Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector
Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker...
9.8CVSS
9.6AI Score
0.972EPSS
6.4AI Score
0.0004EPSS
CVE-2024-24919 Exploit script for...
8.6CVSS
6.3AI Score
0.945EPSS
Exploit for Out-of-bounds Write in Gnu Binutils
CVE-2021-20294-POC Jan 21 2023, Altin (tin-z),...
7.8CVSS
AI Score
0.002EPSS
snipe/snipe-it is vulnerable to Missing Authorization. The vulnerability is due to the lack of authorization checks in the API endpoint, allowing users with "User" and "Self" permissions to modify group memberships without verifying if they are...
7.6CVSS
6.7AI Score
0.0004EPSS
7.1AI Score
7.1AI Score
In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It.....
9.8CVSS
9AI Score
0.003EPSS
In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It.....
9.8CVSS
8.7AI Score
0.003EPSS
Mass Auto Scanner for CVE-2024-24919 This script is designed to...
8.6CVSS
6.4AI Score
0.945EPSS
Django Regex Algorithmic Complexity Causes Denial of Service
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a...
6.1AI Score
0.061EPSS
Malicious code in pipcryptographylibraryv2 (PyPI)
-= Per source details. Do not edit below this...
7.1AI Score
7.1AI Score
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.....
8.6CVSS
7.2AI Score
0.002EPSS
In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It.....
7AI Score
0.003EPSS
Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
APM Server vulnerable to Insertion of Sensitive Information into Log File in...
7.5CVSS
6.7AI Score
0.001EPSS
ADP Grant - Detecting low resolution pictures of other users’ by StatusHints shown in in-call UI
In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for...
5.5CVSS
5.8AI Score
0.0004EPSS
In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
8.1AI Score
0.002EPSS
Exploit for Out-of-bounds Write in Microsoft
CVE-2022-21882 Win32k Elevation Of Privileges...
7.8CVSS
8.2AI Score
0.001EPSS
CVE-2024-24919 Checker A simple bash script to check for the...
8.6CVSS
6.2AI Score
0.945EPSS
Cisco IOS XE Software Unified Threat Defense DoS (cisco-sa-snort-dos-s2R7W9UU)
According to its self-reported version, Cisco UTD Software is affected by a denial of service vulnerability. A denial of service (DoS) vulnerability exists in the way the Snort detection engine processes ICMP traffic. An unauthenticated, remote attacker can exploit this issue by sending a series...
7.5CVSS
7.5AI Score
0.004EPSS
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.....
8.6CVSS
8.7AI Score
0.002EPSS
9.2AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
[4.11.0-15.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] - Add bind to ipa-server-common Requires [Orabug: 36518596] [4.11.0-15] - Resolves: RHEL-32231 CVE-2024-3183 ipa: freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute...
8.1CVSS
6.5AI Score
0.0005EPSS
Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Introduction In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric cryptography, with each server-side key backup...
5.5CVSS
5.4AI Score
0.0004EPSS
Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin
An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...
7.5CVSS
3AI Score
0.006EPSS
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
Summary Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value=...
5.3CVSS
5.3AI Score
0.0005EPSS
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the...
8.1CVSS
7AI Score
0.001EPSS
Exploit for Allocation of Resources Without Limits or Throttling in Redhat Enterprise Linux
The DNS infrastructure used for this PoC was the one suggested...
7.2AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
log4j-scan-turbo (Multi-threaded scanner) Test for the log4j...
10CVSS
10AI Score
0.976EPSS
CVE-2022-48704 drm/radeon: add a force flush to delay work when radeon
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, and....
6.5AI Score
0.0004EPSS
7.1AI Score
7.1AI Score
7.1AI Score
Intro Simple POC Python script that check & leverage Check...
8.6CVSS
6.3AI Score
0.945EPSS
An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via...
5.7CVSS
6AI Score
0.0004EPSS
IBM Operational Decision Manager - Java Deserialization
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to...
9.8CVSS
8.9AI Score
0.489EPSS
A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks.....
5.3CVSS
7.3AI Score
0.0004EPSS
Symfony allows direct access of ESI URLs behind a trusted proxy
All 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpKernel component are affected by this security issue. Your application is vulnerable only if the ESI feature is enabled and there is a proxy in front of the web application. This issue has been fixed in Symfony 2.3.19, 2.4.9, and...
6.5AI Score
EPSS
Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND
Summary UPDATED: (Corrected the affected fileset levels to reflect that bind.rte 7.1.916.2604 and 7.3.916.2601 are vulnerable) Multiple vulnerabilities in ISC BIND could allow a remote attacker to cause a denial of service. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details **...
7.5CVSS
8.1AI Score
0.05EPSS