The EG3210 is a multi-service security gateway. A command execution vulnerability exists in the EG3210, which can be exploited by an attacker to gain control of a...
7.6AI Score
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
7.1AI Score
0.0004EPSS
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
7.1AI Score
0.0004EPSS
Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds
A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet...
6.9AI Score
Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique
The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks. "CatDDoS-related gangs' samples....
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...
6.5AI Score
0.0004EPSS
[252-32.0.2] - Due to a new [Orabug: 36564551] filed on April 29 2024, reverting from back to - previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved. - Re-Added 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792] - Removed the following,.....
5.9CVSS
7.7AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...
7AI Score
0.0004EPSS
This plugin attempts to determine the presence of various common dirs on the remote web...
9.9CVSS
8.1AI Score
0.975EPSS
(Pwn2Own) QNAP TS-464 File Upload Directory Traversal Arbitrary File Creation Vulnerability
This vulnerability allows remote attackers to create arbitrary files on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of file uploads. The issue results from the lack of proper...
8.7CVSS
6.7AI Score
0.001EPSS
6.2AI Score
0.002EPSS
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names,...
6.5AI Score
0.0004EPSS
Debian dsa-5680 : affs-modules-6.1.0-21-4kc-malta-di - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5680 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a...
7.8CVSS
6.5AI Score
0.0004EPSS
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names,...
6.7AI Score
0.0004EPSS
Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the...
6.5AI Score
0.0004EPSS
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names,...
6.8AI Score
0.0004EPSS
Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the...
6.6AI Score
0.0004EPSS
Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product's Windows client is.....
7.1AI Score
0.0004EPSS
Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the...
6.7AI Score
0.0004EPSS
Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering
A Russian operator of a now-dismantled BTC-e cryptocurrency exchange has pleaded guilty to money laundering charges from 2011 to 2017. Alexander Vinnik, 44, was charged in January 2017 and taken into custody in Greece in July 2017. He was subsequently extradited to the U.S. in August 2022. Vinnik.....
7AI Score
Fedora: Security Advisory for jcuber (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for...
7AI Score
0.0004EPSS
Rethinking Democracy for the Age of AI
There is a lot written about technology's threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st...
6.4AI Score
The Anatomy of HTML Attachment Phishing
The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...
7.4AI Score
The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted...
5.7AI Score
0.0004EPSS
4.3CVSS
7.4AI Score
0.001EPSS
JVN#40367518: SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries
SonicDICOM Media Viewer provided by Fujidenolo Solutions Co., Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). ## Impact Arbitrary code may be executed with the privileges of the running application. ## Solution Update the...
7.2AI Score
0.0004EPSS
4.3CVSS
4.8AI Score
0.001EPSS
9.8CVSS
8.8AI Score
0.005EPSS
7.5CVSS
8.8AI Score
0.009EPSS
The Hacking of Culture and the Creation of Socio-Technical Debt
Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a...
6.8AI Score
Webin security lab - dbapp security Ltd reports : The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio...
6.5CVSS
6.5AI Score
0.003EPSS
Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...
6.8AI Score
Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia
Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. We observed that SneakyChef launched a phishing campaign, sending emails delivering SugarGh0st and SpiceRAT with the...
7.5AI Score
Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...
6.6AI Score
0.0004EPSS
cube-homes.com Improper Access Control vulnerability OBB-3796526
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shopfiles Ltd Ebook Store allows Stored XSS.This issue affects Ebook Store: from n/a through...
5.9CVSS
5.7AI Score
0.0004EPSS
The Not-so-True People-Search Network from China
It's not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it's not every day you run across a....
6.4AI Score
6.4AI Score
0.0004EPSS
Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years
A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advanced server-side malware...
9.8CVSS
7.3AI Score
0.003EPSS
Who Stole 3.6M Tax Records from South Carolina?
For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state's revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a...
7.1AI Score
FakeUpdates Malware Campaign Targets WordPress – Millions of Sites at Risk
By Waqas The February 2024 Global Threat Index report released by Check Point Software Technologies Ltd. exposes the alarming vulnerability of cybersecurity worldwide. This is a post from HackRead.com Read the original post: FakeUpdates Malware Campaign Targets WordPress - Millions of Sites at...
7.3AI Score
SQL Injection Vulnerability in Ruiyou Tianyi Application Virtualization System
Xi'an Ruiyou Information Technology Co., Ltd. is a professional virtualization and cloud computing solution provider. A SQL injection vulnerability exists in Ruiyou Skywing Application Virtualization System, which can be exploited by attackers to obtain database information and execute...
7.9AI Score
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF...
8AI Score
0.0004EPSS
SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, might allow remote attackers to execute arbitrary SQL commands via unknown vectors, probably involving the forum_id...
8.8AI Score
0.003EPSS
Arbitrary File Download Vulnerability in DSS of Zhejiang Dahua Technology Co.(CNVD-2024-10023)
Zhejiang Dahua Technology Co., Ltd. is a supplier of surveillance products and solution service provider. Zhejiang Dahua Technology Co., Ltd DSS has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive...
7AI Score
RedHat Update for java-1.7.0-openjdk RHSA-2015:1230-01
The remote host is missing an update for...
3.7CVSS
5.7AI Score
0.974EPSS
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
6.2AI Score
0.0004EPSS
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
6.4AI Score
0.0004EPSS
0.1AI Score
DOJ Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactions
The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds. To that end,....
7.4AI Score