5.5CVSS
6.2AI Score
0.0005EPSS
5.5CVSS
6.2AI Score
0.0005EPSS
5.5CVSS
6.2AI Score
0.0005EPSS
9.8CVSS
7.6AI Score
0.006EPSS
4.7CVSS
6.6AI Score
0.025EPSS
8.8CVSS
8.4AI Score
0.001EPSS
talent500.co Cross Site Scripting vulnerability OBB-3757667
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
7.8CVSS
6.5AI Score
0.01EPSS
9.8CVSS
7.6AI Score
0.006EPSS
OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly
Overview Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were introduced in version 3.0.0 with the inclusion of support for punycode email address parsing for X.509 certificates. OpenSSL's assessment of the severity of the...
7.5CVSS
7.9AI Score
EPSS
8.8CVSS
6.5AI Score
0.004EPSS
5.9CVSS
6.2AI Score
0.001EPSS
Molongui < 4.6.20 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.6.19 due to insufficient input sanitization and output escaping. This makes it possible for....
4.8CVSS
5.9AI Score
0.0004EPSS
9.8CVSS
7.6AI Score
0.006EPSS
7.7AI Score
0.006EPSS
6.4AI Score
0.084EPSS
Command Execution Vulnerability in SuperMap iPortal of Beijing SuperMap Software Co.
SuperMap iPortal is a GIS portal platform for cloud computing, which enables the integration, discovery, sharing and management of various GIS resources such as maps, services, scenes and data, and also monitors multiple GIS servers within the organization to ensure the safe and stable operation...
7.2AI Score
9.1CVSS
9.5AI Score
0.004EPSS
Weak Password Vulnerability in MSG3100 at Resconda Technology Development Co.
MSG3100 is a box-type IP PBX product for government and enterprise customers, applicable to enterprises with less than 300 people, adopting 1U box-type design, used at the interface between enterprise internal network and access network, to meet the business needs of enterprise voice and data....
7AI Score
Unauthorized Access Vulnerability in ShopXO of Shanghai Zongzig Technology Co.
ShopXO is enterprise-level B2C open source e-commerce system. Ltd. ShopXO has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive...
6.8AI Score
6.4AI Score
0.099EPSS
chromium -- multiple security fixes
Chrome Releases reports: This update includes 17 security fixes: [1484394] High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19 [1504936] High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane (rebane2001) on 2023-11-24 [1496250]...
9.8CVSS
7.8AI Score
0.001EPSS
8.8CVSS
7AI Score
0.035EPSS
Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not...
5.5CVSS
5.4AI Score
0.0004EPSS
6.6AI Score
0.027EPSS
7.8CVSS
7.3AI Score
0.001EPSS
Command Execution Vulnerability in SuperMap iServer 10i of Beijing SuperMap Software Co.
SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. A command execution vulnerability exists in SuperMap iServer 10i of Beijing SuperMap Software Co. Ltd. that can be exploited by an attacker to gain control of the...
7.5AI Score
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...
7AI Score
0.001EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2020-1698)
The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724). CVE-2020-24490: Fixed a heap buffer...
8.8CVSS
8.4AI Score
0.008EPSS
An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web...
8.8CVSS
8.7AI Score
0.001EPSS
An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web...
8.8CVSS
8.8AI Score
0.001EPSS
6.7CVSS
5.8AI Score
0.001EPSS
SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. An unauthorized access vulnerability exists in SuperMap iServer of Beijing SuperMap Software Co. Ltd, which can be exploited by attackers to obtain sensitive...
6.8AI Score
8.1CVSS
7.3AI Score
0.053EPSS
Damon Qiji big data visualization system is a one-stop tool platform for big data display. An arbitrary file read vulnerability exists in the Damon Qizhi Big Data Visualization System (DMQZDV Experience Version) of Wuhan Damon Database...
7.1AI Score
Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...
7.5AI Score
Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in....
9.8CVSS
9.6AI Score
0.001EPSS
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through...
5.5CVSS
7.4AI Score
0.001EPSS
Beijing Kuangshi Technology Co., Ltd. is an artificial intelligence company focusing on IoT scenarios. An unauthorized access vulnerability exists in the Kuangxiang MEGVII face recognition pass platform of Beijing Kuangxiang Technology Co. that can be exploited by attackers to obtain sensitive...
6.8AI Score
Ltd. is an independent innovative enterprise dedicated to WEB application security solutions and application delivery. There is an unauthorized access vulnerability in the website monitoring and warning platform of Yuanjiang Shengbang (Beijing) Network Security Technology Co., Ltd, which can be...
7.1AI Score
About the security content of macOS Monterey 12.7.3
About the security content of macOS Monterey 12.7.3 This document describes the security content of macOS Monterey 12.7.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
9.8CVSS
8.8AI Score
0.009EPSS
openSUSE Security Update : nsd (openSUSE-2020-2222)
This update for nsd fixes the following issues : nsd was updated to the new upstream release 4.3.4 FEATURES : Merge PR #141: ZONEMD RR type. BUG FIXES : Fix that symlink does not interfere with chown of pidfile (boo#1179191, CVE-2020-28935) Fix #128: Fix that the invalid port number is...
5.5CVSS
8.1AI Score
0.004EPSS
In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges...
4.4CVSS
4.4AI Score
0.0004EPSS
In phasecheckserver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.5AI Score
0.0004EPSS
7CVSS
8AI Score
0.573EPSS
Breaking unlinkability in Identity Mixer using malicious keys
CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key...
5.3CVSS
7AI Score
0.0005EPSS
In autotest driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS
Stable Channel Update for Desktop
The Stable channel has been updated to 121.0.6167.85 for Mac and Linux and 121.0.6167.85/.86 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Security Fixes and Rewards Note: Access to bug details and links may be kept...
9.8CVSS
7.7AI Score
EPSS
FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty
A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and...
7AI Score
Breaking unlinkability in Identity Mixer using malicious keys
CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key...
5.3CVSS
6.8AI Score
0.0005EPSS