10CVSS
7.8AI Score
0.006EPSS
[SECURITY] Fedora 40 Update: firefox-127.0-1.fc40
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and...
7.3AI Score
Fedora: Security Advisory for firefox (FEDORA-2024-4a22a9cd11)
The remote host is missing an update for...
7.5AI Score
Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie....
9CVSS
7.3AI Score
0.0004EPSS
GDPR/CCPA Cookie Consent Banner < 3.2.1 - Missing Authorization via handle_consent_toggle()
Description The GDPR/CCPA Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_consent_toggle() function in versions up to, and including, 3.2. This makes it possible for unauthenticated attackers to toggle...
5.3CVSS
6.7AI Score
0.0004EPSS
Using AI in Business Security Decision-Making: Enhancing Protection and Efficiency
Enhance business security with AI-driven decision-making. Use advanced tools for accurate threat detection, compliance, and proactive crisis...
7.6AI Score
Microsoft and Adobe Patch Tuesday, June 2024 Security Update Review
Microsoft's June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This month's release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Let's dive into the crucial insights from Microsoft's Patch...
9.8CVSS
9.3AI Score
0.003EPSS
In violation of spec, cookie prefixes such as __Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...
6.4AI Score
0.0004EPSS
In violation of spec, cookie prefixes such as __Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...
0.0004EPSS
In violation of spec, cookie prefixes such as __Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...
6.3AI Score
0.0004EPSS
In violation of spec, cookie prefixes such as __Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...
0.0004EPSS
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes (such as “Secure”, “HttpOnly”, or...
6.5CVSS
0.0004EPSS
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes (such as “Secure”, “HttpOnly”, or...
6.5CVSS
6.9AI Score
0.0004EPSS
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes (such as “Secure”, “HttpOnly”, or...
6.5CVSS
0.0004EPSS
Top 10 Critical Pentest Findings 2024: What You Need to Know
One of the most effective ways for information technology (IT) professionals to uncover a company's weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable insights into an organization's...
9.8CVSS
8.9AI Score
0.975EPSS
When things go wrong: A digital sharing warning for couples
“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month,...
6.9AI Score
Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through...
5.3CVSS
0.0004EPSS
QR code SQL injection and other vulnerabilities in a popular biometric terminal
Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....
10CVSS
9AI Score
0.0004EPSS
Inadequate Encryption Strength
Ninja Core is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the encrypt() method in the CookieEncryption class which uses AES with default padding, leading to the possible leakage of sensitive cookie...
6.5AI Score
EPSS
9.8CVSS
7.1AI Score
0.002EPSS
June 11, 2024—KB5039294 (Monthly Rollup)
June 11, 2024—KB5039294 (Monthly Rollup) IMPORTANT The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU...
9.8CVSS
9.6AI Score
0.003EPSS
KB5039341: Servicing stack update for Windows Server 2008 SP2: June 11, 2024
KB5039341: Servicing stack update for Windows Server 2008 SP2: June 11, 2024 __ End of support information Windows Server 2008 SP2 Extended Security Updates third and final year of ESU ended on January 10, 2023. Many customers are taking advantage of Azures commitment to security and compliance...
6.8AI Score
In violation of spec, cookie prefixes such as __Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...
6.6AI Score
0.0004EPSS
KB5039340: Servicing stack update for Windows Server 2012 R2: June 11, 2024
KB5039340: Servicing stack update for Windows Server 2012 R2: June 11, 2024 __ End of support information Windows 8.1 reached end of support (EOS) on January 10, 2023, at which point technical assistance and software updates are no longer provided. If you have devices running Windows 8.1, we...
6.9AI Score
The version of Firefox installed on the remote Windows host is prior to 127.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-25 advisory. If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the...
7.7AI Score
0.0004EPSS
KLA68921 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information, perform cross-site scripting attack. Below is a complete list of...
8.9AI Score
0.0004EPSS
KB5039339: Servicing stack update for Windows Server 2008 R2 SP1: June 11, 2024
KB5039339: Servicing stack update for Windows Server 2008 R2 SP1: June 11, 2024 __ **End of support information ** As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version...
6.9AI Score
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 127.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-25 advisory. If a specific sequence of actions is performed when opening a new tab, the triggering principal...
7.9AI Score
0.0004EPSS
Security Vulnerabilities fixed in Firefox 127 — Mozilla
If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec- headers, meaning there is the potential for incorrect...
7.3AI Score
0.0004EPSS
Summary There are vulnerabilities in netty classes from couchdb clouseau jar file included in IBM Knowledge Catalog. Vulnerability Details ** CVEID: CVE-2019-20444 DESCRIPTION: **Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a...
9.1CVSS
9.2AI Score
0.012EPSS
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive...
5.5CVSS
0.001EPSS
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive...
5.5CVSS
6.3AI Score
0.001EPSS
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive...
6.2AI Score
0.001EPSS
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive...
0.001EPSS
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
A flaw was found in Keycloak in the OAuth 2.0 Pushed Authorization Requests (PAR). Client provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization request. This could lead to an...
6.6AI Score
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
A flaw was found in Keycloak in the OAuth 2.0 Pushed Authorization Requests (PAR). Client provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization request. This could lead to an...
6.6AI Score
On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager (VBEM) web interface that enables an unauthenticated attacker to log into the web interface as any user. Officially designated as CVE-2024-29849, the vulnerability presents a major threat with a CVSS V3 rating....
9.8CVSS
10AI Score
0.0004EPSS
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins in...
7.5CVSS
7.5AI Score
0.001EPSS
A European Summer of Sports is Upon Us – What Does it Mean for Security?
The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....
7AI Score
A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick...
8.1CVSS
4.1AI Score
0.0005EPSS
A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick...
8.1CVSS
0.0005EPSS
CVE-2024-4328 CSRF in clear_personality_files_list in parisneo/lollms-webui
A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick...
4CVSS
0.0005EPSS
CVE-2024-4328 CSRF in clear_personality_files_list in parisneo/lollms-webui
A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick...
4CVSS
6.8AI Score
0.0005EPSS
Authentication Bypass / Remote Code Execution (RCE)
dtale is vulnerable to Authentication Bypass / Remote Code Execution (RCE). The vulnerability is due to improper input validation and the presence of a hardcoded SECRET_KEY in the Flask configuration, allowing attackers to forge a session cookie. Additionally, there is improper validation of...
9.8CVSS
8.2AI Score
0.0004EPSS
Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
Description The plugin is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above role PoC 1) You will need a valid nonce for deletion of quiz questions. 2) Sign in....
7.7AI Score
EPSS
7.4AI Score
0.0004EPSS
Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
Description The plugin is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above...
8.1AI Score
EPSS