A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...
8.2AI Score
EPSS
A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...
7.4AI Score
EPSS
Treasury Sanctions Creators of 911 S5 Proxy Botnet
The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....
7.3AI Score
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...
10CVSS
9.3AI Score
EPSS
Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.
Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVEs: CVE-2023-38264, CVE-2024-21011, CVE-2024-21085 and CVE-2024-21094 Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified...
5.9CVSS
6.7AI Score
0.001EPSS
SimpleSAMLphp signature validation bypass
Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML authentication responses, correctly verifying the signature is critical to trust that the assertion contained inside the response was issued by a trusted third-party and the identity....
7.2AI Score
SimpleSAMLphp signature validation bypass
Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML authentication responses, correctly verifying the signature is critical to trust that the assertion contained inside the response was issued by a trusted third-party and the identity....
7.2AI Score
If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works...
6.9AI Score
0.0004EPSS
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and...
7.7AI Score
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and...
9.7AI Score
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information...
5.4CVSS
6.3AI Score
0.0004EPSS
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information...
5.4CVSS
5.2AI Score
0.0004EPSS
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML...
7.8CVSS
8.4AI Score
0.0004EPSS
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML...
7.8CVSS
8AI Score
0.0004EPSS
CVE-2024-4429 Cross Site Request Forgery vulnerability in iManager
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information...
5.4CVSS
5.2AI Score
0.0004EPSS
CVE-2024-4429 Cross Site Request Forgery vulnerability in iManager
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information...
5.4CVSS
6.4AI Score
0.0004EPSS
CVE-2024-3969 XML External Entity injection vulnerability in iManager
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML...
7.8CVSS
8AI Score
0.0004EPSS
Indian National Pleads Guilty to $37 Million Cryptocurrency Theft Scheme
An Indian national has pleaded guilty in the U.S. over charges of stealing more than $37 million by setting up a website that impersonated the Coinbase cryptocurrency exchange platform. Chirag Tomar, 30, pleaded guilty to wire fraud conspiracy, which carries a maximum sentence of 20 years in...
7.5AI Score
AutomationDirect P3-550E Telnet Diagnostic Interface leftover debug code vulnerability
Talos Vulnerability Report TALOS-2024-1942 AutomationDirect P3-550E Telnet Diagnostic Interface leftover debug code vulnerability May 28, 2024 CVE Number CVE-2024-21785 SUMMARY A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E...
9.8CVSS
7.8AI Score
0.001EPSS
Oracle Linux 8 : kernel (ELSA-2024-3138)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3138 advisory. - x86/sev: Harden #VC instruction emulation somewhat (Vitaly Kuznetsov) [RHEL-30040] {CVE-2024-25743 CVE-2024-25742} - mm/sparsemem: fix race in...
9.8CVSS
8.8AI Score
EPSS
Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-2985)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2985 advisory. mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core...
8.2CVSS
7.2AI Score
0.016EPSS
Oracle Linux 8 : container-tools:ol8 (ELSA-2024-2988)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2988 advisory. The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type...
7.5CVSS
7.1AI Score
0.963EPSS
The version of MariaDB installed on the remote host is prior to 11.4.2. It is, therefore, affected by a vulnerability as referenced in the mariadb-1142-release-notes advisory. Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are...
4.9CVSS
5.7AI Score
0.0005EPSS
Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves:...
9.8CVSS
7.2AI Score
0.034EPSS
K000139794: Mozilla NSS vulnerability CVE-2023-5388
Security Advisory Description NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2023-5...
6.7AI Score
0.0004EPSS
silverstripe/framework allows upload of dangerous file types
Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...
7.2AI Score
silverstripe/framework allows upload of dangerous file types
Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...
7.2AI Score
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session...
5.5CVSS
5.3AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session...
5.5CVSS
6.5AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent...
4.2CVSS
4.2AI Score
0.0004EPSS
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent...
4.2CVSS
6.2AI Score
0.0004EPSS
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP...
5.3CVSS
5.3AI Score
0.0004EPSS
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP...
5.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-36037 Insufficient Access Control Vulnerability
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session...
5.5CVSS
5.3AI Score
0.0004EPSS
CVE-2024-36037 Insufficient Access Control Vulnerability
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session...
5.5CVSS
6.6AI Score
0.0004EPSS
CVE-2024-36036 Insufficient Access Control Vulnerability
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent...
4.2CVSS
6.3AI Score
0.0004EPSS
CVE-2024-36036 Insufficient Access Control Vulnerability
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent...
4.2CVSS
4.2AI Score
0.0004EPSS
CVE-2024-27310 DOS Vulnerability
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP...
5.3CVSS
6.9AI Score
0.0004EPSS
CVE-2024-27310 DOS Vulnerability
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP...
5.3CVSS
5.3AI Score
0.0004EPSS
Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...
6.4AI Score
SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts
SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for...
7.4AI Score
Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role...
2.4CVSS
3.2AI Score
0.0004EPSS
Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role...
2.4CVSS
5.9AI Score
0.0004EPSS
CVE-2024-27314 Stored XSS Vulnerability
Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role...
2.4CVSS
3.2AI Score
0.0004EPSS
CVE-2024-27314 Stored XSS Vulnerability
Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role...
2.4CVSS
6AI Score
0.0004EPSS
K000139793: MacOS vulnerability CVE-2023-41993
Security Advisory Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7....
7.1AI Score
0.003EPSS
Fedora: Security Advisory for wireshark (FEDORA-2024-b96e2c3cc2)
The remote host is missing an update for...
7.8CVSS
7.8AI Score
0.0004EPSS
Fedora: Security Advisory for wireshark (FEDORA-2024-f644a5709c)
The remote host is missing an update for...
7.8CVSS
7.8AI Score
0.0004EPSS
Fedora: Security Advisory for ruff (FEDORA-2024-ce2936b568)
The remote host is missing an update for...
7.5AI Score
A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...
6.3CVSS
7.3AI Score
0.0004EPSS