Molongui < 4.6.20 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.6.19 due to insufficient input sanitization and output escaping. This makes it possible for....
4.8CVSS
5.9AI Score
0.0004EPSS
RG-UAC Ruijie Unified Internet Behavior Management and Auditing System is an Internet behavior management and auditing product. A command execution vulnerability exists in the RG-UAC Ruijie Unified Internet Behavior Management and Audit System of Beijing StarNet Ruijie Network Technology Co. Ltd,.....
7.5AI Score
5.9CVSS
6.2AI Score
0.001EPSS
9.8CVSS
7.6AI Score
0.006EPSS
An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...
5.4CVSS
5.5AI Score
0.0004EPSS
An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...
5.4CVSS
5.5AI Score
0.0004EPSS
Command Execution Vulnerability in SuperMap iPortal of Beijing SuperMap Software Co.
SuperMap iPortal is a GIS portal platform for cloud computing, which enables the integration, discovery, sharing and management of various GIS resources such as maps, services, scenes and data, and also monitors multiple GIS servers within the organization to ensure the safe and stable operation...
7.2AI Score
Weak Password Vulnerability in MSG3100 at Resconda Technology Development Co.
MSG3100 is a box-type IP PBX product for government and enterprise customers, applicable to enterprises with less than 300 people, adopting 1U box-type design, used at the interface between enterprise internal network and access network, to meet the business needs of enterprise voice and data....
7AI Score
Unauthorized Access Vulnerability in ShopXO of Shanghai Zongzig Technology Co.
ShopXO is enterprise-level B2C open source e-commerce system. Ltd. ShopXO has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive...
6.8AI Score
9.1CVSS
9.5AI Score
0.004EPSS
6.4AI Score
0.099EPSS
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X1800GS-B v1.17 and...
6.8CVSS
7.1AI Score
0.0004EPSS
Beijing Shenzhou Green Alliance Technology Co., Ltd. is a company whose business scope includes technology development, technology consulting, technology services; computer system services and so on. A command execution vulnerability exists in the Green Alliance Operations and Maintenance Security....
7.9AI Score
SQL Injection Vulnerability in FineReport of Sailsoft Software Ltd.
Fansoft Software Ltd. is a professional big data BI and analytics platform provider in China. A SQL injection vulnerability exists in FineReport of FanSoft Software Co. Ltd, which can be exploited by attackers to obtain sensitive information from the...
7.5AI Score
7.8CVSS
7.3AI Score
0.001EPSS
An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...
5.7AI Score
0.0004EPSS
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...
7AI Score
0.001EPSS
Beijing Yisaitong Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the Yisetong Electronic Document Security Management System, which can be exploited by an attacker to....
7.5AI Score
Command Execution Vulnerability in SuperMap iServer 10i of Beijing SuperMap Software Co.
SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. A command execution vulnerability exists in SuperMap iServer 10i of Beijing SuperMap Software Co. Ltd. that can be exploited by an attacker to gain control of the...
7.5AI Score
Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted...
6.1CVSS
6.2AI Score
0.001EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2020-1698)
The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724). CVE-2020-24490: Fixed a heap buffer...
8.8CVSS
8.4AI Score
0.008EPSS
Shanghai Old Cadre app is a senior activity software specially created for some party members and old cadres in Shanghai. Shanghai Zhongyun Digital Win Cloud Computing Technology Co. Shanghai Old Cadre App has a logic flaw vulnerability that can be exploited by attackers to cause SMS...
7AI Score
Beijing Yisaitong Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A SQL injection vulnerability exists in the Yisetong electronic document security management system, which can be exploited by attackers to...
7.6AI Score
6.7CVSS
5.8AI Score
0.001EPSS
Damon Qiji big data visualization system is a one-stop tool platform for big data display. An arbitrary file read vulnerability exists in the Damon Qizhi Big Data Visualization System (DMQZDV Experience Version) of Wuhan Damon Database...
