Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtime_map when allocated priv.runtime_map is only allocated when efi_novamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...
7AI Score
0.0004EPSS
CVE-2023-52648 drm/vmwgfx: Unmap the surface before resetting it on a plane state
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() For avoiding to slow down queue destroy, we don't call blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to cancel dispatch work in.....
6.3AI Score
0.0004EPSS
RHEL 5 : ghostscript (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ghostscript: /invalidaccess bypass after failed restore (699654) (CVE-2018-16509) ghostscript: Safer...
9.6AI Score
0.973EPSS
CVE-2024-29901 @workos-inc/authkit-nextjs session replay vulnerability
The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the x-workos-session header. The vulnerability is patched in...
4.8CVSS
5.6AI Score
0.0004EPSS
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-059)
The version of kernel installed on the remote host is prior to 5.4.268-181.368. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-059 advisory. 2024-06-06: CVE-2023-52698 was added to this advisory. 2024-06-06: CVE-2023-52464 was added to this...
7.8CVSS
7.8AI Score
0.001EPSS
7.4AI Score
7.4AI Score
7.4AI Score
About the security content of macOS Ventura 13.6.7
About the security content of macOS Ventura 13.6.7 This document describes the security content of macOS Ventura 13.6.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
7.8CVSS
8.1AI Score
0.002EPSS
JVN#60331535: WordPress plugin "SiteGuard WP Plugin" may leak the customized path to the login page
WordPress plugin "SiteGuard WP Plugin" provided by EG Secure Solutions Inc. provides a functionality to customize the path to the login page wp-login.php. The plugin implements a measure to avoid redirection from other URLs, but missed to implement a measure to avoid redirection from...
6.6AI Score
0.001EPSS
RHEL 6 : ghostscript (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443) (CVE-2019-14813) ...
9.8AI Score
0.017EPSS
7.4AI Score
7.4AI Score
7.4AI Score
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-036)
The version of kernel installed on the remote host is prior to 5.15.148-97.158. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-036 advisory. 2024-06-06: CVE-2023-52698 was added to this advisory. 2024-05-09: CVE-2024-26586 was added to this...
7.8CVSS
7.9AI Score
0.001EPSS
WordPress Photoxhibit 2.1.8 - Cross-Site Scripting
WordPress Photoxhibit 2.1.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and....
6.1CVSS
6.3AI Score
0.001EPSS
In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:...
7.5CVSS
7.5AI Score
0.001EPSS
Debian Security Advisory DSA 608-1 (zgv)
The remote host is missing an update to zgv announced via advisory DSA...
6.4AI Score
0.12EPSS
Debian Security Advisory DSA 284-1 (kdegraphics)
The remote host is missing an update to kdegraphics announced via advisory DSA...
6.4AI Score
0.082EPSS
Debian Security Advisory DSA 063-1 (xinetd)
The remote host is missing an update to xinetd announced via advisory DSA...
6.6AI Score
0.319EPSS
Debian Security Advisory DSA 279-1 (metrics)
The remote host is missing an update to metrics announced via advisory DSA...
6.6AI Score
0.0004EPSS
Debian Security Advisory DSA 105-1 (enscript)
The remote host is missing an update to enscript announced via advisory DSA...
6.7AI Score
0.0004EPSS
Debian Security Advisory DSA 090-1 (xtel)
The remote host is missing an update to xtel announced via advisory DSA...
7.4AI Score
Advance Auto Parts customer data posted for sale
A cybercriminal using the handle Sp1d3r is offering to sell 3 TB of data taken from Advance Auto Parts, Inc. Advance Auto Parts is a US automotive aftermarket parts provider that serves both professional installers and do it yourself customers. Allegedly the customer data includes: Names Email...
7.4AI Score
Debian Security Advisory DSA 296-1 (kdebase)
The remote host is missing an update to kdebase announced via advisory DSA...
6.4AI Score
0.082EPSS
This plugin attempts to determine the presence of various common dirs on the remote web...
9.9CVSS
8.1AI Score
0.975EPSS
Debian Security Advisory DSA 293-1 (kdelibs)
The remote host is missing an update to kdelibs announced via advisory DSA...
6.4AI Score
0.082EPSS
Debian Security Advisory DSA 026-1 (bind)
The remote host is missing an update to bind announced via advisory DSA...
6.5AI Score
0.189EPSS
Debian Security Advisory DSA 231-1 (dhcp3)
The remote host is missing an update to dhcp3 announced via advisory DSA...
