Stable Channel Update for ChromeOS / ChromeOS Flex
Hello All, The Stable channel is being updated to 120.0.6099.203 (Platform version: 15662.64.0) for most ChromeOS devices and will be rolled out over the next few days. If you find new issues, please let us know one of the following ways: File a bug Visit our Chrome OS communities General:...
8.8CVSS
9.5AI Score
0.007EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through...
10CVSS
9.5AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through...
9.8CVSS
0.001EPSS
Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider
On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal...
7.3AI Score
Founded in 2002, Xiamen Nalon Health Science & Technology Co., Ltd. is a high-tech enterprise integrating the research and development, production, sales and software service of medical electronic instruments and equipment. A weak password vulnerability exists in the application infrastructure...
7AI Score
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through...
7.6CVSS
7.5AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through...
7.2CVSS
0.001EPSS
OWASP.AntiSamy mXSS when preserving comments
Impact There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a...
6.1CVSS
6AI Score
0.001EPSS
Ltd. is a leading provider of Data Leakage Protection (DLP) products, solutions and security services in China. A command execution vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co., Ltd. that can be exploited by an attacker...
7.6AI Score
Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at...
9.8CVSS
8.1AI Score
0.001EPSS
U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach
Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank. Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to....
6.9AI Score
An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another....
7.8CVSS
8.4AI Score
0.001EPSS
Intelligent logistics unattended system is an intelligent information platform for the unified control of raw material procurement, finished product sales and in-plant logistics for process manufacturing enterprises. There is a SQL injection vulnerability in the Intelligent Logistics Unattended...
7.5AI Score
Dnsmasq is vulnerable to memory corruption and cache poisoning
Overview Dnsmasq is vulnerable to a set of memory corruption issues handling DNSSEC data and a second set of issues validating DNS responses. These vulnerabilities could allow an attacker to corrupt memory on a vulnerable system and perform cache poisoning attacks against a vulnerable environment.....
8.1CVSS
7.7AI Score
0.159EPSS
Command Execution Vulnerability in EG2000GE of Beijing StarNet Ruijie Network Technology Co.
Beijing StarNet Ruijie Network Technology Co., Ltd EG2000GE is a router product. A command execution vulnerability exists in the Beijing StarNet Ruijie Network Technology Co., Ltd EG2000GE, which can be exploited by an attacker to gain control of the...
7.5AI Score
APsystems Energy Communication Unit (ECU-C) Power Control Software
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable via adjacent network / low attack complexity Vendor: APsystems Equipment: Energy communication Unit (ECU-C) Power Control Software Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this...
8.8CVSS
8.9AI Score
0.001EPSS
CVE-2023-51419 WordPress BERTHA AI Plugin <= 1.11.10.7 is vulnerable to Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through...
10CVSS
9.7AI Score
0.001EPSS
Trend Micro Mobile Security for Enterprises vpplist_assign_list Cross-Site Scripting Vulnerability
This vulnerability allows remote attackers to execute web requests with the victim's privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...
6.1CVSS
7.2AI Score
0.001EPSS
Rapid7 in Prague: Pete Rubio Shares Insights and Excitement for the New Office
_As we continue to grow our customer base here at Rapid7, we’re growing our offices as well – this time with a new location in the Czech Republic. With a successful history of building innovation hubs from Boston to Belfast, our teams can’t wait to bring new talent from Prague into the business....
6.9AI Score
This vulnerability allows remote attackers to execute web requests with the victim's privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...
6.1CVSS
7.2AI Score
0.001EPSS
Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the...
5.5CVSS
5.5AI Score
0.0004EPSS
This vulnerability allows remote attackers to execute web requests with the victim's privileges on affected installations of Trend Micro Mobile Security for Enterprises. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...
6.1CVSS
7.2AI Score
0.001EPSS
Trend Micro Apex Central Unrestricted File Upload Vulnerability
This vulnerability allows remote attackers to create arbitrary files on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of uploaded ZIP files. The issue results from the lack of proper...
8.8CVSS
7.4AI Score
0.003EPSS
Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files
An updated version of an Android remote access trojan dubbed GravityRAT has been found masquerading as messaging apps BingeChat and Chatico as part of a narrowly targeted campaign since June 2022. "Notable in the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive...
7AI Score
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...
7CVSS
6.6AI Score
0.001EPSS
CVE-2023-50837 WordPress Login Lockdown Plugin <= 2.06 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through...
7.6CVSS
8.1AI Score
0.001EPSS
Shanghai BJ Software Technology Co., Ltd (BJST), founded in 1999, provides digital business consulting and system implementation for large and medium-sized enterprises, supporting the construction of omni-channel middle office, ERP, e-commerce OMS and other systems, covering a wide range of retail....
6.7AI Score
Gentoo Security Advisory GLSA 200403-03 (OpenSSL)
The remote host is missing updates announced in advisory GLSA...
7.5CVSS
7.6AI Score
0.006EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through...
5.4CVSS
6.9AI Score
0.0004EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.This issue affects CSprite: from n/a through...
8.8CVSS
7.2AI Score
0.001EPSS
Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at...
9.8CVSS
0.001EPSS
Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at...
9.8CVSS
9.7AI Score
0.001EPSS
An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another....
7.8CVSS
0.001EPSS
SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies
Overview A vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences (essentially the end of a single email message) in mail messages. An attacker can use this inconsistency to craft an email message that can bypass SMTP security policies. Description.....
5.3CVSS
5.6AI Score
0.003EPSS
An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another....
7.8CVSS
8.4AI Score
0.001EPSS
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...
7CVSS
7AI Score
0.001EPSS
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed...
7.8CVSS
7.6AI Score
0.001EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the modVulnerabilityProtect module. The issue results from the lack of...
7.1CVSS
6.4AI Score
0.001EPSS
7.4AI Score
JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the...
7.5CVSS
7.4AI Score
0.001EPSS
Zhengzhou Zhengda Information Technology Co., Ltd. is a supply chain-industrial chain digitization and financial service solution provider. Zhengzhou Zhengda Information Technology Co., Ltd. mobile service management backend has a SQL injection vulnerability, which can be exploited by attackers to....
7.5AI Score
Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at...
10AI Score
0.001EPSS
Trend Micro Apex Central widget WFProxy Local File Inclusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the getObjWGFServiceApiByApiName function. The issue results from the lack of proper....
7.5CVSS
7.5AI Score
0.006EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through...
5.9CVSS
5.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through...
5.4CVSS
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.This issue affects CSprite: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.This issue affects CSprite: from n/a through...
8.8CVSS
0.001EPSS
eXtplorer 'ext_find_user()' Function Authentication Bypass Vulnerability - Active Check
eXtplorer is prone to an authentication-bypass...
7.3AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 15, 2024 to January 21, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 84 vulnerabilities disclosed in 67...
9.8CVSS
8.9AI Score
EPSS
CVE-2023-49763 WordPress CSprite Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.This issue affects CSprite: from n/a through...
4.3CVSS
8.9AI Score
0.001EPSS