7.1AI Score
openSUSE Security Update : nsd (openSUSE-2020-2222)
This update for nsd fixes the following issues : nsd was updated to the new upstream release 4.3.4 FEATURES : Merge PR #141: ZONEMD RR type. BUG FIXES : Fix that symlink does not interfere with chown of pidfile (boo#1179191, CVE-2020-28935) Fix #128: Fix that the invalid port number is...
5.5CVSS
8.1AI Score
0.004EPSS
Breaking unlinkability in Identity Mixer using malicious keys
CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key...
5.3CVSS
7AI Score
0.0005EPSS
Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles,...
8.8CVSS
7.2AI Score
0.001EPSS
Breaking unlinkability in Identity Mixer using malicious keys
CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key...
5.3CVSS
6.8AI Score
0.0005EPSS
FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty
A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and...
7AI Score
Stable Channel Update for ChromeOS / ChromeOS Flex
Hello All, The Stable channel is being updated to 120.0.6099.235 (Platform version: 15662.76.0) for ChromeOS devices and will be rolled out over the next few days. If you find new issues, please let us know one of the following ways: File a bug Visit our Chrome OS communities General: Chromebook...
6.5CVSS
7AI Score
0.001EPSS
Beijing Kuangshi Technology Co., Ltd. is an artificial intelligence company focusing on IoT scenarios. An unauthorized access vulnerability exists in the Kuangxiang MEGVII face recognition pass platform of Beijing Kuangxiang Technology Co. that can be exploited by attackers to obtain sensitive...
6.8AI Score
cuevana123.co Cross Site Scripting vulnerability OBB-3737743
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
U.S. Government Disrupts Russia-Linked Botnet Engaged in Cyber Espionage
The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities. "These crimes included vast spear-phishing and similar credential...
9.8CVSS
9.8AI Score
0.915EPSS
Ltd. is an independent innovative enterprise dedicated to WEB application security solutions and application delivery. There is an unauthorized access vulnerability in the website monitoring and warning platform of Yuanjiang Shengbang (Beijing) Network Security Technology Co., Ltd, which can be...
7.1AI Score
Unauthorized Access Vulnerability in SuperMap iServer of Beijing SuperMap Software Co.
SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. An unauthorized access vulnerability exists in SuperMap iServer of Beijing SuperMap Software Co. Ltd, which can be exploited by attackers to obtain sensitive...
6.8AI Score
SaaS applications are the darlings of the software world. They enable work from anywhere, facilitate collaboration, and offer a cost-effective alternative to owning the software outright. At the same time, the very features that make SaaS apps so embraced – access from anywhere and collaboration –....
9.8CVSS
9.8AI Score
0.074EPSS
Directory Traversal Vulnerability in the Training Platform of Shenzhen Sigma Data Technology Co.
Shenzhen Sigma Data Technology Co., Ltd. is an enterprise mainly engaged in software and information technology service industry. Shenzhen Sigma Data Technology Co., Ltd. practical training teaching platform (to fish with the party) there is a directory traversal vulnerability, an attacker can use....
6.6AI Score
Xerox Workcentre 5735 LDAP Service Redential Extractor
This module extract the printer's LDAP username and password from Xerox Workcentre...
7.5AI Score
SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. An unauthorized access vulnerability exists in SuperMap iServer of Beijing SuperMap Software Co. Ltd, which can be exploited by attackers to obtain sensitive...
6.8AI Score
Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through...
9.8CVSS
7.3AI Score
0.001EPSS
Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...
7.5AI Score
Arrests in $400M SIM-Swap Tied to Heist at FTX?
Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just...
7.5AI Score
OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly
Overview Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were introduced in version 3.0.0 with the inclusion of support for punycode email address parsing for X.509 certificates. OpenSSL's assessment of the severity of the...
7.5CVSS
7.9AI Score
EPSS
Cybersecurity Must De-Risk the Business
The Catalyst for My Return to Qualys “Necessity is the mother of all invention.” – Plato Introduction Cybersecurity as a problem and practice is evolving. This evolution is driven by business risk. Does this sound obvious? For far too long, we in security have put the technology cart way ahead of.....
7.3AI Score
In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges...
4.4CVSS
4.4AI Score
0.0004EPSS
In vsp driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS
In autotest driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS
In vsp driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS
In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS