Lucene search
K

2294 matches found

NVD
NVD
added 2024/02/19 8:15 p.m.32 views

CVE-2024-25636

Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, whi...

8.8CVSS7AI score0.00655EPSS
Exploits0References5
NVD
NVD
added 2024/02/19 4:15 p.m.12 views

CVE-2024-25623

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which...

8.5CVSS8.4AI score0.00515EPSS
Exploits0References2
Prion
Prion
added 2024/02/19 4:15 p.m.14 views

Design/Logic Flaw

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which...

5.5CVSS7.2AI score0.00515EPSS
Exploits0References2
OSV
OSV
added 2024/02/19 3:28 p.m.23 views

CVE-2024-25623 Lack of media type verification of Activity Streams objects allows impersonation of remote accounts

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which...

8.5CVSS8.2AI score0.00515EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/02/19 3:28 p.m.15 views

CVE-2024-25623 Lack of media type verification of Activity Streams objects allows impersonation of remote accounts

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which...

8.5CVSS7.1AI score0.00515EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/19 12:0 a.m.6 views

Misskey Code Issues Vulnerabilities

Misskey is a suite of micro-blogging platforms. A code issue vulnerability exists in Misskey versions prior to 2024.2.0. An attacker exploited the vulnerability to impersonate and take over an account on a remote server...

8.8CVSS7AI score0.00655EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/19 12:0 a.m.5 views

PT-2024-21056 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions prior to 2024.2.0 Description: Misskey is an open source, decentralized social media platform with ActivityPub support. The issue arises when fetching remote Activity Streams objects, as Misskey doesn't check that the respons...

8.8CVSS7.4AI score0.00655EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2024/02/14 8:55 p.m.25 views

CVE-2024-25617 Denial of Service in HTTP Header parser in squid proxy

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of...

5.3CVSS6.8AI score0.88864EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/02/14 7:33 a.m.68 views

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra aka DarkCasino targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails...

8.1CVSS8.2AI score0.95443EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2024/02/12 10:46 a.m.2 views

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

9.8CVSS7.4AI score0.99931EPSS
Exploits41References7
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 5:44 p.m.35 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746, CVE-2023-47152, CVE-2023-47141, CVE-2023-45193,...

8.4CVSS7.6AI score0.0098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 5:43 p.m.29 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server

Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2023-5072, CVE-2023-22081, CVE-2023-5676 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

7.5CVSS6.5AI score0.01449EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 5:42 p.m.30 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-22081, CVE-2023-5676 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

5.9CVSS6.2AI score0.014EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/01/15 4:15 a.m.17 views

CVE-2024-0552

Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server...

9.8CVSS9.9AI score0.01179EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/15 4:3 a.m.11 views

CVE-2024-0552 Intumit inc. SmartRobot - Remote Code Execution

Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server...

9.8CVSS8.4AI score0.01179EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/01/04 8:55 a.m.27 views

UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT

The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. "The group's weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its...

7.1AI score
Exploits0
OSV
OSV
added 2024/01/03 10:31 p.m.14 views

PYSEC-2024-1 gratient 0.5 contains credential harvesting code

gratient is a user-facing library for generating color gradients of text. Version 0.5 contained obfuscated, malicious code targeting Windows platforms, harvesting information and credentials from the user's system and sending them to a remote server. Services may include Mullvad VPN and Telegram...

7.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/03 12:0 a.m.2 views

PT-2024-40896 · Microsoft +2 · Windows +2

Name of the Vulnerable Software and Affected Versions: gratient version 0.5 Description: The issue concerns malicious code embedded in the library, which targets Windows platforms. This code is capable of harvesting information and credentials from the user's system and sending them to a remote...

7AI score
Exploits0References3
GithubExploit
GithubExploit
added 2024/01/02 2:20 p.m.188 views

Exploit for Code Injection in Apache Ofbiz

Apache OFBiz Authentication Bypass Vulnerability CVE-2023-514...

9.8CVSS10AI score0.96001EPSS
Exploits16
hivepro
hivepro
added 2023/12/26 12:2 p.m.70 views

Zero-Click Outlook RCE Exploitation Chain in Windows

Summary: Two vulnerabilities CVE-2023-35384 and CVE-2023-36710 in Microsoft Windows can be chained to achieve remote code execution RCE on vulnerable Outlook clients. Attackers can exploit these flaws by sending a crafted email with a custom notification sound file to trigger the download of a...

4.4CVSS7.7AI score0.0159EPSS
Exploits0
Rows per page
Query Builder