024-24919-POC Read about it -...
8.6CVSS
6.5AI Score
0.945EPSS
10CVSS
10AI Score
0.001EPSS
10CVSS
10AI Score
0.001EPSS
...
8.6CVSS
6.3AI Score
0.945EPSS
7.5AI Score
7.4AI Score
7.5AI Score
Check point:CVE-2024-24919 ...
8.6CVSS
6.5AI Score
0.945EPSS
8.2CVSS
6.8AI Score
0.959EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...
7.8CVSS
8.9AI Score
EPSS
5.3CVSS
6.6AI Score
0.01EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through...
7.2AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through...
7.6AI Score
0.0004EPSS
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader
By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we're calling "LilacSquid." LilacSquid's victimology includes a...
7.8AI Score
A tool to generate a wordlist from the information present in LDAP, in order to crack non-random passwords of domain accounts. Features The bigger the domain is, the better the wordlist will be. [x] Creates a wordlist based on the following information found in the LDAP: [x] User: name and...
7.3AI Score
6.1CVSS
7.3AI Score
0.001EPSS
Denial of service of Minder Server from maliciously crafted GitHub attestations
Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on...
5.3CVSS
6.4AI Score
0.0004EPSS
Denial of service of Minder Server from maliciously crafted GitHub attestations
Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on...
5.3CVSS
6.7AI Score
0.0004EPSS
Campbell Scientific CSI Web Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Campbell Scientific Equipment: CSI Web Server Vulnerabilities: Path Traversal, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
8.1AI Score
0.0004EPSS
libigl readMSH out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1928 libigl readMSH out-of-bounds read vulnerability May 28, 2024 CVE Number CVE-2024-24583,CVE-2024-24584 SUMMARY Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an...
4.3CVSS
7.4AI Score
0.0005EPSS
7.4AI Score
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Grup Arge Energy and Control Systems Smartpower allows SQL Injection.This issue affects Smartpower: through...
7.6AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Grup Arge Energy and Control Systems Smartpower allows SQL Injection.This issue affects Smartpower: through...
7.3AI Score
0.0004EPSS
A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via /tools/redis.php page in the k, hash, key and p parameters. This vulnerability could allow a remote user to submit a specially crafted JavaScript payload for an authenticated user to retrieve their session...
6.3CVSS
5.9AI Score
0.0004EPSS