Foxit PDF Reader Code Execution Vulnerability (CNVD-2024-20601)
Foxit PDF Reader is China Foxit (Foxit) company a PDF reader. Foxit PDF Reader has a code execution vulnerability that stems from a post-release reuse problem when dealing with Doc objects, which can be exploited by an attacker to execute arbitrary code in the context of the current...
7.8CVSS
7.7AI Score
0.0005EPSS
Foxit PDF Reader Code Execution Vulnerability
Foxit PDF Reader is China Foxit (Foxit) company a PDF reader. Foxit PDF Reader has a code execution vulnerability that stems from a post-release reuse issue in the AcroForm module, which can be exploited by an attacker to execute arbitrary code in the context of the current...
7.8CVSS
7.8AI Score
0.0005EPSS
Personal AI Assistants and Privacy
Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called "Recall" for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall...
7AI Score
Operating System (OS) Detection (NTP)
Network Time Protocol (NTP) server based Operating System (OS) ...
7.3AI Score
Change Healthcare Finally Admits It Paid Ransomware Hackers—and Still Faces a Patient Data Leak
The company belatedly conceded both that it had paid the cybercriminals extorting it and that patient data nonetheless ended up on the dark...
7.3AI Score
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks
My wife (no stranger to weird types of scams) recently received a fake text message from someone claiming to be New Jersey's E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There....
9.8CVSS
7.4AI Score
0.001EPSS
Active Exploits target Check Point Security Gateway Zero-Day Information Disclosure flaw Check Point Cybersecurity has issued hotfixes to address a zero-day vulnerability in its VPNs that has been exploited to gain remote access to firewalls and potentially infiltrate corporate networks. On...
8.6CVSS
6.3AI Score
0.945EPSS
CVE-2024-1709 Authentication bypass using an alternate path or channel
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical...
10CVSS
9.5AI Score
0.946EPSS
Exploit for Path Traversal in Aiohttp
poc-cve-2024-23334 This repository contains a proof of...
7.5CVSS
7.6AI Score
0.052EPSS
Web Application Scanning Consolidation / Info Reporting
The script consolidates and reports various information for web application (formerly...
7.1AI Score
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CNVD-2024-19325)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge (Chromium-based) suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive...
6.5CVSS
6.3AI Score
0.0004EPSS
DocGo patient health data stolen in cyberattack
Medical health care provider DocGo has disclosed in a form 8-K that it experienced a cybersecurity incident involving some of the company’s systems. As part of the investigation of the incident, the company says it has determined that the attacker accessed and acquired data, including certain...
7.7AI Score
UK PSTI? You’ll need a Vulnerability Disclosure Program!
If you are distributing or selling smart devices in to the UK market, your products will need to be compliant with the UK Product Security and Telecommunications Act. One of the three mandatory areas is that you have a vulnerability disclosure program (VDP) In the supporting materials for the Act,....
7.4AI Score
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability (CNVD-2024-19324)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge for Android (Chromium-based) suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive...
5.4CVSS
6.3AI Score
0.0005EPSS
CitySights NY Data Breach Exposes 110,000 Customers' Personal Information
CitySights NY, a company that organizes New York City tours on double-decker buses, has experienced a significant data breach. The personal information of 110,000 customers, including names, addresses, email addresses, credit card numbers, expiration dates, and Card Verification Value (CVV2)...
8AI Score
Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw
Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal $3 million in digital assets and refused to return them. Details of the incident were shared by Kraken's Chief Security Officer, Nick Percoco, on X (formerly....
7.1AI Score
Nextcloud: Weak ssh algorithms and CVE-2023-48795 Discovered on various subdomains of nextcloud.com
Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection's security by breaking the integrity of the secure channel. Called Terrapin (CVE-2023-48795, CVSS...
5.9CVSS
7.4AI Score
0.963EPSS
Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before...
5.4CVSS
5.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before...
5.4CVSS
6.9AI Score
0.0004EPSS
Do not print on AppSocket and socketAPI printers
The host seems to be an AppSocket or socketAPI printer. Scanning it will waste paper. So ports 2000, 2501, 9100-9107, 9112-9116, 9200 and 10001...
7.3AI Score
CVE-2024-31936 WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before...
5.4CVSS
5.7AI Score
0.0004EPSS
Adobe Animate Input Validation Error Vulnerability (CNVD-2024-19002)
Adobe Animate is a set of Flash animation software from the American company Audobee (Adobe). Adobe Animate suffers from an input validation error vulnerability that stems from the application's susceptibility to integer overflow, which can be exploited by an attacker to execute arbitrary code in.....
7.8CVSS
7.9AI Score
0.001EPSS
Adobe Animate Code Issue Vulnerability (CNVD-2024-19003)
Adobe Animate is a set of Flash animation software from the American company Audobee (Adobe). Adobe Animate has a code issue vulnerability that stems from the application being susceptible to NULL pointer dereferencing, which can be exploited by an attacker to cause a system crash, resulting in a.....
5.5CVSS
6.4AI Score
0.0004EPSS
Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers
Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild. Tracked as CVE-2024-4610, the use-after-free issue impacts the following products - Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0) Valhall GPU Kernel...
