Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CNVD-2024-17975)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge (Chromium-based) suffers from an information disclosure vulnerability that can be exploited by attackers to escape the browser sandbox and obtain sensitive...
8.2CVSS
6.5AI Score
0.001EPSS
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CNVD-2024-17976)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A remote code execution vulnerability exists in Microsoft Edge (Chromium-based), which can be exploited by an attacker to execute arbitrary code on a...
8.3CVSS
8.4AI Score
0.003EPSS
Thousands of Social Security Numbers Stolen in New York Data Breach
Thousands of Social Security numbers have been stolen from the computers of a New York state agency. The Social Security Administration in New York City reports that a subcontractor, who was working for the Office of Temporary Disability Assistance on computer infrastructure upgrades, illegally...
7AI Score
Buffer Overflow Vulnerability in Various Apple Products
Apple macOS Ventura is a desktop operating system from the American company Apple. A buffer overflow vulnerability exists in various Apple products that stems from incorrect validation of input. An attacker could exploit the vulnerability to execute arbitrary code with kernel...
8.6CVSS
7.9AI Score
0.004EPSS
JVN#51770585: EC-CUBE vulnerable to authorization bypass
EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability (CWE-639). ## Impact A user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. ## Solution Apply the...
6.3AI Score
0.006EPSS
Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign
As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought. Google-owned Mandiant, which is assisting the.....
8AI Score
With RSAC just a week away, Cisco Talos is gearing up for another year of heading to San Francisco to share in some of the latest major cybersecurity announcements, research and news. We've pulled together the highlights, so you don't miss out on all things Talos. **Tuesday, May 7 ** Joe...
7.2AI Score
Hacker Poses as Graduate, Hacks Student Emails, Faces Legal Consequences
A hacker who posed as a university graduate to access the emails of hundreds of students has been given a suspended prison sentence and ordered to pay more than £20,000 in costs and compensation. Daniel Woo, a 23-year-old Bulgarian national, was sentenced for offenses under the Misuse of Computers....
7.1AI Score
Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability - Patch ASAP!
A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that...
9.8CVSS
9.9AI Score
0.969EPSS
Meta Pauses AI Training on EU User Data Amid Privacy Concerns
Meta on Friday said it's delaying its efforts to train the company's large language models (LLMs) using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission (DPC). The company expressed disappointment at.....
6.7AI Score
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security feature bypass vulnerability exists in Microsoft Edge (Chromium-based), which can be exploited by an attacker to add malicious scripts to obtain sensitive information from the...
4.7CVSS
6.4AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
9.8CVSS
9.7AI Score
0.001EPSS
7.5CVSS
7.7AI Score
0.0004EPSS
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA...
7.5CVSS
7.6AI Score
0.0005EPSS
7.8CVSS
8.7AI Score
0.0004EPSS
Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement...
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon...
7.5CVSS
7.5AI Score
0.0005EPSS
The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to...
7CVSS
6.8AI Score
0.0004EPSS
8.8CVSS
7.3AI Score
0.001EPSS
7.8CVSS
7AI Score
0.0004EPSS
7.8CVSS
8AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
8.2CVSS
7.7AI Score
0.0004EPSS
A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. from a remote...
9.8CVSS
8.5AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
Memory corruption in Modem while processing security related configuration before AS Security...
9.8CVSS
8.4AI Score
0.001EPSS
Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted...
7.8CVSS
7.6AI Score
0.0004EPSS
9.8CVSS
9.3AI Score
0.001EPSS
7.8CVSS
8.4AI Score
0.0004EPSS
8.4CVSS
7.7AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
7.8CVSS
6.8AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
7.8CVSS
7AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
7.8CVSS
8.6AI Score
0.001EPSS
7.8CVSS
8.7AI Score
0.0004EPSS
Memory corruption in Trusted Execution Environment while calling service API with invalid...
7.8CVSS
7.8AI Score
0.0004EPSS
Transient DOS due to reachable assertion in modem while processing sib with incorrect values from...
7.5CVSS
7.5AI Score
0.001EPSS
Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from...
7.5CVSS
7.6AI Score
0.001EPSS
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID...
8.4CVSS
7.7AI Score
0.0004EPSS