Ltd. is a private scientific and technological enterprise with technology development as the main body, specializing in the research, development, production and sales of remote water, electricity, gas, heat four meters and meter reading system. Shandong Weimicro Technology Co., Ltd. intelligent...
7.5AI Score
A Bootiful Podcast: Abdel Sghiouar, Cloud Native Developer Advocate at Google
Hi, Spring fans! Abdel Sghiouar is a senior Cloud Native Developer Advocate at Google, a co-host of the Kubernetes Podcast by Google and a CNCF Ambassador, and it was my pleasure to sit down with him at the amazing Spring IO event in Barcelona and catch up on all things Kubernetes and...
7.1AI Score
Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...
6.4AI Score
0.0004EPSS
Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change...
6.6AI Score
0.0004EPSS
Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change...
6.9AI Score
0.0004EPSS
Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. A command execution vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co.,...
7.6AI Score
Important: grafana-pcp security and bug fix update
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...
7.5CVSS
7.7AI Score
0.0005EPSS
The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to....
9.8CVSS
10AI Score
0.0004EPSS
The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to....
9.8CVSS
8.3AI Score
0.0004EPSS
API Cyberattacks: A Growing Threat for Organizations in Latin America
Learn about the growing threat of API cyberattacks and their effect on industries across Latin...
7.3AI Score
Molongui < 4.7.8 - Authenticated (Author+) Insecure Direct Object Reference
Description The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.7.7 due to missing validation on a user controlled key. This makes it possible for authenticated...
2.7CVSS
6.7AI Score
0.0004EPSS
Debian DLA-1932-1 : openssl security update
Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit. CVE-2019-1547 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit...
4.7CVSS
6.5AI Score
0.015EPSS
Cisco Talos is delighted to share updates about our ongoing partnership with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to combat cybersecurity threats facing civil society organizations. Talos has partnered with CISA on several initiatives through the Joint Cyber Defense...
7.4AI Score
SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids...
7.8AI Score
0.0004EPSS
SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids...
7.5AI Score
0.0004EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8)
The version of AOS installed on the remote host is prior to 6.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8 advisory. Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in...
9.8CVSS
9.4AI Score
0.123EPSS
The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user...
6.9AI Score
0.0004EPSS
Important: grafana-pcp security and bug fix update
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...
7.5CVSS
7.5AI Score
0.0005EPSS
grafana-pcp security and bug fix update
An update is available for grafana-pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Grafana plugin for Performance Co-Pilot includes datasources for...
7.5CVSS
7.5AI Score
0.0005EPSS
Important: grafana-pcp security and bug fix update
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...
7.5CVSS
7.6AI Score
0.0005EPSS
Microsoft to Support ARM Chips in Upcoming Windows Version
Microsoft Corp., feeling pressure from popular products like Apple Inc.'s iPad, is developing a new operating system that marks a departure from the company's traditional reliance on Intel Corp.'s chip technology. This information comes from sources familiar with Microsoft's plans. Next month,...
6.7AI Score
RHEL 6 : openssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssh: loading of untrusted PKCS#11 modules in ssh-agent (CVE-2016-10009) openssh: scp allows command...
8.4AI Score
0.102EPSS
(RHSA-2024:1644) Important: grafana-pcp security and bug fix update
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...
7.7AI Score
0.0005EPSS
Managed Detection and Response in 2023
Managed Detection and Response in 2023 (PDF) Alongside other security solutions, we provide Kaspersky Managed Detection and Response (MDR) to organizations worldwide, delivering expert monitoring and incident response 24/7. The task involves collecting telemetry for analysis by both...
7AI Score
About the security content of watchOS 10.5
About the security content of watchOS 10.5 This document describes the security content of watchOS 10.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
8.8CVSS
7.3AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...
6.5AI Score
0.0004EPSS
SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids...
7.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before...
5.4CVSS
6.9AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before...
5.4CVSS
5.5AI Score
0.0004EPSS
CVE-2024-31936 WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before...
5.4CVSS
5.7AI Score
0.0004EPSS
Cisco Talos' Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software. Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read...
9.8CVSS
9.8AI Score
0.001EPSS
In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges...
6.6AI Score
0.0004EPSS
Ltd. is a private scientific and technological enterprise with technology development as the main body, specializing in the research, development, production and sales of remote water, electricity, gas, heat four meters and meter reading system. The water information management platform of...
7.5AI Score
About the security content of tvOS 17.5
About the security content of tvOS 17.5 This document describes the security content of tvOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....
8.8CVSS
7.5AI Score
0.001EPSS
Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. There is an information leakage vulnerability in the integrated management platform of Zhejiang Dahua Technology Co., Ltd. that can be exploited by attackers to obtain sensitive...
6.6AI Score
In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges...
6.7AI Score
0.0004EPSS
In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
6.7AI Score
0.0004EPSS
In faceid service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges...
6.5AI Score
0.0004EPSS
Top 4 Industries at Risk of Credential Stuffing and Account Takeover (ATO) attacks
All industries are at risk of credential stuffing and account takeover (ATO) attacks. However, some industries are at a greater risk because of the sensitive information or volume of customer data they possess. While cyber-attacks come in all forms and techniques, credential stuffing involves an...
6.9AI Score
In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges...
6.6AI Score
0.0004EPSS
In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
6.7AI Score
0.0004EPSS
In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges...
6.9AI Score
0.0004EPSS
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges...
6.5AI Score
0.0004EPSS
Helm dependency management path traversal
A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. Impact When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected...
6.4CVSS
6.8AI Score
0.0004EPSS
An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair...
7.2AI Score
0.0004EPSS
An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair...
7.5AI Score
0.0004EPSS
An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool...
6.8AI Score
0.0004EPSS
An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool...
6.6AI Score
0.0004EPSS
In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges...
6.2AI Score
0.0004EPSS