An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure...
6.7CVSS
6.7AI Score
0.0004EPSS
Graylog vulnerable to instantiation of arbitrary classes triggered by API request
Summary Arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/cluster_config/ endpoint. Details Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads.....
8.8CVSS
7.6AI Score
0.001EPSS
A GRE dataset file within Systems Manager can be tampered with and distributed to...
6.7CVSS
6.5AI Score
0.0004EPSS
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure...
6.7CVSS
6.4AI Score
0.0004EPSS
U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation
The U.S. Department of Justice (DoJ) on Monday unsealed indictments against seven Chinese nationals for their involvement in a hacking group that targeted U.S. and foreign critics, journalists, businesses, and political officials for about 14 years. The defendants include Ni Gaobin (倪高彬), Weng...
7.4AI Score
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before...
9.8CVSS
9.4AI Score
0.002EPSS
CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its....
6.8AI Score
Ripple Co-Founder’s Personal XRP Wallet Breached in $112 Million Hack
By Deeba Ahmed Ripple’s co-founder Chris Larsen has acknowledged that his personal XRP wallet was hacked. This is a post from HackRead.com Read the original post: Ripple Co-Founder's Personal XRP Wallet Breached in $112 Million...
7.3AI Score
Hard-coded credentials in org.folio:mod-remote-storage
Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and...
5.3CVSS
7.1AI Score
0.001EPSS
Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and...
5.3CVSS
7AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through...
7.1CVSS
7.1AI Score
0.0005EPSS
In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges...
6.7CVSS
6.7AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Low attack complexity Vendor: Softing Equipment: edgeConnector Vulnerabilities: Cleartext Transmission of Sensitive Information, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create conditions that...
8CVSS
7.9AI Score
0.031EPSS
How Public AI Can Strengthen Democracy
With the world's focus turning to misinformation, manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But we're learning that AI has a democracy problem, too. Both challenges must be addressed for the sake of democratic...
6.9AI Score
Beijing Yisaitong Science and Technology Development Limited Liability Company is a company whose business scope includes general items: technical services, technology development, technology consulting, technology exchanges, technology transfer and so on. There is a command execution...
7.6AI Score
CVE-2023-5643 Mali GPU Kernel Driver allows improper GPU memory processing operations
Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel.....
7.9AI Score
0.001EPSS
An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended...
7.8CVSS
7.6AI Score
0.001EPSS
Wyze cameras show the wrong feeds to customers. Again.
Last September, we wrote an article about how Wyze home cameras temporarily showed other people’s security feeds. As far as home cameras go, we said this is absolutely up there at the top of the “things you don’t want to happen” list. Turning your customers into Peeping Tom against their will and.....
7.4AI Score
About the security content of iOS 17.4 and iPadOS 17.4
About the security content of iOS 17.4 and iPadOS 17.4 This document describes the security content of iOS 17.4 and iPadOS 17.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
7.8CVSS
8.9AI Score
0.002EPSS
CVE-2023-5249 Mali GPU Kernel Driver allows improper GPU memory processing operations
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn...
7AI Score
0.001EPSS
RG-UAC Ruijie Unified Internet Behavior Management and Auditing System is an Internet behavior management and auditing product. A command execution vulnerability exists in the RG-UAC Ruijie Unified Internet Behavior Management and Audit System of Beijing StarNet Ruijie Network Technology Co. Ltd,.....
7.5AI Score
In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after the devastating NotPetya cyberattack in 2017. The malware ultimately infected more than 40,000 of.....
7.1AI Score
Massive utility scam campaign spreads via online ads
For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam, where crooks pretend to be your utility company so they can threaten...
7AI Score
SQL Injection Vulnerability in FineReport of Sailsoft Software Ltd.
Fansoft Software Ltd. is a professional big data BI and analytics platform provider in China. A SQL injection vulnerability exists in FineReport of FanSoft Software Co. Ltd, which can be exploited by attackers to obtain sensitive information from the...
7.5AI Score
An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...
5.4CVSS
5.5AI Score
0.0004EPSS
An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...
5.4CVSS
5.5AI Score
0.0004EPSS
The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...
5.3CVSS
7.5AI Score
0.001EPSS
BullGuard Backup Detection (Windows SMB Login)
Detects the installed version of BullGuard Backup. The script logs in via smb, searches...
7.3AI Score
BullGuard Antivirus Detection (Windows SMB Login)
Detects the installed version of BullGuard Anti-Virus. The script logs in via smb, searches...
7.3AI Score
BullGuard Premium Protection Detection (Windows SMB Login)
Detects the installed version of BullGuard Premium Protection. The script logs in via smb, searches...
7.3AI Score
BullGuard Internet Security Detection (Windows SMB Login)
Detects the installed version of BullGuard Internet Security. The script logs in via smb, searches...
7.3AI Score
When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious...
7.8CVSS
7.7AI Score
0.001EPSS
File Upload Vulnerability in Yonghong BI of Beijing Yonghong Business Intelligence Technology Co.
Beijing Yonghong Business Intelligence Technology Co., Ltd. is committed to providing global enterprises with big data technology products and services, relying on independent intellectual property rights of the one-stop big data platform to form a perfect product and service system, with...
7.4AI Score
Beijing Shenzhou Green Alliance Technology Co., Ltd. is a company whose business scope includes technology development, technology consulting, technology services; computer system services and so on. A command execution vulnerability exists in the Green Alliance Operations and Maintenance Security....
7.9AI Score
7.5CVSS
6.5AI Score
0.056EPSS
Malicious input can provoke XSS when preserving comments
Impact There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in....
6.1CVSS
6AI Score
0.0004EPSS
7.5CVSS
6.6AI Score
0.056EPSS
Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability
Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability Summary: | Product | Grav CMS | | ----------------------- |...
8.8CVSS
8.6AI Score
EPSS
Huawei EulerOS: Security Advisory for openssl1.1.0f (EulerOS-SA-2019-2254)
The remote host is missing an update for the Huawei...
4.7CVSS
6AI Score
0.015EPSS
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X1800GS-B v1.17 and...
6.8CVSS
7.1AI Score
0.0004EPSS
Stable Channel Update for ChromeOS / ChromeOS Flex
The Stable channel is being updated to OS version: 15699.58.0 Browser version: 121.0.6167.159 for most ChromeOS devices. If you find new issues, please let us know one of the following ways File a bug Visit our ChromeOS communities General: Chromebook Help Community Beta Specific: ChromeOS Beta...
9.8CVSS
7.7AI Score
EPSS
7.5CVSS
7.5AI Score
0.074EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2020-801)
The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which...
7.8CVSS
8.6AI Score
0.008EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2264)
The remote host is missing an update for the Huawei...
4.7CVSS
6AI Score
0.015EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1274)
The remote host is missing an update for the Huawei...
4.7CVSS
6AI Score
0.015EPSS
The firmware update package for the wireless card is not properly signed and can be...
5.7CVSS
5.7AI Score
0.0004EPSS
Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if...
7.5CVSS
6.5AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for openssl110h (EulerOS-SA-2019-2218)
The remote host is missing an update for the Huawei...
5.9CVSS
6.5AI Score
0.015EPSS
An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...
5.7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2216)
The remote host is missing an update for the Huawei...
4.7CVSS
6.1AI Score
0.015EPSS