In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.5AI Score
0.0004EPSS
In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.5AI Score
0.0004EPSS
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.5AI Score
0.0004EPSS
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted...
8CVSS
7.9AI Score
0.0004EPSS
Information Disclosure Vulnerability in UFIDA UAP System
UFIDA Network Technology Co., Ltd. is a leading global provider of enterprise cloud services and software. An information disclosure vulnerability exists in the UFIDA UAP system, which can be exploited by attackers to obtain sensitive...
6.4AI Score
Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside....
6.1CVSS
6.1AI Score
0.001EPSS
CVE-2023-39921 WordPress Molongui Plugin <= 4.6.19 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through.....
5.9CVSS
6AI Score
0.0004EPSS
An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the...
9.8CVSS
9.6AI Score
0.001EPSS
About the security content of macOS Sonoma 14.2
About the security content of macOS Sonoma 14.2 This document describes the security content of macOS Sonoma 14.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....
9.8CVSS
9.1AI Score
0.009EPSS
The EG2000SE is a multi-service router. An information disclosure vulnerability exists in the EG2000SE of Beijing StarNet Ruijie Network Technology Company Limited, which can be exploited by attackers to obtain sensitive...
6.4AI Score
Beijing Yisetong Technology Development Co., Ltd. is a leading data security business provider in China. An information leakage vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co., Ltd, which can be exploited by attackers to...
6.6AI Score
Year in Malware 2023: Recapping the major cybersecurity stories of the past year
If there is anything the cybersecurity world learned in 2023, it's that you can never count any bad guy out. Botnets kept coming back from the dead, ransomware actors found new ways to make money through data theft extortion and threat actors and malware who have been around for more than a decade....
7.5CVSS
7.5AI Score
0.732EPSS
About the security content of iOS 17.2 and iPadOS 17.2
About the security content of iOS 17.2 and iPadOS 17.2 This document describes the security content of iOS 17.2 and iPadOS 17.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
8.8CVSS
7.8AI Score
0.002EPSS
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Over the last two weeks, there were 263 vulnerabilities disclosed in 217 WordPress Plugins and 3 WordPress themes that have been added to the...
9.8CVSS
10AI Score
EPSS
BlueNoroff: new Trojan attacking macOS users
We recently discovered a new variety of malicious loader that targets macOS, presumably linked to the BlueNoroff APT gang and its ongoing campaign known as RustBucket. The threat actor is known to attack financial organizations, particularly companies, whose activity is in any way related to...
7.1AI Score
Command Execution Vulnerability in ezEip System of Beijing Wando Network Technology Co.
The ezEip system is an enterprise website management system. A command execution vulnerability exists in the ezEip system of Beijing Wando Network Technology Co. Ltd, which can be exploited by an attacker to gain server...
7.5AI Score
Downloads Resources over HTTP in co-cli-installer
Affected versions of co-cli-installer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...
8.1CVSS
6.4AI Score
0.002EPSS
Malvertisers zoom in on cryptocurrencies and initial access
During the past month, we have observed an increase in the number of malicious ads on Google searches for "Zoom", the popular piece of video conferencing software. Threat actors have been alternating between different keywords for software downloads such as "Advanced IP Scanner" or "WinSCP"...
7.8AI Score
Four U.S. Nationals Charged in $80 Million Pig Butchering Crypto Scam
Four U.S. nationals have been charged for participating in an illicit scheme that earned them more than $80 million via cryptocurrency investment scams. The defendants – Lu Zhang, 36, of Alhambra, California; Justin Walker, 31, of Cypress, California; Joseph Wong, 32, Rosemead, California; and...
7.3AI Score
An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login...
5.3CVSS
6.8AI Score
0.001EPSS
New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks
A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications channel. "The malware utilizes NKN technology for data exchange between peers, functioning as a potent....
10CVSS
9.6AI Score
0.975EPSS
Pricing inconsistencies introduced via rounding/truncation errors
Lines of code Vulnerability details Impact Calculating share/token prices via bonding curves which involve mathematical operations like logs and divisions can introduce small rounding errors each time. Over many transactions, these errors could accumulate and lead to pricing inconsistencies that...
7AI Score
FreeBSD : chromium -- multiple vulnerabilities (a7732806-0b2a-11ec-836b-3065ec8fd3ec)
Chrome Releases reports : This release contains 27 security fixes, including : [1233975] High CVE-2021-30606: Use after free in Blink. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28 [1235949] High CVE-2021-30607: Use after free in Permissions....
8.8CVSS
8.9AI Score
0.045EPSS
Nagios XI SQLi Vulnerability (Dec 2013) - Active Check
Nagios XI is prone to an SQL injection (SQLi) vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL...
7.6AI Score
0.923EPSS
Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be...
7.8CVSS
7.6AI Score
0.001EPSS
Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier. If a user opens a specially crafted file (X1 or V9 file), information may be disclosed and/or arbitrary code may be...
7.8CVSS
7.7AI Score
0.001EPSS
Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be...
7.8CVSS
7.6AI Score
0.001EPSS
Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be...
7.8CVSS
7.8AI Score
0.001EPSS
Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be...
7.8CVSS
7.5AI Score
0.001EPSS
Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be...
7.8CVSS
7.9AI Score
0.001EPSS
Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be...
7.8CVSS
7.5AI Score
0.001EPSS
Microsoft Teams Isolated Webview Prototype Pollution Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Teams. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Isolated Webview...
7.1AI Score