6.5AI Score
0.135EPSS
We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM).1 We believe our position in the Leaders quadrant validates our vision and continued investments in Microsoft Sentinel making it a...
7AI Score
In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:...
7.5CVSS
7.5AI Score
0.001EPSS
Fortinet FortiOS Trust Management Issues Vulnerability (CNVD-2024-13096)
Fortinet FortiOS is a set of U.S. Fita (Fortinet) dedicated to FortiGate network security platform on the security operating system. A trust management issue vulnerability exists in Fortinet FortiOS that stems from the presence of incorrect certificate validation, which can be exploited by an...
4.8CVSS
6.9AI Score
0.0005EPSS
chromium -- multiple security fixes
Chrome Releases reports: This update includes 23 security fixes: [331358160] High CVE-2024-3832: Object corruption in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27 [331383939] High CVE-2024-3833: Object corruption in WebAssembly. Reported by Man Yue Mo of GitHub Security Lab on...
8.8CVSS
7.8AI Score
0.001EPSS
JVN#25594256: Denial-of-service (DoS) vulnerability in IPCOM WAF function
WAF function of IPCOM provided by Fsas Technologies Inc. contains a denial-of-service (DoS) vulnerability (CWE-908). ## Impact If the product receives a specially crafted packet by an attacker, the system may be rebooted or suspended. ## Solution Update the firmware Update the firmware to the...
7AI Score
0.0004EPSS
Nextcloud: Weak ssh algorithms and CVE-2023-48795 Discovered on various subdomains of nextcloud.com
Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection's security by breaking the integrity of the secure channel. Called Terrapin (CVE-2023-48795, CVSS...
5.9CVSS
7.4AI Score
0.963EPSS
JVN#37818611: "ZOZOTOWN" App for Android fails to restrict custom URL schemes properly
"ZOZOTOWN" App for Android provided by ZOZO, Inc. provides the function to access a URL requested via Custom URL Scheme. The App does not restrict access to the function properly (CWE-939) which may be exploited to direct the App to access any sites. ## Impact A remote attacker may lead a user to.....
7AI Score
0.0004EPSS
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the following versions: QTS.....
7.4CVSS
7.2AI Score
0.0004EPSS
INC Ransomware Hits NHS Scotland, Threatens Leak of 3TB Patient Data
By Waqas As seen by Hackread.com, the INC ransomware gang claims to have obtained patient records as part of their cyberattack. This is a post from HackRead.com Read the original post: INC Ransomware Hits NHS Scotland, Threatens Leak of 3TB Patient...
7.2AI Score
WordPress Automatic Plugin <= 3.92.0 - SQL Injection
The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append...
9.9CVSS
9.5AI Score
0.001EPSS
Microsoft to Support ARM Chips in Upcoming Windows Version
Microsoft Corp., feeling pressure from popular products like Apple Inc.'s iPad, is developing a new operating system that marks a departure from the company's traditional reliance on Intel Corp.'s chip technology. This information comes from sources familiar with Microsoft's plans. Next month,...
6.7AI Score
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-048)
The version of kernel installed on the remote host is prior to 5.10.209-198.812. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-048 advisory. 2024-06-06: CVE-2023-52698 was added to this advisory. 2024-06-06: CVE-2023-52464 was added to this...
7.8CVSS
7.9AI Score
0.001EPSS
About the security content of iOS 17.5 and iPadOS 17.5
About the security content of iOS 17.5 and iPadOS 17.5 This document describes the security content of iOS 17.5 and iPadOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
7.5AI Score
0.001EPSS
memory corruption in modem due to improper check while calculating size of serialized CoAP...
9.8CVSS
9.5AI Score
0.001EPSS
Texas Man Indicted for Hacking Eden Prairie Business, Stealing $274,000
A federal indictment unsealed earlier today alleges that a 35-year-old Texas man hacked into the computer network of an Eden Prairie business, stealing approximately $274,000. The indictment, filed in Minneapolis on October 13, 2010, charges Jeremy Parker of Houston, Texas, with one count of...
7.2AI Score
Apple iOS and Apple iPadOS Buffer Overflow Vulnerability
Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. A buffer overflow vulnerability exists in Apple iOS and iPadOS, which can be exploited by an attacker to...
7.8CVSS
7.2AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
Allaire/Macromedia JRun Sample Files (HTTP) - Active Check
This host is running the Allaire JRun web server and has sample files...
6.7AI Score
0.005EPSS