In the Linux kernel, the following vulnerability has been resolved: drivers: perf: ctr_get_width function for legacy is not defined With parameters CONFIG_RISCV_PMU_LEGACY=y and CONFIG_RISCV_PMU_SBI=n linux kernel crashes when you try perf record: $ perf record ls [ 46.749286] Unable to handle...
6.5AI Score
0.0004EPSS
Slackware Linux 15.0 / current httpd Multiple Vulnerabilities (SSA:2024-095-01)
The version of httpd installed on the remote host is prior to 2.4.59. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-095-01 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP...
7.5CVSS
7.3AI Score
0.005EPSS
[slackware-security] xorg-server
New xorg-server packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/xorg-server-1.20.14-i586-12_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overread/data leakage in...
7.8CVSS
7.6AI Score
0.0005EPSS
y-knot.io Cross Site Scripting vulnerability OBB-3898885
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section The .compat section is a dummy PE section that contains the address of the 32-bit entrypoint of the 64-bit kernel image if it is bootable from 32-bit firmware...
6.9AI Score
0.0004EPSS
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section The .compat section is a dummy PE section that contains the address of the 32-bit entrypoint of the 64-bit kernel image if it is bootable from 32-bit firmware...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section The .compat section is a dummy PE section that contains the address of the 32-bit entrypoint of the 64-bit kernel image if it is bootable from 32-bit firmware...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section The .compat section is a dummy PE section that contains the address of the 32-bit entrypoint of the 64-bit kernel image if it is bootable from 32-bit firmware...
6.4AI Score
0.0004EPSS
CVE-2024-26678 x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section
In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section The .compat section is a dummy PE section that contains the address of the 32-bit entrypoint of the 64-bit kernel image if it is bootable from 32-bit firmware...
6.6AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
7.4AI Score
3.5CVSS
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section The .compat section is a dummy PE section that contains the address of the 32-bit entrypoint of the 64-bit kernel image if it is bootable from 32-bit firmware...
6.5AI Score
0.0004EPSS
Exploit for Embedded Malicious Code in Tukaani Xz
root@ubuntu:~/xz/# apt update root@ubuntu:~/xz/# apt install -y...
10CVSS
9.6AI Score
0.133EPSS
7.4AI Score
9.8CVSS
7.4AI Score
0.001EPSS
Description The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated...
8.8CVSS
6.3AI Score
0.0004EPSS
BioTime Directory Traversal / Remote Code Execution Exploit
BioTime versions 8.5.5 and 9.0.1 suffer from directory traversal and file write vulnerabilities. This exploit also achieves remote code execution on version...
9.8CVSS
8.4AI Score
0.001EPSS
R2Frida - Radare2 And Frida Better Together
This is a self-contained plugin for radare2 that allows to instrument remote processes using frida. The radare project brings a complete toolchain for reverse engineering, providing well maintained functionalities and extend its features with other programming languages and tools. Frida is a...
7.4AI Score
Exploit for Embedded Malicious Code in Tukaani Xz
CVE-2024-3094 xz Check Script This repository contains a...
10CVSS
9.8AI Score
0.133EPSS
New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking
Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape by....
7.8CVSS
8.2AI Score
0.002EPSS
[slackware-security] coreutils
New coreutils packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/coreutils-9.5-i586-1_slack15.0.txz: Upgraded. chmod -R now avoids a race where an attacker may replace a traversed file with a...
5.5CVSS
7AI Score
0.0004EPSS
5.5CVSS
5.7AI Score
0.0004EPSS
5.6AI Score
0.0005EPSS
7.5AI Score
Slackware Linux 15.0 / current util-linux Vulnerability (SSA:2024-088-02)
The version of util-linux installed on the remote host is prior to 2.37.4 / 2.40. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-088-02 advisory. wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to...
6.9AI Score
0.0005EPSS
Slackware Linux 15.0 / current seamonkey Vulnerability (SSA:2024-088-01)
The version of seamonkey installed on the remote host is prior to 2.53.18.2. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-088-01 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.2AI Score
Slackware Linux 15.0 / current coreutils Vulnerability (SSA:2024-088-03)
The version of coreutils installed on the remote host is prior to 9.5. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-088-03 advisory. A flaw was found in the GNU coreutils split program. A heap overflow with user-controlled data of multiple hundred bytes in...
5.5CVSS
7AI Score
0.0004EPSS
Thread Hijacking: Phishes That Prey on Your Curiosity
Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient's natural curiosity about being copied on a private discussion,...
7.2AI Score
[slackware-security] util-linux
New util-linux packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/util-linux-2.37.4-i586-3_slack15.0.txz: Rebuilt. This release fixes a vulnerability where the wall command did not filter ...
7.3AI Score
0.0005EPSS
[slackware-security] seamonkey
New seamonkey packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/seamonkey-2.53.18.2-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information,...
7.5AI Score
Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection
A sophisticated phishing-as-a-service (PhaaS) platform called Darcula has set its sights on organizations in over 100 countries by leveraging a massive network of more than 20,000 counterfeit domains to help cyber criminals launch attacks at scale. "Using iMessage and RCS rather than SMS to send...
7.2AI Score
7.4AI Score
0.0005EPSS
6.6AI Score
0.0004EPSS
New curl packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-8.7.1-i586-1_slack15.0.txz: Upgraded. This release fixes the following security issues: TLS certificate check bypass with...
7.5AI Score
0.0004EPSS
Slackware Linux 15.0 / current curl Multiple Vulnerabilities (SSA:2024-087-01)
The version of curl installed on the remote host is prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-087-01 advisory. When a protocol selection parameter option disables all protocols without adding any then the default set of protocols...
5.7AI Score
0.0004EPSS
OpenNMS Horizon 31.0.7 Remote Command Execution Exploit
This Metasploit module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST. For...
8.2CVSS
8.3AI Score
0.0004EPSS
Updated gnutls packages fix security vulnerabilities
The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512...
5.3CVSS
6.6AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple EnvíaloSimple.This issue affects EnvíaloSimple: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple EnvíaloSimple.This issue affects EnvíaloSimple: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple EnvíaloSimple.This issue affects EnvíaloSimple: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
Vans warns customers of data breach
Skater brand Vans emailed customers last week to tell them about a recent “data incident.” On December 13, 2023, Vans said it detected unauthorized activities on its IT systems, attributed to "external threat actors." An investigation revealed that the incident involved some personal information...
7.3AI Score
Radamsa - A General-Purpose Fuzzer
Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestringly different outputs from them. The main...
9.8CVSS
7.5AI Score
EPSS
7.8CVSS
7.9AI Score
0.001EPSS
Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control
Description The plugin does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions PoC While logged as a subscriber, paste the following in your browser's console: fetch('/wp-admin/admin-ajax.php', {...
6.4AI Score
0.0004EPSS
Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control
Description The plugin does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized...
6.7AI Score
0.0004EPSS
7.6AI Score
0.0004EPSS
Smart Forms < 2.6.94 - Edit Entries via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium...
6.8AI Score
0.0004EPSS