7.1AI Score
7.1AI Score
Requests `Session` object does not verify requests after making first request with verify=False
When making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same origin will continue to ignore cert verification regardless of changes to the value of verify. This behavior will continue for the...
5.6CVSS
6.5AI Score
0.0004EPSS
A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/account_statement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The....
9.8CVSS
9.8AI Score
0.001EPSS
Requests `Session` object does not verify requests after making first request with verify=False
When making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same origin will continue to ignore cert verification regardless of changes to the value of verify. This behavior will continue for the...
5.6CVSS
7.1AI Score
0.0004EPSS
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7AI Score
0.002EPSS
CVE-2024-1608 OPPO Usercenter Credit sdk
In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user...
9.1CVSS
6.9AI Score
0.0004EPSS
CVE-2024-1608 OPPO Usercenter Credit sdk
In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user...
9.1CVSS
9.3AI Score
0.0004EPSS
Passbolt API Stored XSS on first/last name during setup
Description An administrator can craft a user with a malicious first name and last name, using a payload such as <svg onload="confirm(document.domain)">'); ?></svg> The user will then receive the invitation email and click on the setup link. The setup start page served by the server ...
6.9AI Score
Passbolt API Stored XSS on first/last name during setup
Description An administrator can craft a user with a malicious first name and last name, using a payload such as <svg onload="confirm(document.domain)">'); ?></svg> The user will then receive the invitation email and click on the setup link. The setup start page served by the server ...
6.9AI Score
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmason credit-protocol. It has been declared as problematic. Affected by this vulnerability is the function executeUcacTx of the file contracts/CreditProtocol.sol of the component UCAC Handler. The manipulation leads to denial of...
7.5CVSS
7.5AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow For the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though it is a user MR. This causes function mlx5_free_priv_descs() to think that it is a kernel MR,.....
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow For the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though it is a user MR. This causes function mlx5_free_priv_descs() to think that it is a kernel...
6.9AI Score
0.0004EPSS
Exploit for SQL Injection in Djangoproject Django
CVE-2022-28346 Django QuerySet.annotate(), aggregate(),...
9.8CVSS
0.4AI Score
0.003EPSS
First million breached Ticketmaster records released for free
The cybercriminal acting under the name "Sp1d3r" gave away the first 1 million records that are part of the data set that they claimed to have stolen from Ticketmaster/Live Nation. The files were released without a price, for free. When Malwarebytes Labs first learned about this data breach, it...
7.2AI Score
LockBit Ransomware Claims 33 TB of US Federal Reserve Data for Ransom
LockBit ransomware claims to hold 33 TB of data from the US Federal Reserve for ransom. Hackread.com investigates, reaching out to CISA for comments on the breach and ongoing negotiations. Stay...
7.3AI Score
CVE-2024-4956 POC - CVE-2024–4956 - Nexus Repository Manager...
7.5CVSS
6.8AI Score
0.013EPSS
[updated] Federal Reserve “breached” data may actually belong to Evolve Bank
A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBit's dark web leak site, the group threatened to release over 30 TB of banking information containing Americans'...
7.4AI Score
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
Telerik Report Server Authentication Bypass - CVE-2024-4358...
9.8CVSS
9.9AI Score
0.938EPSS
CVE-2024-3495-Poc CVE-2024-3495 Country State City Dropdown...
9.8CVSS
10AI Score
0.012EPSS
Web Directory Free < 1.7.0 - SQL Injection
The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and...
7.5AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. -...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. -...
7.2AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4jCenter Exploiting CVE-2021-44228 in vCenter for remote...
9.2AI Score
Check Point Security Gateways Information Disclosure -...
8.6CVSS
8.6AI Score
0.945EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4jHorizon Exploiting CVE-2021-44228 in VMWare Horizon for...
9.1AI Score
CVE-2024-24919-POC Read about it -...
8.6CVSS
6.5AI Score
0.945EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
$ gollina -h gollina Follina MS-MSDT 0-day MS Of...
8.2AI Score
8.8CVSS
7.1AI Score
0.511EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
pkexec-exploit Local Privilege Escalation in polkit's pkexec...
8.2AI Score
Credit Card Disclosure over HTTP
The remote web application sends credit card information over HTTP, disclosing the information to potential...
0.6AI Score
Malicious code in coingecko-price (npm)
-= Per source details. Do not edit below this line.=- Source: checkmarx (06ba52961b5d886349fdb5a7c3e6362cedaaa64cb5857d5645d7360a68d133d1) Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
7.2AI Score
6.5AI Score
0.0005EPSS
Visual Footer Credit Remover < 1.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
5.8AI Score
0.0004EPSS
6.5CVSS
6.9AI Score
0.001EPSS
7.4AI Score
Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
Description The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and...
9.9AI Score
0.001EPSS
Update: Dark Souls III 1.15.1 A new game update, 1.15.1, has...
9.4AI Score
Malicious code in binance-price (npm)
-= Per source details. Do not edit below this line.=- Source: checkmarx (421081a4101ed61796fd72e7dec62cafa098a1d01934298a2ef82ef7187c4934) Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
7.2AI Score
7.4AI Score
0.0004EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmason credit-protocol. It has been declared as problematic. Affected by this vulnerability is the function executeUcacTx of the file contracts/CreditProtocol.sol of the component UCAC Handler. The manipulation leads to denial of...
7.5CVSS
6.8AI Score
0.001EPSS
The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
5.8AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL...
9.8CVSS
9.7AI Score
0.026EPSS
Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
Description The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. PoC curl --url...
9.8AI Score
0.001EPSS
The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
4.8AI Score
0.0004EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358_Mass_Exploit Modified tools from @sinsinology...
9.8CVSS
9.7AI Score
0.938EPSS
Malicious code in binance-prices (npm)
-= Per source details. Do not edit below this line.=- Source: checkmarx (4342ae24f59df91323155ce0522347b014b90b17d911aece62534aa4975cc006) Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
7AI Score
7.4AI Score
0.0004EPSS
Exploit for Improper Ownership Management in Linux Linux Kernel
Installation bash make...
7.8CVSS
7.8AI Score
0.0004EPSS