About the security content of iOS 16.7.5 and iPadOS 16.7.5
About the security content of iOS 16.7.5 and iPadOS 16.7.5 This document describes the security content of iOS 16.7.5 and iPadOS 16.7.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
8.6AI Score
0.001EPSS
In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.2AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.1AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.2AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.1AI Score
0.0004EPSS
In media service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
7.2AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.2AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.2AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.1AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.2AI Score
0.0004EPSS
In video decoder, there is a possible improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.2AI Score
0.0004EPSS
Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...
7.5AI Score
8AI Score
0.573EPSS
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.2AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.1AI Score
0.0004EPSS
About the security content of tvOS 17.3
About the security content of tvOS 17.3 This document describes the security content of tvOS 17.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....
8.5AI Score
0.001EPSS
OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly
Overview Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were introduced in version 3.0.0 with the inclusion of support for punycode email address parsing for X.509 certificates. OpenSSL's assessment of the severity of the...
7.9AI Score
0.077EPSS
Ltd. is an independent innovative enterprise dedicated to WEB application security solutions and application delivery. There is an unauthorized access vulnerability in the website monitoring and warning platform of Yuanjiang Shengbang (Beijing) Network Security Technology Co., Ltd, which can be...
7.1AI Score
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through...
7.2CVSS
8.2AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through...
7.2CVSS
7.9AI Score
0.001EPSS
7CVSS
7.5AI Score
0.0004EPSS
About the security content of macOS Sonoma 14.3
About the security content of macOS Sonoma 14.3 This document describes the security content of macOS Sonoma 14.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....
8.9AI Score
0.001EPSS
Beijing Kuangshi Technology Co., Ltd. is an artificial intelligence company focusing on IoT scenarios. An unauthorized access vulnerability exists in the Kuangxiang MEGVII face recognition pass platform of Beijing Kuangxiang Technology Co. that can be exploited by attackers to obtain sensitive...
6.8AI Score
Directory Traversal Vulnerability in the Training Platform of Shenzhen Sigma Data Technology Co.
Shenzhen Sigma Data Technology Co., Ltd. is an enterprise mainly engaged in software and information technology service industry. Shenzhen Sigma Data Technology Co., Ltd. practical training teaching platform (to fish with the party) there is a directory traversal vulnerability, an attacker can use....
6.6AI Score
7.9AI Score
0.905EPSS
Unauthorized Access Vulnerability in SuperMap iServer of Beijing SuperMap Software Co.
SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. An unauthorized access vulnerability exists in SuperMap iServer of Beijing SuperMap Software Co. Ltd, which can be exploited by attackers to obtain sensitive...
6.8AI Score
CVE-2023-5091 Mali GPU Kernel Driver allows improper GPU processing operations
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through...
5.7AI Score
0.001EPSS
Malicious ads for restricted messaging applications target Chinese users
An ongoing campaign of malicious ads has been targeting Chinese-speaking users with lures for popular messaging applications such as Telegram or LINE with the intent of dropping malware. Interestingly, software like Telegram is heavily restricted and was previously banned in China. Many Google...
7.4AI Score
About the security content of iOS 17.3 and iPadOS 17.3
About the security content of iOS 17.3 and iPadOS 17.3 This document describes the security content of iOS 17.3 and iPadOS 17.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
9AI Score
0.001EPSS
Zhuhai Enterprise Information Technology Co., Ltd. focuses on the development and operation services of the SaaS platform (Jian Guo Yun) for the digital intelligence of the engineering and construction industry. There is an unauthorized access vulnerability in the Engineering Digital Cloud...
6.9AI Score
JVN#46895889: RakRak Document Plus vulnerable to path traversal
RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability (CWE-22). ## Impact Arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges. ## Solution Update the Software Update the...
8.7AI Score
0.0005EPSS
Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade
The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some critical infrastructure networks in the country for at least five years. Targets of the threat actor include communications, energy, transportation, and water and...
7.2AI Score
JVN#73587943: Access analysis CGI An-Analyzer vulnerable to open redirect
Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains an open redirect vulnerability (CWE-601). ## Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. ## Solution Apply....
6.9AI Score
0.001EPSS
Overview In February 2024, Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue (CWE-288) and has a...
9.8CVSS
10AI Score
0.972EPSS
8.3AI Score
0.002EPSS
Information Leakage Vulnerability in BlueLine OA of Shenzhen BlueLine Software Co.
Shenzhen BlueLine Software Co., Ltd. is a company that provides integrated solutions for all kinds of organizations, such as smart office, mobile portal, knowledge management, contract management, digital operation and financial sharing. An information leakage vulnerability exists in BlueLine OA...
6.6AI Score
Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the...
5.5CVSS
7.3AI Score
0.0004EPSS
7.3AI Score
0.905EPSS
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed...
7.8CVSS
7.4AI Score
0.001EPSS
Founded in 2002, Xiamen Nalon Health Science & Technology Co., Ltd. is a high-tech enterprise integrating the research and development, production, sales and software service of medical electronic instruments and equipment. A weak password vulnerability exists in the application infrastructure...
7AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through...
5.4CVSS
7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through...
5.4CVSS
6.9AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.This issue affects CSprite: from n/a through...
8.8CVSS
7.2AI Score
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.This issue affects CSprite: from n/a through...
8.8CVSS
7.2AI Score
0.001EPSS
CVE-2023-50837 WordPress Login Lockdown Plugin <= 2.06 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through...
7.7AI Score
0.001EPSS
Mitsubishi Electric CNC Series (Update E)
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious remote attacker to...
9.8AI Score
0.005EPSS
Gentoo Security Advisory GLSA 200403-03 (OpenSSL)
The remote host is missing updates announced in advisory GLSA...
7.6AI Score
0.006EPSS
Ltd. is a leading provider of Data Leakage Protection (DLP) products, solutions and security services in China. A command execution vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co., Ltd. that can be exploited by an attacker...
7.6AI Score
Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at...
9.8CVSS
8.3AI Score
0.001EPSS
Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at...
9.8CVSS
8.1AI Score
0.001EPSS