8.8CVSS
7.6AI Score
0.712EPSS
Adobe Animate Buffer Overflow Vulnerability (CNVD-2024-19001)
Adobe Animate is a set of Flash animation software from the American company Audobee (Adobe). Adobe Animate suffers from a buffer overflow vulnerability that stems from the application's susceptibility to out-of-bounds reads, leading to sensitive memory leaks that can be exploited by attackers to.....
5.5CVSS
6.6AI Score
0.001EPSS
Google will start deleting location history
Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"—the feature that, previously named "Location History," tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they've been.....
6.7AI Score
Adobe Bridge Buffer Overflow Vulnerability (CNVD-2024-18999)
Adobe Bridge is a file viewer from the American company Audobee (Adobe). Adobe Bridge suffers from a buffer overflow vulnerability that stems from the application's susceptibility to out-of-bounds reads, leading to sensitive memory leaks, which can be exploited by an attacker who can bypass...
5.5CVSS
7.1AI Score
0.001EPSS
Helm dependency management path traversal
A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. Impact When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected...
6.4CVSS
6.8AI Score
0.0004EPSS
Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized...
6.9AI Score
0.0004EPSS
Cybersecurity in the SMB space — a growing threat
Small and medium-sized businesses (SMBs) are increasingly targeted by cybercriminals. Despite adopting digital technology for remote work, production, and sales, SMBs often lack robust cybersecurity measures. SMBs face significant cybersecurity challenges due to limited resources and expertise....
7.3AI Score
About the security content of watchOS 10.5
About the security content of watchOS 10.5 This document describes the security content of watchOS 10.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
7.3AI Score
0.0005EPSS
Command Execution Vulnerability in Dahua EIMS System of Zhejiang Dahua Technology Co.
Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A command execution vulnerability exists in the Dahua EIMS system of Zhejiang Dahua Technology Co. Ltd, which can be exploited by attackers to gain server...
7.5AI Score
Unspecified Vulnerability in Adobe Illustrator (CNVD-2024-19004)
Adobe Illustrator is a set of vector-based image creation software from the American company Audobee (Adobe). A security vulnerability exists in Adobe Illustrator 28.3, 27.9.2 and prior versions, which stems from the application's susceptibility to a stack-based buffer overflow that can be...
7.8CVSS
8AI Score
0.0004EPSS
Ring agrees to pay $5.6 million after cameras were used to spy on customers
Amazon's Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers' private videos, and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. The....
7.1AI Score
Adobe Illustrator Buffer Overflow Vulnerability (CNVD-2024-19005)
Adobe Illustrator is a set of vector-based image creation software from the American company Audobee (Adobe). A buffer error vulnerability exists in Adobe Illustrator 28.3, 27.9.2 and prior versions, which stems from the application's susceptibility to out-of-bounds writes, and can be exploited by....
7.8CVSS
7.8AI Score
0.001EPSS
Adobe After Effects Buffer Overflow Vulnerability (CNVD-2024-19006)
Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee (Adobe). The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A security vulnerability exists in Adobe After Effects, which can be...
5.5CVSS
5.4AI Score
0.001EPSS
Future Group's E-Commerce Portal Hacked, Disrupting Online Sales
Future Group's plan to boost online sales has encountered a cyber obstacle. Its flagship e-commerce portal, FutureBazaar, was hacked and has been non-functional for the past two days. FutureBazaar CEO Rajiv Prakash described the incident as a "denial of service attack." He stated, "The website has....
6.9AI Score
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...
6.5AI Score
0.0004EPSS
Adobe Animate Buffer Overflow Vulnerability (CNVD-2024-19000)
Adobe Animate is a set of Flash animation software from the American company Audobee (Adobe). Adobe Animate suffers from a buffer overflow vulnerability that stems from the application's susceptibility to out-of-bounds reads when parsing carefully crafted files, which may read beyond the end of an....
7.8CVSS
7.9AI Score
0.001EPSS
CloudBrute - Awesome Cloud Enumerator
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here...
7.2AI Score
An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool...
6.8AI Score
0.0004EPSS
An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool...
6.6AI Score
0.0004EPSS
Genesco Inc. Confirms Payment Card Data Breach in U.S. Stores
Specialty retailer Genesco Inc. announced on Friday that it experienced a criminal intrusion into the part of its computer network that processes payment card transactions. Some card details might have been compromised. However, the company quickly secured the affected network segment and...
7.1AI Score
Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea
The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer. The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures" from infected...
7.3AI Score
Former Hacker Li Jun Donates to Panda Research Center
In 2006, Li Jun, a Chinese man, was jailed for creating the ‘Fujacks’ worm. Recently, he appears to be attempting to rehabilitate his public image by making a donation to a panda research center in China. Li Jun was arrested in February 2007 and charged with writing and selling the "Panda Burning.....
6.8AI Score
Earn Rewards for Finding Security Flaws in Gmail, YouTube, and More
Google is on the hunt for hackers to find security vulnerabilities in popular web applications like Gmail, Blogger, and YouTube. The tech giant is offering rewards starting at $500 per bug. For vulnerabilities that are "severe or unusually clever," the payout can reach up to $3,133.70....
7.1AI Score
JA4+ - Suite Of Network Fingerprinting Standards
JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....
7AI Score
An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool...
6.8AI Score
0.0004EPSS
When things go wrong: A digital sharing warning for couples
“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month,...
6.9AI Score
Update 24.1 for Microsoft Dynamics 365 Business Central (on-premises) 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...
8.8CVSS
8.9AI Score
0.001EPSS