An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another....
7.8CVSS
0.001EPSS
An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another....
7.8CVSS
8.4AI Score
0.001EPSS
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...
7CVSS
7AI Score
0.001EPSS
Shanghai BJ Software Technology Co., Ltd (BJST), founded in 1999, provides digital business consulting and system implementation for large and medium-sized enterprises, supporting the construction of omni-channel middle office, ERP, e-commerce OMS and other systems, covering a wide range of retail....
6.7AI Score
Intelligent logistics unattended system is an intelligent information platform for the unified control of raw material procurement, finished product sales and in-plant logistics for process manufacturing enterprises. There is a SQL injection vulnerability in the Intelligent Logistics Unattended...
7.5AI Score
eXtplorer 'ext_find_user()' Function Authentication Bypass Vulnerability - Active Check
eXtplorer is prone to an authentication-bypass...
7.3AI Score
Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at...
9.8CVSS
9.7AI Score
0.001EPSS
Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at...
9.8CVSS
0.001EPSS
Zhengzhou Zhengda Information Technology Co., Ltd. is a supply chain-industrial chain digitization and financial service solution provider. Zhengzhou Zhengda Information Technology Co., Ltd. mobile service management backend has a SQL injection vulnerability, which can be exploited by attackers to....
7.5AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 15, 2024 to January 21, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 84 vulnerabilities disclosed in 67...
9.8CVSS
8.9AI Score
EPSS
Meet Ika & Sal: The Bulletproof Hosting Duo from Hell
In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a...
6.8AI Score
Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at...
10AI Score
0.001EPSS
MacMaster - MAC Address Changer
MacMaster is a versatile command line tool designed to change the MAC address of network interfaces on your system. It provides a simple yet powerful solution for network anonymity and testing. Features Custom MAC Address: Set a specific MAC address to your network interface. Random MAC Address:...
7.2AI Score
Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO
Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just a luxury but a...
7.2AI Score
The Anatomy of HTML Attachment Phishing
The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...
7.7AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through.....
4.8CVSS
7AI Score
0.0004EPSS
Tickets CAD Multiple Vulnerabilities
Tickets CAD is prone to multiple vulnerabilities. A Reflected XSS vulnerability exists in the search function, search.php within the application. A Stored XSS vulnerability exists in log.php while creating a new log entry. Information disclosure exist which allows users even the guest...
6.2AI Score
Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode...
7.5CVSS
7AI Score
0.0005EPSS
Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified...
7.5CVSS
6.5AI Score
0.003EPSS
Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified...
8.1CVSS
6.7AI Score
0.002EPSS
OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the...
6.8CVSS
6.9AI Score
0.0004EPSS
TensorFlow vulnerable to segfault in `BlockLSTMGradV2`
Impact The implementation of BlockLSTMGradV2 does not fully validate its inputs. - wci, wcf, wco, b must be rank 1 - w, cs_prev,h_prevmust be rank 2 -x` must be rank 3 This results in a a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf...
7.5CVSS
1.4AI Score
0.001EPSS
EG2000SE is a router product. An information disclosure vulnerability exists in the EG2000SE of Beijing StarNet Ruijie Network Technology Company Limited, which can be exploited by attackers to obtain sensitive...
6.4AI Score
Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset
Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and...
7.4AI Score
XSS Vulnerability in PageOffice of Beijing Zhuozheng Zhiyuan Software Co.
PAGEOFFICE is an Internet private cloud OFFICE technology solution independently developed by Zhuozheng Software. PageOffice of Beijing Zhuozheng Zhiyuan Software Co., Ltd. exists XSS vulnerability, attackers can use the vulnerability to obtain sensitive information such as user...
5.8AI Score
New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections
Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11. The approach...
7.8AI Score
Taiyuan ECS Software Technology Co., Ltd. is a software developer dedicated to the field of coal and coke in China. Taiyuan ECS Software Technology Co., Ltd ECS Unattended Intelligent Logistics System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain...
7.4AI Score
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining
Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS) attacks. "Threat.....
7.4AI Score
"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this...
7.8CVSS
6.6AI Score
0.0004EPSS
nyir-co-klima.hu Cross Site Scripting vulnerability OBB-3630805
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected...
6.5CVSS
7AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through.....
5.9CVSS
5.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through.....
4.8CVSS
0.0004EPSS
Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode...
7.5CVSS
7.3AI Score
0.0005EPSS
Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode...
7.5CVSS
0.0005EPSS
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...
9.8CVSS
7.1AI Score
0.004EPSS
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary....
9.8CVSS
9.7AI Score
0.217EPSS
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...
7.8CVSS
6.5AI Score
0.002EPSS
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege...
8.4CVSS
6.2AI Score
0.001EPSS
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary...
8.1CVSS
7.1AI Score
0.001EPSS
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed.....
4.3CVSS
9.3AI Score
0.002EPSS
Geon is a board game based on solving questions about the Pythagorean Theorem. Malicious users can obtain the uuid from other users, spoof that uuid through the browser console and become co-owners of the target session. This issue is patched in version 1.1.0. No known workaround...
7.1CVSS
6.6AI Score
0.001EPSS
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have....
4.7CVSS
6.8AI Score
0.001EPSS
Information Disclosure Vulnerability in EG2000SE of Beijing StarNet Ruijie Network Technology Co.
The EG2000SE is a multi-service router. An information disclosure vulnerability exists in the EG2000SE of Beijing StarNet Ruijie Network Technology Company Limited, which can be exploited by attackers to obtain sensitive...
6.4AI Score
EG2000SE is a router product. An information disclosure vulnerability exists in the EG2000SE of Beijing StarNet Ruijie Network Technology Company Limited, which can be exploited by attackers to obtain sensitive...
6.4AI Score
Fedora: Security Advisory for grafana-pcp (FEDORA-2023-3bc3404fc1)
The remote host is missing an update for...
7.5AI Score
EG2000SE is a router product. An information disclosure vulnerability exists in the EG2000SE of Beijing StarNet Ruijie Network Technology Company Limited, which can be exploited by attackers to obtain sensitive...
6.4AI Score
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the...
3.1CVSS
6.9AI Score
0.001EPSS
NetProbe is a tool you can use to scan for devices on your network. The program sends ARP requests to any IP address on your network and lists the IP addresses, MAC addresses, manufacturers, and device models of the responding devices. Features Scan for devices on a specified IP address or subnet.....
7.3AI Score
How Strata Identity and Microsoft Entra ID solve identity challenges in mergers and acquisitions
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Along with every merger and acquisition between two companies comes the need to combine and strengthen their IT infrastructure. In particular, there is an immediate and profound...
7.3AI Score