Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer...
9.8CVSS
9.7AI Score
0.001EPSS
Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer...
7.5CVSS
7.7AI Score
0.0005EPSS
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system...
7AI Score
0.0004EPSS
HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary...
7.3AI Score
0.0004EPSS
Security Constraint Bypass in Spring Security
Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path...
7.5CVSS
0.2AI Score
0.001EPSS
ntt-claruty.co.jp Cross Site Scripting vulnerability OBB-3832913
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a...
6.9AI Score
0.0004EPSS
5.6AI Score
0.008EPSS
RedHat Update for samba and cifs-utils RHSA-2011:1221-01
The remote host is missing an update for...
5.6AI Score
0.008EPSS
5.6AI Score
0.008EPSS
6.6AI Score
0.971EPSS
Post-quantum Cryptography for the Go Ecosystem
filippo.io/mlkem768 is a pure-Go implementation of ML-KEM-768 optimized for correctness and readability. ML-KEM (formerly known as Kyber, renamed because we can't have nice things) is a post-quantum key exchange mechanism in the process of being standardized by NIST and adopted by most of the...
6.8AI Score
ntt-toner.es Cross Site Scripting vulnerability OBB-3648818
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
7.5AI Score
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
There is an OS Command Injection Vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. Target baserCMS...
8.8CVSS
2.7AI Score
0.001EPSS
Security Constraint Bypass in Spring Security
Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path...
7.5CVSS
0.2AI Score
0.001EPSS
Enough Polynomials and Linear Algebra to Implement Kyber
I was once talking with a mathematician and trying to explain elliptic curve cryptography. Eventually, something clicked and they went "oh, that! I think there was a chapter about it in the book. You made a whole field out of it?" Yes, in cryptography we end up focusing on a very narrow slice of...
6.6AI Score
Exploit for Infinite Loop in Openssl
OpenSSL 1.0.1g 7 Apr 2014 Copyright (c) 1998-2011 The OpenSSL...
7.5CVSS
6.6AI Score
0.013EPSS
Information Leakage Vulnerability in API Gateway Management System of Tech Data Communication Co.
Founded in 1999, Tech Data Xunfei Co., Ltd. is a well-known listed company in the Asia-Pacific region for intelligent speech and artificial intelligence. An information disclosure vulnerability exists in the API gateway management system of KDDI Corporation, which can be exploited by attackers to.....
6.5AI Score
CentOS Update for libsmbclient CESA-2011:1219 centos5 i386
The remote host is missing an update for...
5.6AI Score
0.008EPSS
CentOS Update for samba3x CESA-2011:1220 centos5 i386
The remote host is missing an update for...
5.6AI Score
0.008EPSS
CentOS Update for samba CESA-2011:1219 centos4 i386
The remote host is missing an update for...
5.6AI Score
0.008EPSS
CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64
The remote host is missing an update for...
5.6AI Score
0.008EPSS
CentOS Update for samba3x CESA-2011:1220 centos5 x86_64
The remote host is missing an update for...
5.6AI Score
0.008EPSS
CentOS Update for samba CESA-2011:1219 centos4 x86_64
The remote host is missing an update for...
5.6AI Score
0.008EPSS
OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling...
6.3AI Score
0.008EPSS
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
There is an OS Command Injection Vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. Target baserCMS...
9.1CVSS
2.7AI Score
0.001EPSS
KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's...
5.4CVSS
5.2AI Score
0.001EPSS
KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's...
5.4CVSS
5.2AI Score
0.001EPSS
KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's...
5.4CVSS
0.001EPSS
KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's...
5.5AI Score
0.001EPSS
TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by...
7.8CVSS
7.8AI Score
0.001EPSS
JVN#43561812: +Message App improper handling of Unicode control characters
+Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links (CWE-451). ## Impact A spoofed URL may be displayed and phishing attacks may be.....
5.4CVSS
1.6AI Score
0.001EPSS
The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before...
6.2AI Score
0.002EPSS
The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before...
6.1AI Score
0.002EPSS
HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the...
8.8CVSS
8.9AI Score
0.001EPSS
KDDI HOME SPOT CUBE OS Command Injection Vulnerability
KDDI HOME SPOT CUBE2 is a home wireless router from KDDI Japan. KDDI HOME SPOT CUBE2 is vulnerable to an operating system command injection vulnerability, which stems from data received from a DHCP server not being processed properly. An attacker could use this vulnerability to execute arbitrary...
8.8CVSS
2.2AI Score
0.001EPSS
JVN#41017328: HOME SPOT CUBE2 vulnerable to OS command injection
HOME SPOT CUBE2 provided by KDDI CORPORATION contains an OS command injection vulnerability (CWE-78) due to improper processing of data received from DHCP server. ## Impact An arbitrary OS command may be executed on the product if a malicious DHCP server is placed on the WAN side of the product....
8.8CVSS
1.9AI Score
0.001EPSS
Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config...
8.8CVSS
8.6AI Score
0.001EPSS
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP...
9.8CVSS
0.004EPSS
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP...
9.8CVSS
9.6AI Score
0.004EPSS
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP...
9.8CVSS
9.7AI Score
0.004EPSS
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP...
9.9AI Score
0.004EPSS
‘CryptoRom’ Crypto Scam is Back via Side-Loaded Apps
For about a year now, crypto-traders and lovelorn singles alike have been losing their money to CryptoRom, a malware campaign that combines catfishing with crypto-scamming. According to research from Sophos, CryptoRom’s perpetrators have now improved their techniques. They’re leveraging new iOS...
10CVSS
-0.4AI Score
0.976EPSS
Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry
Emotionally vulnerable and willing to offer up any information that lands the gig, job seekers are prime targets for social engineering campaigns. And with the “Great Resignation” in full swing, cybercriminals are having an easy time finding their next victim. Just since Feb. 1, analysts have...
10CVSS
-0.4AI Score
0.976EPSS
FBI: Use a Burner Phone at the Olympics
Use a burner phone if you’re traveling to the Olympics, the FBI warned on Tuesday, lest you come home with a nasty case of malware and/or snatched personal data. The FBI didn’t mention specific threats, per se, but its alert warned those traveling to the February 2022 Beijing Winter Olympics and...
-0.2AI Score
AdSanity, AccessPress Plugins Open Scads of WordPress Sites to Takeover
The WordPress content management system (CMS) is offering admins more headaches this week, thanks to a pair of disparate but concerning security problems in add-ons for the platform. The first issue affects the WordPress AdSanity plugin. It’s a critical security vulnerability that could allow...
-0.6AI Score
Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks
The mobile app that all attendees and athletes of the upcoming Beijing Winter Olympics must use to manage communications and documentation at the event has a “devastating” flaw in the way it encrypts data that can allow for man-in-the-middle attacks that access sensitive user information,...
-0.3AI Score
Microsoft Sees Rampant Log4j Exploit Attempts, Testing
No surprise here: The holidays bought no Log4Shell relief. Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library. “We have.....
10CVSS
-0.2AI Score
0.976EPSS
Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the...
6.1CVSS
6.2AI Score
0.001EPSS