SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. An unauthorized access vulnerability exists in SuperMap iServer of Beijing SuperMap Software Co. Ltd, which can be exploited by attackers to obtain sensitive...
6.8AI Score
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.2AI Score
0.0004EPSS
In video decoder, there is a possible improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.2AI Score
0.0004EPSS
6.4AI Score
0.099EPSS
New Leak Shows Business Side of China’s APT Menace
A new data leak that appears to have come from one of China's top private cybersecurity firms provides a rare glimpse into the commercial side of China's many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...
7.1AI Score
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.2AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.1AI Score
0.0004EPSS
9.5AI Score
0.004EPSS
7AI Score
0.035EPSS
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...
6.2AI Score
0.001EPSS
Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...
7.5AI Score
U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture
The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including...
6.8AI Score
6.6AI Score
0.027EPSS
7.3AI Score
0.001EPSS
Damon Qiji big data visualization system is a one-stop tool platform for big data display. An arbitrary file read vulnerability exists in the Damon Qizhi Big Data Visualization System (DMQZDV Experience Version) of Wuhan Damon Database...
7.1AI Score
Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass
Overview A security feature bypass vulnerability exists in signed 3rd party UEFI bootloaders that allows bypass of the UEFI Secure Boot feature. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned code during the boot process....
7.2AI Score
0.001EPSS
Beijing Kuangshi Technology Co., Ltd. is an artificial intelligence company focusing on IoT scenarios. An unauthorized access vulnerability exists in the Kuangxiang MEGVII face recognition pass platform of Beijing Kuangxiang Technology Co. that can be exploited by attackers to obtain sensitive...
6.8AI Score
Ltd. is an independent innovative enterprise dedicated to WEB application security solutions and application delivery. There is an unauthorized access vulnerability in the website monitoring and warning platform of Yuanjiang Shengbang (Beijing) Network Security Technology Co., Ltd, which can be...
7.1AI Score
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through...
5.5CVSS
7.4AI Score
0.001EPSS
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through...
5.5CVSS
7.6AI Score
0.001EPSS
HTTP/2 CONTINUATION frames can be utilized for DoS attacks
Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation. Many HTTP/2 implementations do not properly limit....
7.6AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...
10CVSS
9.7AI Score
0.0004EPSS
5.8AI Score
0.001EPSS
Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles,...
8.8CVSS
7.2AI Score
0.001EPSS
Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles,...
8.8CVSS
7.2AI Score
0.001EPSS
Directory Traversal Vulnerability in the Training Platform of Shenzhen Sigma Data Technology Co.
Shenzhen Sigma Data Technology Co., Ltd. is an enterprise mainly engaged in software and information technology service industry. Shenzhen Sigma Data Technology Co., Ltd. practical training teaching platform (to fish with the party) there is a directory traversal vulnerability, an attacker can use....
6.6AI Score
About the security content of macOS Monterey 12.7.3
About the security content of macOS Monterey 12.7.3 This document describes the security content of macOS Monterey 12.7.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
9.4AI Score
0.009EPSS
OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly
Overview Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were introduced in version 3.0.0 with the inclusion of support for punycode email address parsing for X.509 certificates. OpenSSL's assessment of the severity of the...
7.9AI Score
0.077EPSS
cuevana123.co Cross Site Scripting vulnerability OBB-3737743
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
7.3AI Score
0.053EPSS
Breaking unlinkability in Identity Mixer using malicious keys
CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key...
7AI Score
0.0005EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2020-1698)
The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724). CVE-2020-24490: Fixed a heap buffer...
8.4AI Score
Breaking unlinkability in Identity Mixer using malicious keys
CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key...
6.8AI Score
0.0005EPSS
Stable Channel Update for Desktop
The Stable channel has been updated to 121.0.6167.85 for Mac and Linux and 121.0.6167.85/.86 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Security Fixes and Rewards Note: Access to bug details and links may be kept...
7.2AI Score
0.001EPSS
Stable Channel Update for ChromeOS / ChromeOS Flex
Hello All, The Stable channel is being updated to 120.0.6099.235 (Platform version: 15662.76.0) for ChromeOS devices and will be rolled out over the next few days. If you find new issues, please let us know one of the following ways: File a bug Visit our Chrome OS communities General: Chromebook...
7AI Score
0.001EPSS
About the security content of macOS Ventura 13.6.4
About the security content of macOS Ventura 13.6.4 This document describes the security content of macOS Ventura 13.6.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
9.5AI Score
0.009EPSS
Unauthorized Access Vulnerability in SuperMap iServer of Beijing SuperMap Software Co.
SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. An unauthorized access vulnerability exists in SuperMap iServer of Beijing SuperMap Software Co. Ltd, which can be exploited by attackers to obtain sensitive...
6.8AI Score
Malicious ads for restricted messaging applications target Chinese users
An ongoing campaign of malicious ads has been targeting Chinese-speaking users with lures for popular messaging applications such as Telegram or LINE with the intent of dropping malware. Interestingly, software like Telegram is heavily restricted and was previously banned in China. Many Google...
7.4AI Score
An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web...
8.8AI Score
0.001EPSS
openSUSE Security Update : nsd (openSUSE-2020-2222)
This update for nsd fixes the following issues : nsd was updated to the new upstream release 4.3.4 FEATURES : Merge PR #141: ZONEMD RR type. BUG FIXES : Fix that symlink does not interfere with chown of pidfile (boo#1179191, CVE-2020-28935) Fix #128: Fix that the invalid port number is...
8.1AI Score
Inferno Drainer Phishing Nets Scammers $80M from Crypto Wallets
By Deeba Ahmed Group-IB Global Pvt. Ltd. has revealed shocking details on Inferno Drainer, a phishing operation targeting cryptocurrency wallet providers.… This is a post from HackRead.com Read the original post: Inferno Drainer Phishing Nets Scammers $80M from Crypto...
7.3AI Score
Xerox Workcentre 5735 LDAP Service Redential Extractor
This module extract the printer's LDAP username and password from Xerox Workcentre...
7.5AI Score
About the security content of iOS 16.7.5 and iPadOS 16.7.5
About the security content of iOS 16.7.5 and iPadOS 16.7.5 This document describes the security content of iOS 16.7.5 and iPadOS 16.7.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
8.6AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through...
9.8CVSS
7.5AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through...
9.8CVSS
7.3AI Score
0.001EPSS
Zhuhai Enterprise Information Technology Co., Ltd. focuses on the development and operation services of the SaaS platform (Jian Guo Yun) for the digital intelligence of the engineering and construction industry. There is an unauthorized access vulnerability in the Engineering Digital Cloud...
6.9AI Score
8AI Score
0.573EPSS
About the security content of tvOS 17.3
About the security content of tvOS 17.3 This document describes the security content of tvOS 17.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....
8.5AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through...
7.2CVSS
8.2AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through...
7.2CVSS
7.9AI Score
0.001EPSS