Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through...
5.4CVSS
6.9AI Score
0.0004EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.This issue affects CSprite: from n/a through...
8.8CVSS
7.2AI Score
0.001EPSS
Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at...
9.8CVSS
0.001EPSS
Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at...
9.8CVSS
9.7AI Score
0.001EPSS
SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies
Overview A vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences (essentially the end of a single email message) in mail messages. An attacker can use this inconsistency to craft an email message that can bypass SMTP security policies. Description.....
5.3CVSS
5.6AI Score
0.003EPSS
An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another....
7.8CVSS
0.001EPSS
An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another....
7.8CVSS
8.4AI Score
0.001EPSS
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...
7CVSS
7AI Score
0.001EPSS
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed...
7.8CVSS
7.6AI Score
0.001EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the modVulnerabilityProtect module. The issue results from the lack of...
7.1CVSS
6.4AI Score
0.001EPSS
7.4AI Score
JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the...
7.5CVSS
7.4AI Score
0.001EPSS
Zhengzhou Zhengda Information Technology Co., Ltd. is a supply chain-industrial chain digitization and financial service solution provider. Zhengzhou Zhengda Information Technology Co., Ltd. mobile service management backend has a SQL injection vulnerability, which can be exploited by attackers to....
7.5AI Score
Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at...
10AI Score
0.001EPSS
Trend Micro Apex Central widget WFProxy Local File Inclusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the getObjWGFServiceApiByApiName function. The issue results from the lack of proper....
7.5CVSS
7.5AI Score
0.006EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through...
5.4CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through...
5.9CVSS
5.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.This issue affects CSprite: from n/a through...
8.8CVSS
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.This issue affects CSprite: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
eXtplorer 'ext_find_user()' Function Authentication Bypass Vulnerability - Active Check
eXtplorer is prone to an authentication-bypass...
7.3AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 15, 2024 to January 21, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 84 vulnerabilities disclosed in 67...
9.8CVSS
8.9AI Score
EPSS
CVE-2023-49763 WordPress CSprite Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.This issue affects CSprite: from n/a through...
4.3CVSS
8.9AI Score
0.001EPSS
Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode...
7.5CVSS
7AI Score
0.0005EPSS
OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the...
6.8CVSS
6.9AI Score
0.0004EPSS
EG2000SE is a router product. An information disclosure vulnerability exists in the EG2000SE of Beijing StarNet Ruijie Network Technology Company Limited, which can be exploited by attackers to obtain sensitive...
6.4AI Score
Meet Ika & Sal: The Bulletproof Hosting Duo from Hell
In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a...
6.8AI Score
Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a local non-privileged user to write a constant pattern to a limited amount of memory.....
7.8CVSS
7.1AI Score
0.001EPSS
CVE-2023-49747 WordPress Guest Author Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through...
5.9CVSS
5.9AI Score
0.0004EPSS
MacMaster - MAC Address Changer
MacMaster is a versatile command line tool designed to change the MAC address of network interfaces on your system. It provides a simple yet powerful solution for network anonymity and testing. Features Custom MAC Address: Set a specific MAC address to your network interface. Random MAC Address:...
7.2AI Score
Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO
Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just a luxury but a...
7.2AI Score
Taiyuan ECS Software Technology Co., Ltd. is a software developer dedicated to the field of coal and coke in China. Taiyuan ECS Software Technology Co., Ltd ECS Unattended Intelligent Logistics System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain...
7.4AI Score
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory.This issue affects Bifrost...
7.8CVSS
7.3AI Score
0.001EPSS
9.8CVSS
9.7AI Score
0.001EPSS
7.3CVSS
7.4AI Score
0.001EPSS
The Anatomy of HTML Attachment Phishing
The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...
7.7AI Score
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected...
6.5CVSS
7AI Score
0.001EPSS
Tickets CAD Multiple Vulnerabilities
Tickets CAD is prone to multiple vulnerabilities. A Reflected XSS vulnerability exists in the search function, search.php within the application. A Stored XSS vulnerability exists in log.php while creating a new log entry. Information disclosure exist which allows users even the guest...
6.2AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through.....
4.8CVSS
7AI Score
0.0004EPSS
Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode...
7.5CVSS
7.3AI Score
0.0005EPSS
Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode...
7.5CVSS
0.0005EPSS
Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified...
8.1CVSS
6.7AI Score
0.002EPSS
PipeViewer - A Tool That Shows Detailed Information About Named Pipes In Windows
A GUI tool for viewing Windows Named Pipes and searching for insecure permissions. The tool was published as part of a research about Docker named pipes: "Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1" "Breaking Docker Named Pipes SYSTEMatically: Docker...
6.9AI Score
Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified...
7.5CVSS
6.5AI Score
0.003EPSS
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary...
8.1CVSS
7.1AI Score
0.001EPSS
Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset
Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and...
7.4AI Score
TensorFlow vulnerable to segfault in `BlockLSTMGradV2`
Impact The implementation of BlockLSTMGradV2 does not fully validate its inputs. - wci, wcf, wco, b must be rank 1 - w, cs_prev,h_prevmust be rank 2 -x` must be rank 3 This results in a a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf...
7.5CVSS
1.4AI Score
0.001EPSS
New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections
Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11. The approach...
7.8AI Score
XSS Vulnerability in PageOffice of Beijing Zhuozheng Zhiyuan Software Co.
PAGEOFFICE is an Internet private cloud OFFICE technology solution independently developed by Zhuozheng Software. PageOffice of Beijing Zhuozheng Zhiyuan Software Co., Ltd. exists XSS vulnerability, attackers can use the vulnerability to obtain sensitive information such as user...
5.8AI Score
EG2000SE is a router product. An information disclosure vulnerability exists in the EG2000SE of Beijing StarNet Ruijie Network Technology Company Limited, which can be exploited by attackers to obtain sensitive...
6.4AI Score
Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a local non-privileged user to write a constant pattern to a limited amount of memory.....
7.8CVSS
7.5AI Score
0.001EPSS