Summary follow-redirects and Axios are used by IBM Storage Fusion HCI as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159, CVE-2023-45857. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION: **follow-redirects could allow a remote attacker to conduct...
7.3CVSS
7.1AI Score
0.001EPSS
amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance
In artax version before 1.0.6 and 2 before 2.0.6, cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the...
7AI Score
Summary IBM App Connect for Manufacturing is vulnerable to a denial of service and a remote authenticated attacker accessing sensitive information. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-30171 DESCRIPTION: **The Bouncy...
7.6AI Score
EPSS
CVE-2021-47582 USB: core: Make do_proc_control() and do_proc_bulk() killable
In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait_urb(), which contains an uninterruptible wait with a user-specified timeout value. If timeout value.....
0.0004EPSS
CM3 AcoraCMS Multiple XSS, CSRF and Open Redirect Vulnerabilities
CM3 AcoraCMS is prone to multiple XSS, CSRF and url redirection...
6.5AI Score
0.036EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....
7.2CVSS
6.1AI Score
0.001EPSS
Moderate: fence-agents security and bug fix update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
6.1CVSS
7AI Score
0.001EPSS
Moderate: fence-agents security and bug fix update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
6.1CVSS
6.4AI Score
0.001EPSS
Low: openssl and openssl-fips-provider security update
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data.....
6.5CVSS
6.8AI Score
0.004EPSS
The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
5.7AI Score
0.001EPSS
The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
6.3AI Score
0.001EPSS
GLSA-201903-08 : GNU Wget: Password and metadata leak
The remote host is affected by the vulnerability described in GLSA-201903-08 (GNU Wget: Password and metadata leak) A vulnerability was discovered in GNU Wget’s file_metadata in xattr.c. Impact : A local attacker could obtain sensitive information to include credentials. Workaround :...
7.8CVSS
8.4AI Score
0.0004EPSS
Important: container-tools:rhel8 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fix(es): container_init_t does not possess ptrace process context [almalinux-8.9.0.z] (JIRA:AlmaLinux-28923) Security Fix(es): podman: full container escape at build time...
8.6CVSS
7.4AI Score
0.0005EPSS
Low: openssl and openssl-fips-provider security update
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data.....
6.5CVSS
6.7AI Score
0.004EPSS
Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted...
9.8CVSS
7.1AI Score
0.0004EPSS
Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted...
9.8CVSS
9.6AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs. (CVE-2024-20952,...
7.5CVSS
6.9AI Score
0.001EPSS
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers....
4.3CVSS
6.3AI Score
0.001EPSS
Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK, Java Technology Edition. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-38264 DESCRIPTION: **The IBM...
5.9CVSS
6.7AI Score
EPSS
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
8.8CVSS
8.9AI Score
0.001EPSS
The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes....
6.4CVSS
5.8AI Score
0.0004EPSS
Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. Multiple denial of service attacks affecting Node.js have been published in this security bulletin. This bulletin identifies the steps...
7.3CVSS
7.7AI Score
EPSS
Adobe ColdFusion Remote Code Execution And Information Disclosure Vulnerabilities (APSB17-30)
Adobe ColdFusion is prone to information disclosure and remote code execution (RCE)...
9.8CVSS
8.2AI Score
0.516EPSS
Adobe Flash Player Code Execution and DoS Vulnerabilities (Nov 2013) - Windows
Adobe Flash Player is prone to remote code execution (RCE) and denial of service (DoS)...
7.5AI Score
0.191EPSS
Infinidat Introduces Cyber Storage Protection to Reduce Ransomware and Malware Threats
Waltham, Massachusetts, 27th June 2024,...
7.3AI Score
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invoke....
4.3CVSS
4.7AI Score
0.001EPSS
June 11, 2024—KB5039212 (OS Builds 22621.3737 and 22631.3737)
June 11, 2024—KB5039212 (OS Builds 22621.3737 and 22631.3737) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 23H2, see its update history page. Note Follow...
9.8CVSS
9.8AI Score
0.003EPSS
Chinese Espionage Group “ChamelGang” Uses Attacks for Disruption and Data Theft
Beware! Chinese cyberespionage group ChamelGang targets critical infrastructure like aviation and government systems. SentinelOne report reveals potential attacks across Asia. Learn more about ChamelGang's cyberespionage...
7.3AI Score
CVE-2023-25646 Permission and Access Control Vulnerability in ZTE H388X
There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific...
7.1CVSS
0.0004EPSS
Summary Db2 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. Vulnerability Details ** CVEID: CVE-2021-20373 DESCRIPTION: **IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable...
7.5CVSS
7.6AI Score
0.001EPSS
CVE-2024-4934 Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS
The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
0.0004EPSS
SolarWinds VoIP and Network Quality Manager (VNQM) Detection (HTTP)
HTTP based detection of SolarWinds VoIP and Network Quality Manager...
7.4AI Score
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Impact This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. Patches This vulnerability existed in the repository at HEAD, we will cut a 0.1.0 release with the fix. Workarounds None...
3.7CVSS
6.7AI Score
0.0004EPSS
Malicious code in discord.js-selfbot-v12 (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d1ea862e1247c0db67057d25b3765d9648b353aa808909a5faee62d64c657082) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Summary A vulnerability in Microsoft Azure Identity affects IBM Robotic Process Automation which may result in a denial of service. Microsoft Azure Identity is used by IBM Robotic Process Automation as part of identity management. This bulletin identifies the security fixes to apply to address the....
6.8CVSS
6.7AI Score
0.001EPSS
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file...
7.5CVSS
7.7AI Score
0.021EPSS
Apple OS X Server Denial of Service And RCE Vulnerabilities (HT208102)
Apple OS X Server is prone to denial of service (DoS) and remote code execution (RCE)...
9.8CVSS
8.7AI Score
0.245EPSS
Scalix Web Access <= 11.4.6.12377, 12.x <= 12.2.0.14697 XXE and XSS Vulnerability
Scalix Web Access is prone to an XML external entity (XXE) injection and to a cross-site scripting (XSS)...
5.9AI Score
0.004EPSS
What is the Fediverse and the Social Network Platforms It Powers
Discover the Fediverse, a decentralized social media network promoting interoperability, privacy, and customization. Explore its pros, cons, platforms like Mastodon and PeerTube, and the role of decentralization. A game-changer in online communication and...
7.3AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score