CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its....
6.8AI Score
JVN#54451757: Multiple vulnerabilities in SKYSEA Client View
SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. Improper access control in the specific folder (CWE-284) - CVE-2024-21805 Version| Vector| Score ---|---|--- CVSS v3|...
7.8AI Score
0.0004EPSS
Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file....
6.7CVSS
6.6AI Score
0.001EPSS
Wyze cameras show the wrong feeds to customers. Again.
Last September, we wrote an article about how Wyze home cameras temporarily showed other people’s security feeds. As far as home cameras go, we said this is absolutely up there at the top of the “things you don’t want to happen” list. Turning your customers into Peeping Tom against their will and.....
7.4AI Score
Beijing Shenzhou Green Alliance Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application services. Ltd. Green Alliance WAF has a command execution vulnerability that can be exploited by attackers to execute arbitrary...
7.9AI Score
How Public AI Can Strengthen Democracy
With the world's focus turning to misinformation, manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But we're learning that AI has a democracy problem, too. Both challenges must be addressed for the sake of democratic...
6.9AI Score
An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...
5.4CVSS
7.1AI Score
0.0004EPSS
Data Leakage Protection (DLP) system is aimed at serving enterprises and institutions for data asset grooming and data security protection. Data Leakage Protection (DLP) system of Beijing Yisetong Technology Development Co., Ltd. has a SQL injection vulnerability, which can be exploited by...
7.8AI Score
Massive utility scam campaign spreads via online ads
For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam, where crooks pretend to be your utility company so they can threaten...
7AI Score
The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...
5.3CVSS
7.5AI Score
0.001EPSS
Malicious input can provoke XSS when preserving comments
Impact There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in....
6.1CVSS
6AI Score
0.0004EPSS
Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if...
7.5CVSS
6.5AI Score
0.001EPSS
JVN#35928117: Protection mechanism failure in RevoWorks
RevoWorks SCVX and RevoWorks Browser provided by J's Communication Co., Ltd. enable users to execute web browsers in the sandboxed environment isolated from the client's local environment. In the products, file exchange between the sandboxed environment and local environment is prohibited in...
6.9AI Score
0.0004EPSS
In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after the devastating NotPetya cyberattack in 2017. The malware ultimately infected more than 40,000 of.....
7.1AI Score
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2264)
The remote host is missing an update for the Huawei...
4.7CVSS
6AI Score
0.015EPSS
Huawei EulerOS: Security Advisory for openssl1.1.0f (EulerOS-SA-2019-2254)
The remote host is missing an update for the Huawei...
4.7CVSS
6AI Score
0.015EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1274)
The remote host is missing an update for the Huawei...
4.7CVSS
6AI Score
0.015EPSS
Huawei EulerOS: Security Advisory for openssl110h (EulerOS-SA-2019-2218)
The remote host is missing an update for the Huawei...
5.9CVSS
6.5AI Score
0.015EPSS
File Upload Vulnerability in Yonghong BI of Beijing Yonghong Business Intelligence Technology Co.
Beijing Yonghong Business Intelligence Technology Co., Ltd. is committed to providing global enterprises with big data technology products and services, relying on independent intellectual property rights of the one-stop big data platform to form a perfect product and service system, with...
7.4AI Score
The firmware update package for the wireless card is not properly signed and can be...
5.7CVSS
5.7AI Score
0.0004EPSS
Stable Channel Update for ChromeOS / ChromeOS Flex
The Stable channel is being updated to OS version: 15699.58.0 Browser version: 121.0.6167.159 for most ChromeOS devices. If you find new issues, please let us know one of the following ways File a bug Visit our ChromeOS communities General: Chromebook Help Community Beta Specific: ChromeOS Beta...
9.8CVSS
7.7AI Score
EPSS
Command Injection Vulnerability in DIR-822+ V1.0.2 of AUO Electronic Equipment (Shanghai) Co.
DIR-822 is a wireless router from D-Link, a Chinese company. A command injection vulnerability exists in the AUO Electronic Devices (Shanghai) Co. DIR-822+ version V1.0.2, which stems from the SetStaticRouteSettings function failing to correctly filter constructor command special characters,...
9.8CVSS
7.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2216)
The remote host is missing an update for the Huawei...
4.7CVSS
6.1AI Score
0.015EPSS
Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2019-2098)
The remote host is missing an update for the Huawei...
4.7CVSS
6.1AI Score
0.015EPSS
Huawei EulerOS: Security Advisory for openssl110f (EulerOS-SA-2019-2430)
The remote host is missing an update for the Huawei...
5.9CVSS
6.6AI Score
0.015EPSS
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before...
9.8CVSS
9.6AI Score
0.002EPSS
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before...
9.8CVSS
9.3AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2020-1061)
The remote host is missing an update for the Huawei...
4.7CVSS
6.1AI Score
0.015EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1221)
The remote host is missing an update for the Huawei...
4.7CVSS
6.1AI Score
0.015EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2464)
The remote host is missing an update for the Huawei...
4.7CVSS
6.1AI Score
0.015EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2020-801)
The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which...
7.8CVSS
8.6AI Score
0.008EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1063)
The remote host is missing an update for the Huawei...
5.3CVSS
6.2AI Score
0.015EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2097)
The remote host is missing an update for the Huawei...
5.3CVSS
6.2AI Score
0.015EPSS
SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2020:3373-1)
This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201110 official release. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) CVE-2020-8696:...
5.5CVSS
6.5AI Score
0.0005EPSS
SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:3457-1)
This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201110 official release. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446) CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) ...
5.5CVSS
6.5AI Score
0.0005EPSS
SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2020:3372-1)
This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201110 official release. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) CVE-2020-8696:...
5.5CVSS
6.5AI Score
0.0005EPSS
SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:3514-1)
This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389...
5.5CVSS
6.5AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2016-1061)
The remote host is missing an update for the Huawei...
7.5CVSS
8.8AI Score
0.009EPSS
4.7CVSS
6.1AI Score
0.015EPSS
In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges...
6.7CVSS
6.7AI Score
0.0004EPSS
Beijing Yisaitong Science and Technology Development Limited Liability Company is a company whose business scope includes general items: technical services, technology development, technology consulting, technology exchanges, technology transfer and so on. There is a command execution...
7.6AI Score
Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China
The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident for allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Linwei Ding (aka Leon Ding), a former Google engineer who.....
6.8AI Score
8.8CVSS
8.4AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.0005EPSS
8.8CVSS
8.4AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.0005EPSS
talent500.co Cross Site Scripting vulnerability OBB-3757667
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
8.8CVSS
8.4AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.0005EPSS
5.5CVSS
6.2AI Score
0.0005EPSS