Passbolt Api Remote code execution
Passbolt provides a way for system administrators to generate a PGP key for the server during installation. The wizard requests a username, an e-mail address and an optional comment. No escaping or verification is done by Passbolt, effectively allowing a user to inject bash code. The impact is...
7AI Score
Passbolt Api E-mail HTML injection
Passbolt sends e-mail to users to warn them about different type of events such as the creation, modification or deletion of a password. Those e-mails may contain user-specified input, such as a password’s title or description. Passbolt does not escape the user’s input properly, resulting in the...
6.8AI Score
Passbolt Api E-mail HTML injection
Passbolt sends e-mail to users to warn them about different type of events such as the creation, modification or deletion of a password. Those e-mails may contain user-specified input, such as a password’s title or description. Passbolt does not escape the user’s input properly, resulting in the...
6.8AI Score
Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal
Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting users into executing harmful...
7.1AI Score
In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: call request_irq() after NAPI initialized The mlxbf_gige driver encounters a NULL pointer exception in mlxbf_gige_open() when kdump is enabled. The sequence to reproduce the exception is as follows: a) enable kdump b).....
6.3AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Event Registration System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /registrar/?page=registration. The manipulation of the argument e leads to cross site scripting. The attack can be.....
3.5CVSS
3.8AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Event Registration System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /registrar/?page=registration. The manipulation of the argument e leads to cross site scripting. The attack can be.....
3.5CVSS
6.2AI Score
0.0004EPSS
CVE-2024-5121 SourceCodester Event Registration System cross site scripting
A vulnerability was found in SourceCodester Event Registration System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /registrar/?page=registration. The manipulation of the argument e leads to cross site scripting. The attack can be.....
3.5CVSS
6.2AI Score
0.0004EPSS
CVE-2024-5121 SourceCodester Event Registration System cross site scripting
A vulnerability was found in SourceCodester Event Registration System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /registrar/?page=registration. The manipulation of the argument e leads to cross site scripting. The attack can be.....
3.5CVSS
3.8AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Event Registration System 1.0. It has been classified as critical. Affected is an unknown function of the file /registrar/?page=registration. The manipulation of the argument e leads to sql injection. It is possible to launch the attack remotely. The...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Event Registration System 1.0. It has been classified as critical. Affected is an unknown function of the file /registrar/?page=registration. The manipulation of the argument e leads to sql injection. It is possible to launch the attack remotely. The...
6.3CVSS
7.3AI Score
0.0004EPSS
CVE-2024-5120 SourceCodester Event Registration System sql injection
A vulnerability was found in SourceCodester Event Registration System 1.0. It has been classified as critical. Affected is an unknown function of the file /registrar/?page=registration. The manipulation of the argument e leads to sql injection. It is possible to launch the attack remotely. The...
6.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-5120 SourceCodester Event Registration System sql injection
A vulnerability was found in SourceCodester Event Registration System 1.0. It has been classified as critical. Affected is an unknown function of the file /registrar/?page=registration. The manipulation of the argument e leads to sql injection. It is possible to launch the attack remotely. The...
6.3CVSS
7.4AI Score
0.0004EPSS
F5 Networks BIG-IP : Python vulnerabilities (K000139698)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000139698 advisory. Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x...
7.5CVSS
8AI Score
0.028EPSS
JAW - A Graph-based Security Analysis Framework For Client-side JavaScript
An open-source, prototype implementation of property graphs for JavaScript based on the esprima parser, and the EsTree SpiderMonkey Spec. JAW can be used for analyzing the client-side of web applications and JavaScript-based programs. This project is licensed under GNU AFFERO GENERAL PUBLIC...
7AI Score
In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: call request_irq() after NAPI initialized The mlxbf_gige driver encounters a NULL pointer exception in mlxbf_gige_open() when kdump is enabled. The sequence to reproduce the exception is as follows: a) enable kdump...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: call request_irq() after NAPI initialized The mlxbf_gige driver encounters a NULL pointer exception in mlxbf_gige_open() when kdump is enabled. The sequence to reproduce the exception is as follows: a) enable kdump b).....
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: call request_irq() after NAPI initialized The mlxbf_gige driver encounters a NULL pointer exception in mlxbf_gige_open() when kdump is enabled. The sequence to reproduce the exception is as follows: a) enable kdump b).....
6.5AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec...
