Cisco Firepower Threat Defense Software Encrypted Archive File Policy Bypass Vulnerability
A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a.....
7.3AI Score
0.0004EPSS
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...
6.8CVSS
6.9AI Score
0.001EPSS
Multiple Cisco Products Snort 3 HTTP Intrusion Prevention System Rule Bypass Vulnerability
Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker...
7.2AI Score
0.0004EPSS
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana (OnPrem) build 275. Vulnerability Details ** CVEID: CVE-2023-43804 DESCRIPTION: **urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with cookie request header not.....
8.8CVSS
9.9AI Score
0.732EPSS
A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...
6.6AI Score
0.001EPSS
7.1AI Score
A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected...
7.2AI Score
0.0004EPSS
Malicious code in self-service-sigma-account (npm)
-= Per source details. Do not edit below this...
7.1AI Score
A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...
7.2AI Score
0.0004EPSS
A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of...
1.5AI Score
0.001EPSS
7.1AI Score
Malicious code in nintendo-of-europe (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (83c974b5b6c49df853841d0c3fef7af9c28d6098c68985d09855aee2fe153d52) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in code-of-daily-modern-wordfare (npm)
-= Per source details. Do not edit below this...
7.1AI Score
ezsystems/ezplatform-user is vulnerable to Brute Force Attack. The vulnerability is due to the password reset functionality not having sufficient protections against brute force attacks, allowing attackers to repeatedly attempt different passwords to gain unauthorized access to user...
7.5AI Score
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....
Malicious code in to-watch-avatar-2-the-way-of-water-full-online-stream04 (npm)
-= Per source details. Do not edit below this...
7.1AI Score
An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary...
9.8CVSS
7.6AI Score
0.002EPSS
Malicious code in watch-avatar-the-way-of-water-movie-online-free-at-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in watch-shazam-fury-of-the-gods-online-movie-free-at-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in watch-shazam-fury-of-the-gods-full-movies-free-on-at-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in watching-shazam-fury-of-the-gods-2023-full-online-free-on-streaming-at-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in watch-shazam-fury-of-the-gods-2023-movie-online-free-on-streaming-at-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in watch-shark-side-of-the-moon-2023-full-online-free-on-streaming-at-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in where-to-watch-shazam-fury-of-the-gods-fullmovies-free-on-at-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Summary IBM Virtualization Engine TS7700 is vulnerable to two potential denial of service conditions (CVE-2023-44487, CVE-2024-25026) and two instances of weaker than expected security (CVE-2023-50312, CVE-2023-46158) due to WebSphere Application Server Liberty. WebSphere Application Server...
9.8CVSS
7.8AI Score
0.732EPSS
Malicious code in watch-shazam-fury-of-the-gods-2023-online-free-on-streaming-at-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in watching-shazam-fury-of-the-gods-movie-online-on-free-at-the-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in watching-shazam-fury-of-the-gods-movie-online-on-free-at-the-home-free (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in shazam-fury-of-the-gods-2023-full-online-free-on-streaming-at-index-main (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in watch-now-shazam-fury-of-the-gods-2023-full-online-free-streaming-at-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in watch-for-shazam-fury-of-the-gods-2023-full-online-free-streaming-at-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in shazam-fury-of-the-gods-watching-full-online-free-on-streaming-at-index-main (npm)
-= Per source details. Do not edit below this...
7.1AI Score
U.S. Dept Of Defense: Subdomain takeover ████████.mil
Description: The subdomain █████.mil is pointing to peosol-lg.███████., the domain ██████ is currently available for registration as can be seen at https://www.godaddy.com/nl-nl/domainsearch/find?domainToCheck=█████ Given the rules, residency of the US, of the us-tld I decided not to register the.....
6.5AI Score
Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion
Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests...
7.5CVSS
7.2AI Score
0.975EPSS
Cisco Firepower Management Center Software Object Group Access Control List Bypass Vulnerability
A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....
7.3AI Score
0.0004EPSS
silverstripe/framework is vulnerable to Brute Force attacks. The vulnerability is due to the default Administrator accounts not being subject to the same brute force protection as other Member accounts, allowing unlimited login...
7AI Score
U.S. Dept Of Defense: Out-Of-Bounds Memory Read on ███
Vulnerability Identifier: OOB Memory Read (CVE-ID Pending) Affected System: Netscaler ADC and Gateway deployed at https://███████/nf/auth/doAuthentication.do Overview: An out-of-bounds (OOB) memory read vulnerability has been identified in Netscaler ADC (Application Delivery Controller) and...
9.4CVSS
7.8AI Score
0.971EPSS
In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for...
5.5CVSS
5.7AI Score
0.0004EPSS
ezsystems/ezplatform-admin-ui is vulnerable to a Brute Force Attack. The vulnerability is due to a weakness in the forgotten password reset functionality, which allows excessive attempts without sufficient lockout...
7.1AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
CloudArmor · Runtime Application Self-Protection Module -...
9.1AI Score
U.S. Dept Of Defense: Subdomain Takeover via Host Header Injection on www.█████
Vulnerability Overview Reported By: Ezequiel [@ezequielpuig] Reported Date: 01/October/2023 Reported To: U.S. Department Of Defense Vulnerability Type: Subdomain Takeover Affected URL: www.███████ Hello U.S. Department Of Defense Security Team, I hope this report finds you well. I want to bring...
6.5AI Score
Tokenizer vulnerable to client brute-force of token secrets
Impact Authorized clients, having an inject_processor secret, could brute-force the secret token value by abusing the fmt parameter to the Proxy-Tokenizer header. Patches This was fixed in https://github.com/superfly/tokenizer/pull/8 and further mitigated in...
6.8AI Score
Tokenizer vulnerable to client brute-force of token secrets
Impact Authorized clients, having an inject_processor secret, could brute-force the secret token value by abusing the fmt parameter to the Proxy-Tokenizer header. Patches This was fixed in https://github.com/superfly/tokenizer/pull/8 and further mitigated in...
6.8AI Score
Why Security Awareness Training is Your Best Defense
Cybercriminals are constantly on the lookout for ways to infiltrate our devices and steal our personal information....
7.4AI Score
7.1AI Score
Download Manager < 3.2.87 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting
Description The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
5.7AI Score
0.0004EPSS
U.S. Dept Of Defense: CVE-2021-39226 Discovered on endpoint https://██████/api/snapshots
Description: CVE-2021-39226 Discovered on endpoint https://███████/api/snapshots/:key where this issue poses a significant risk to the confidentiality and integrity of snapshot data, allowing both authenticated and unauthenticated users unauthorized access and deletion capabilities. References...
9.8CVSS
6.6AI Score
0.91EPSS
U.S. Dept Of Defense: [CVE-2018-0296] Cisco VPN path traversal on the https://██████████
Description I discovered previously unidentified instance https://████████ in DOD network, vulnerable to the CVE-2018-0296 (https://vulners.com/cve/CVE-2018-0296) It also accepts username and password for login flow instead secure cert auth. POC curl -i -k...
7.5CVSS
7AI Score
0.974EPSS
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.....
7.4AI Score
0.002EPSS
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...
7.4AI Score
0.0004EPSS