Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through.....
5.9CVSS
5.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through.....
4.8CVSS
0.0004EPSS
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected...
6.5CVSS
7AI Score
0.001EPSS
Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode...
7.5CVSS
7.3AI Score
0.0005EPSS
Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode...
7.5CVSS
0.0005EPSS
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...
9.8CVSS
7.1AI Score
0.004EPSS
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary....
9.8CVSS
9.7AI Score
0.217EPSS
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege...
8.4CVSS
6.2AI Score
0.001EPSS
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...
7.8CVSS
6.5AI Score
0.002EPSS
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary...
8.1CVSS
7.1AI Score
0.001EPSS
Geon is a board game based on solving questions about the Pythagorean Theorem. Malicious users can obtain the uuid from other users, spoof that uuid through the browser console and become co-owners of the target session. This issue is patched in version 1.1.0. No known workaround...
7.1CVSS
6.6AI Score
0.001EPSS
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed.....
4.3CVSS
9.3AI Score
0.002EPSS
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have....
4.7CVSS
6.8AI Score
0.001EPSS
Information Disclosure Vulnerability in EG2000SE of Beijing StarNet Ruijie Network Technology Co.
The EG2000SE is a multi-service router. An information disclosure vulnerability exists in the EG2000SE of Beijing StarNet Ruijie Network Technology Company Limited, which can be exploited by attackers to obtain sensitive...
6.4AI Score
Fedora: Security Advisory for grafana-pcp (FEDORA-2023-3bc3404fc1)
The remote host is missing an update for...
7.5AI Score
EG2000SE is a router product. An information disclosure vulnerability exists in the EG2000SE of Beijing StarNet Ruijie Network Technology Company Limited, which can be exploited by attackers to obtain sensitive...
6.4AI Score
EG2000SE is a router product. An information disclosure vulnerability exists in the EG2000SE of Beijing StarNet Ruijie Network Technology Company Limited, which can be exploited by attackers to obtain sensitive...
6.4AI Score
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the...
3.1CVSS
6.9AI Score
0.001EPSS
NetProbe is a tool you can use to scan for devices on your network. The program sends ARP requests to any IP address on your network and lists the IP addresses, MAC addresses, manufacturers, and device models of the responding devices. Features Scan for devices on a specified IP address or subnet.....
7.3AI Score
How Strata Identity and Microsoft Entra ID solve identity challenges in mergers and acquisitions
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Along with every merger and acquisition between two companies comes the need to combine and strengthen their IT infrastructure. In particular, there is an immediate and profound...
7.3AI Score
How Strata Identity and Microsoft Entra ID solve identity challenges in mergers and acquisitions
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Along with every merger and acquisition between two companies comes the need to combine and strengthen their IT infrastructure. In particular, there is an immediate and profound...
7.3AI Score
In flv extractor, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.4AI Score
0.0004EPSS
CVE-2023-39921 WordPress Molongui Plugin <= 4.6.19 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through.....
5.9CVSS
6AI Score
0.0004EPSS
Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside....
6.1CVSS
6.1AI Score
0.001EPSS
Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific...
8.8CVSS
8.6AI Score
0.0005EPSS
In Gnss service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.7AI Score
0.0004EPSS
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected...
6.5CVSS
6.4AI Score
0.001EPSS
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected...
6.5CVSS
0.001EPSS
In video service, there is a possible out of bounds read due to a incorrect bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.4AI Score
0.0004EPSS
Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode...
7.6AI Score
0.0005EPSS
Ten Years Later, New Clues in the Target Breach
On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string "Rescator," which also.....
7.1AI Score
In video service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.4AI Score
0.0004EPSS
Year in Malware 2023: Recapping the major cybersecurity stories of the past year
If there is anything the cybersecurity world learned in 2023, it's that you can never count any bad guy out. Botnets kept coming back from the dead, ransomware actors found new ways to make money through data theft extortion and threat actors and malware who have been around for more than a decade....
7.5CVSS
7.5AI Score
0.732EPSS
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB,....
9.8CVSS
9.4AI Score
0.001EPSS
First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB....
9.8CVSS
9.2AI Score
0.001EPSS
In gpu driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.6AI Score
0.0004EPSS
In TeleService, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.6AI Score
0.0004EPSS
In gpu driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.6AI Score
0.0004EPSS
In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS
In gpu driver, there is a possible out of bounds write due to a incorrect bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS
In enginnermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.3AI Score
0.0004EPSS
In camera service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In telecom service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.4AI Score
0.0004EPSS
In gpu driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.6AI Score
0.0004EPSS
In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges...
7.5CVSS
7.2AI Score
0.001EPSS
In telephony service, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges...
4.4CVSS
4.4AI Score
0.0004EPSS
In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In telocom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS