OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...
4.6CVSS
4.7AI Score
0.0005EPSS
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...
4.6CVSS
7.1AI Score
0.0005EPSS
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...
4.6CVSS
4.7AI Score
0.0005EPSS
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...
4.6CVSS
4.8AI Score
0.0005EPSS
CVE-2024-28198 XML external entity (XXE) injection in OpenOLAT
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...
4.6CVSS
5AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: run nginx/wrk test: smc_run nginx smc_run wrk -t 16 -c 1000 -d -H...
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 16 -c 1000 -d -H...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: run nginx/wrk test: smc_run nginx smc_run wrk -t 16 -c 1000 -d -H...
6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: run nginx/wrk test: smc_run nginx smc_run wrk -t 16 -c 1000 -d -H...
7AI Score
0.0004EPSS
Test and evaluate your WAF before hackers
Since 1991, Web Application Firewall, commonly referred to as WAF, has become one of the most common application security technologies available on the market. Since the last century, WAFs have evolved by incorporating the cloud and using Machine Learning instead of RegExp. Currently, few...
6.6AI Score
6.5AI Score
7.4AI Score
0.0004EPSS
8.6CVSS
7.4AI Score
0.957EPSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 16 -c 1000 -d -H...
7.4AI Score
0.0004EPSS
7.4AI Score
0.002EPSS
Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read
...
8.6CVSS
8.9AI Score
0.957EPSS
8.6CVSS
8.9AI Score
0.957EPSS
Bootiful Spring Boot in 2024 (part 1)
NB: the code is here on my Github account: github.com/joshlong/bootiful-spring-boot-2024-blog. Hi, Spring fans! I'm Josh Long, and I work on the Spring team. I'm excited to be keynoting and giving a talk at Microsoft's JDConf this year. I'm a Kotlin GDE and a Java Champion, and I'm of the opinion.....
6.9AI Score
6.8AI Score
0.002EPSS
e-d-s.fr Cross Site Scripting vulnerability OBB-3868953
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
6.6AI Score
EPSS
6.7AI Score
EPSS
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). Bugs https://github.com/libexpat/libexpat/issues/839 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065868...
7.3AI Score
0.0004EPSS
A Close Up Look at the Consumer Data Broker Radaris
If you live in the United States, the data broker Radaris likely knows a great deal about you, and they are happy to sell what they know to anyone. But how much do we know about Radaris? Publicly available data indicates that in addition to running a dizzying array of people-search websites, the...
6.6AI Score
openSUSE: Security Advisory for python39 (SUSE-SU-2024:0784-1)
The remote host is missing an update for...
9.8CVSS
8.3AI Score
0.035EPSS
[SECURITY] Fedora 40 Update: java-diff-utils-4.12-7.fc40
Diff Utils library is an OpenSource library for performing the comparison / d iff operations between texts or some kind of data: computing diffs, applying patches, genera ting unified diffs or parsing them, generating diff output for easy future displaying (lik e side-by-side view) and so...
9.2AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: jakarta-interceptors-2.0.0-12.fc40
Jakarta Interceptors defines a means of interposing on business method invocations and specific events=EF=BF=BD=EF=BF=BD=EF=BF=BDsuch as lifecycle e vents and timeout events=EF=BF=BD=EF=BF=BD=EF=BF=BDthat occur on instances of Jakarta EE compon ents and other managed...
9.1AI Score
0.0004EPSS
Summary Vulnerability in cURL libcurl could allow a remote attacker to bypass security restrictions (CVE-2023-46218). AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details ** CVEID: CVE-2023-46218 ...
6.5CVSS
6.4AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 121 vulnerabilities disclosed in 88...
9.8CVSS
9.6AI Score
0.001EPSS
Predator spyware vendor banned in US
The US Treasury Department has sanctioned Predator spyware vendor Intellexa Consortium, and banned the company from doing business in the US. Predator can turn infected smartphones into surveillance devices. Intellexa is based in Greece but the Treasury Department imposed the sanctions because of.....
7.4AI Score
The year in figures 45.60% of all email sent worldwide and 46.59% of all email sent in the Runet (the Russian web segment) was spam 31.45% of all spam email was sent from Russia Kaspersky Mail Anti-Virus blocked 135,980,457 malicious email attachments Our Anti-Phishing system thwarted 709,590,011.....
7.8CVSS
7.3AI Score
0.974EPSS
e-cervo.com Improper Access Control vulnerability OBB-3867375
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
7.4AI Score
EPSS
9.8CVSS
8AI Score
0.035EPSS
9.8CVSS
8.1AI Score
0.035EPSS
SUSE SLES12 Security Update : sendmail (SUSE-SU-2024:0742-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0742-1 advisory. sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to...
5.3CVSS
6.9AI Score
0.002EPSS
AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2023-46218)
IBM SECURITY ADVISORY First Issued: Wed Mar 6 15:05:06 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curl_advisory4.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl...
6.5CVSS
6.7AI Score
0.001EPSS
Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout
The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is...
7.3AI Score
A New Way To Manage Your Web Exposure: The Reflectiz Product Explained
An in-depth look into a proactive website security solution that continuously detects, prioritizes, and validates web threats, helping to mitigate security, privacy, and compliance risks. [Reflectiz shields websites from client-side attacks, supply chain risks, data breaches, privacy violations,...
6.9AI Score
In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth...
9.6CVSS
6.7AI Score
0.001EPSS
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element...
6.1CVSS
5.3AI Score
0.006EPSS
Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php;....
6.1CVSS
6.2AI Score
0.001EPSS
PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to....
8.8CVSS
6.7AI Score
0.001EPSS
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in...
6.1CVSS
6AI Score
0.069EPSS
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function LOAD_FILE in a SELECT request. This.....
7.7CVSS
7.4AI Score
0.001EPSS
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the ValidateCore::isCleanHTML() method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup @keyframes methods. This XSS,...
9.9CVSS
5.2AI Score
0.002EPSS
PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are...
9.9CVSS
7.2AI Score
0.002EPSS
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php...
6.1CVSS
5.7AI Score
0.113EPSS
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known...
9.8CVSS
7.7AI Score
0.001EPSS