CVE-2022-25729 Improper Input Validation in MODEM
Memory corruption in modem due to improper length check while copying into...
9.8CVSS
9.8AI Score
0.001EPSS
Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query...
6.8AI Score
EPSS
Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query...
6.7AI Score
EPSS
CVE-2024-1662 Information Disclosure in Porty's PowerBank
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before...
7.2CVSS
6.8AI Score
0.001EPSS
Inside the Biggest FBI Sting Operation in History
When a drug kingpin named Microsoft tried to seize control of an encrypted phone company for criminals, he was playing right into its real owners’...
7.3AI Score
Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content
Following days of user pushback that included allegations of forcing a "spyware-like" Terms of Service (ToS) update into its products, design software giant Adobe explained itself with several clarifications. Apparently, the concerns raised by the community, especially among Photoshop and...
6.9AI Score
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
4.8CVSS
5.3AI Score
0.0005EPSS
7.1AI Score
0.0004EPSS
KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO
On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The...
6.8AI Score
Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...
7.6CVSS
7.6AI Score
0.0004EPSS
CVE-2024-35634 Woocommerce – Recent Purchases plugin <= 1.0.1 - File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wow-Company Woocommerce – Recent Purchases allows PHP Local File Inclusion.This issue affects Woocommerce – Recent Purchases: from n/a through...
4.9CVSS
5.5AI Score
0.001EPSS
Transient DOS in WLAN Firmware while processing the received beacon or probe response...
7.5CVSS
7.5AI Score
0.001EPSS
CVE-2022-33250 Reachable assertion in Modem
Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE...
7.5CVSS
6.9AI Score
0.001EPSS
Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session...
7.8CVSS
7.7AI Score
0.0004EPSS
CVE-2022-33246 Use of out-of-range pointer offset in Audio
Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session...
6.7CVSS
7.1AI Score
0.0004EPSS
7.5CVSS
7.4AI Score
0.001EPSS
CVE-2022-33254 Reachable assertion in Modem
Transient DOS due to reachable assertion in Modem while processing SIB1...
7.5CVSS
7.7AI Score
0.001EPSS
CVE-2022-40535 Buffer Over-read in WLAN
Transient DOS due to buffer over-read in WLAN while sending a packet to...
7.5CVSS
7.8AI Score
0.001EPSS
Transient DOS due to reachable assertion in modem while processing sib with incorrect values from...
7.5CVSS
7.4AI Score
0.001EPSS
CVE-2022-40538 Reachable assertion in Modem
Transient DOS due to reachable assertion in modem while processing sib with incorrect values from...
7.5CVSS
7.7AI Score
0.001EPSS
Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from...
7.5CVSS
7.6AI Score
0.001EPSS
CVE-2022-25729 Improper Input Validation in MODEM
Memory corruption in modem due to improper length check while copying into...
9.8CVSS
7.1AI Score
0.001EPSS
OpenCart Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to...
3.5CVSS
6.9AI Score
0.001EPSS
OpenCart Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to...
3.5CVSS
6.9AI Score
0.001EPSS
badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for...
7.2AI Score
0.0004EPSS
One Phish, Two Phish, Red Phish, Blue Phish
One of the interesting things about working for a cybersecurity company is that you get to talk...
7.2AI Score
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through...
9.6CVSS
9.6AI Score
0.001EPSS
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...
6.9AI Score
0.0004EPSS
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy...
6.8AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
The Ticketmaster Data Breach May Be Just the Beginning
Data breaches at Ticketmaster and financial services company Santander have been linked to attacks against cloud provider Snowflake. Researchers fear more breaches will soon be...
7.4AI Score
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy...
5.5CVSS
5.5AI Score
0.0004EPSS
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy...
5.8AI Score
0.0004EPSS
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through...
9.6CVSS
7.1AI Score
0.001EPSS
JS Jobs Component for Joomla! 'md' Parameter SQLi
The version of the JS Jobs component for Joomla! running on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'md' parameter before using it to construct database queries. Regardless of the PHP 'magic_quotes_gpc' setting, an...
7.5AI Score
0.001EPSS
WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted...
6.4AI Score
0.0004EPSS
ColdFusion on IIS cfm/dbm Diagnostic Error Path Disclosure
It was possible to make the remote web server disclose the physical path to its web root by requesting a MS-DOS device ending in .dbm (as in...
6.5AI Score
0.018EPSS
There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as...
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...
6.7AI Score
0.0004EPSS
Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc......
6.8AI Score
0.0004EPSS
CVE-2024-1708 Improper limitation of a pathname to a restricted directory (“path traversal”)
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical...
8.4CVSS
9.5AI Score
0.0005EPSS
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical...
8.4CVSS
9.5AI Score
0.0005EPSS
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...
7.8CVSS
7.8AI Score
0.0004EPSS
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...
7.8CVSS
7.8AI Score
0.0004EPSS
The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the...
6.8CVSS
6.7AI Score
0.0004EPSS
Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc......
6.8AI Score
0.0004EPSS
Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database...
8.8CVSS
9AI Score
0.0004EPSS
CVE-2024-1708 Improper limitation of a pathname to a restricted directory (“path traversal”)
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical...
8.4CVSS
8AI Score
0.0005EPSS
Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected...
7.3CVSS
6.7AI Score
0.0004EPSS