Yan&Co Security Vulnerabilities
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.5AI Score
0.0004EPSS
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
Malvertisers zoom in on cryptocurrencies and initial access
During the past month, we have observed an increase in the number of malicious ads on Google searches for "Zoom", the popular piece of video conferencing software. Threat actors have been alternating between different keywords for software downloads such as "Advanced IP Scanner" or "WinSCP"...
7.8AI Score
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
7.8CVSS
7.8AI Score
0.0004EPSS
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
Command Execution Vulnerability in ezEip System of Beijing Wando Network Technology Co.
The ezEip system is an enterprise website management system. A command execution vulnerability exists in the ezEip system of Beijing Wando Network Technology Co. Ltd, which can be exploited by an attacker to gain server...
7.5AI Score
Four U.S. Nationals Charged in $80 Million Pig Butchering Crypto Scam
Four U.S. nationals have been charged for participating in an illicit scheme that earned them more than $80 million via cryptocurrency investment scams. The defendants – Lu Zhang, 36, of Alhambra, California; Justin Walker, 31, of Cypress, California; Joseph Wong, 32, Rosemead, California; and...
7.3AI Score
OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted...
8CVSS
7.9AI Score
0.0004EPSS
Information Disclosure Vulnerability in UFIDA UAP System
UFIDA Network Technology Co., Ltd. is a leading global provider of enterprise cloud services and software. An information disclosure vulnerability exists in the UFIDA UAP system, which can be exploited by attackers to obtain sensitive...
6.4AI Score
New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks
A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications channel. "The malware utilizes NKN technology for data exchange between peers, functioning as a potent....
10CVSS
9.6AI Score
0.975EPSS
Pricing inconsistencies introduced via rounding/truncation errors
Lines of code Vulnerability details Impact Calculating share/token prices via bonding curves which involve mathematical operations like logs and divisions can introduce small rounding errors each time. Over many transactions, these errors could accumulate and lead to pricing inconsistencies that...
7AI Score
The EG2000SE is a multi-service router. An information disclosure vulnerability exists in the EG2000SE of Beijing StarNet Ruijie Network Technology Company Limited, which can be exploited by attackers to obtain sensitive...
6.4AI Score
Beijing Yisetong Technology Development Co., Ltd. is a leading data security business provider in China. An information leakage vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co., Ltd, which can be exploited by attackers to...
6.6AI Score
Nagios XI SQLi Vulnerability (Dec 2013) - Active Check
Nagios XI is prone to an SQL injection (SQLi) vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL...
7.6AI Score
0.923EPSS
The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming...
6.3AI Score
0.049EPSS
Vulnerability Researchers: Check out The Critical Thinking Podcast
Today, The Wordfence Bug Bounty Program was featured on an episode of the Critical Thinking Podcast, a top resource and community for bug bounty researchers. Critical Thinking is a podcast focused on ethical hacking and security analysis and is described as a “by Hackers for Hackers podcast...
7.2AI Score
Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line...
5.8AI Score
0.006EPSS
Malicious code in co-browsing (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d77c18f02a834ec52bf40d097be7a0b897d357470e864c8ee0fe67110e19656d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number....
7.8AI Score
0.099EPSS
Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the...
6.3AI Score
0.094EPSS
Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...
10CVSS
10AI Score
0.001EPSS
co-wars.de Cross Site Scripting vulnerability OBB-3584926
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login...
5.3CVSS
6.8AI Score
0.001EPSS
Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be...
7.8CVSS
7.6AI Score
0.001EPSS
The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive...
5.9CVSS
5.1AI Score
0.001EPSS
Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier. If a user opens a specially crafted file (X1 or V9 file), information may be disclosed and/or arbitrary code may be...
7.8CVSS
7.7AI Score
0.001EPSS
Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be...
7.8CVSS
7.8AI Score
0.001EPSS
Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be...
7.8CVSS
7.9AI Score
0.001EPSS
Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be...
7.8CVSS
7.6AI Score
0.001EPSS
Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be...
7.8CVSS
7.5AI Score
0.001EPSS
Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be...
7.8CVSS
7.5AI Score
0.001EPSS
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected...
6.6AI Score
0.001EPSS
Arbitrary File Download Vulnerability in Yonyou UAP/NC of UFIDA Network Technology Co.
Founded in 1988, UFIDA is a global provider of advanced cloud services, software, and financial services for enterprises and public organizations. An arbitrary file download vulnerability exists in Yonyou UAP/NC, which can be exploited by attackers to obtain sensitive...
7AI Score
An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login...
5.3CVSS
5.2AI Score
0.001EPSS
An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login...
5.3CVSS
5.2AI Score
0.001EPSS
Are Vehicle to Grid spikes coming?
If you didn’t already know, I’m a massive fan of electric vehicles. One of the aspects that intrigues me is Vehicle to Grid (V2G), the potential for our car batteries to store and release electricity to and from the grid, providing balance for the peaks and troughs of demand. It’s a part of what...
7.5AI Score
A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....
7.3CVSS
9.8AI Score
0.001EPSS
Stable Channel Update for ChromeOS/ChromeOS Flex
ChromeOS M119 Stable The Stable channel is being updated to OS version: 15633.44.0 Browser version: 119.0.6045.158 for most ChromeOS devices. If you find new issues, please let us know one of the following ways File a bug Visit our ChromeOS communities General: Chromebook Help Community Beta...
9.8CVSS
7.4AI Score
EPSS