7.8CVSS
8.5AI Score
0.0005EPSS
CVE-2024-35907 mlxbf_gige: call request_irq() after NAPI initialized
In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: call request_irq() after NAPI initialized The mlxbf_gige driver encounters a NULL pointer exception in mlxbf_gige_open() when kdump is enabled. The sequence to reproduce the exception is as follows: a) enable kdump b).....
6.2AI Score
0.0004EPSS
CVE-2024-35907 mlxbf_gige: call request_irq() after NAPI initialized
In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: call request_irq() after NAPI initialized The mlxbf_gige driver encounters a NULL pointer exception in mlxbf_gige_open() when kdump is enabled. The sequence to reproduce the exception is as follows: a) enable kdump b).....
6.6AI Score
0.0004EPSS
Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels
First, a couple of useful oneliners ;) wget "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -O lse.sh;chmod 700 lse.sh curl "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -Lo lse.sh;chmod 700 lse.sh Note...
7.7AI Score
9.8CVSS
7AI Score
0.974EPSS
9.8CVSS
9.6AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: call request_irq() after NAPI initialized The mlxbf_gige driver encounters a NULL pointer exception in mlxbf_gige_open() when kdump is enabled. The sequence to reproduce the exception is as follows: a) enable kdump b).....
6.4AI Score
0.0004EPSS
9.9CVSS
9.9AI Score
0.0004EPSS
The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail...
5.8AI Score
0.0004EPSS
The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail...
5.7AI Score
0.0004EPSS
A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely......
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely......
6.3CVSS
6.4AI Score
0.0004EPSS
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted...
7.7AI Score
EPSS
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted...
7.4AI Score
EPSS
CVE-2024-5049 Codezips E-Commerce Site editproduct.php unrestricted upload
A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely......
6.3CVSS
6.4AI Score
0.0004EPSS
China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT
Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year. "Deuterbear, while similar to Waterbear in many ways, shows...
6.8AI Score
GitLab 12.3 < 13.0.12 / 13.1 < 13.1.6 / 13.2 < 13.2.3 (CVE-2020-13292)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. (CVE-2020-13292) Note that Nessus has not tested for this issue but has...
9.6CVSS
7.2AI Score
0.001EPSS
SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2024:1667-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1667-1 advisory. A use-after-free exists in Python through 3.9 via heappushpop in heapq. (CVE-2022-48560) The email module...
7.5CVSS
7.7AI Score
0.001EPSS
The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail...
6AI Score
0.0004EPSS
Fuji Xerox / Fujifilm Printers Multiple Vulnerabilities (Mar 2024)
Multiple Fuji Xerox / Fujifilm printers are prone to multiple vulnerabilities in the Web Based...
6.8AI Score
0.0004EPSS
The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail...
5.7AI Score
0.0004EPSS
A vulnerability has been found in Codezips E-Commerce Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/addproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been.....
6.3CVSS
7AI Score
0.0004EPSS
A vulnerability has been found in Codezips E-Commerce Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/addproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been.....
6.3CVSS
6.5AI Score
0.0004EPSS
CVE-2024-4923 Codezips E-Commerce Site addproduct.php unrestricted upload
A vulnerability has been found in Codezips E-Commerce Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/addproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been.....
6.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-4923 Codezips E-Commerce Site addproduct.php unrestricted upload
A vulnerability has been found in Codezips E-Commerce Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/addproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been.....
6.3CVSS
7.1AI Score
0.0004EPSS
Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout (CVE-2024-27260)
Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to execute arbitrary commands (CVE-2024-27260). Vulnerability Details ** CVEID: CVE-2024-27260 DESCRIPTION: **IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout...
8.4CVSS
7.3AI Score
0.0004EPSS
Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024
This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun's arsenal — operate, based on a campaign from...
7.3AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1659-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1659-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi:...
7.8CVSS
7.7AI Score
0.0005EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1650-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1650-1 advisory. In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4...
7.8CVSS
8.1AI Score
0.0004EPSS
AIX is vulnerable to arbitrary command execution due to invscout (CVE-2024-27260)
IBM SECURITY ADVISORY First Issued: Wed May 15 17:28:09 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/invscout_advisory6.asc Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout...
8.4CVSS
7.2AI Score
0.0004EPSS
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
June 2024 update: At the end of May 2024, Microsoft Threat Intelligence observed Storm-1811 using Microsoft Teams as another vector to contact target users. Microsoft assesses that the threat actor uses Teams to send messages and initiate calls in an attempt to impersonate IT or help desk...
7.7AI Score
6.7CVSS
7AI Score
0.0004EPSS