7.4AI Score
0.003EPSS
Exploit for Cross-site Scripting in Cpanel
About the Tool ⚒️ cpanel_xss_2023 is a simple Python...
7.2AI Score
Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others
Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site. "The threat actors used multiple TTPs in this attack, including account takeover...
7.8AI Score
6.8AI Score
0.006EPSS
7.3AI Score
0.009EPSS
FreeBSD : chromium -- multiple vulnerabilities (4ed0e43c-5cef-11eb-bafd-3065ec8fd3ec)
Chrome Releases reports : This release contains 36 security fixes, including : [1137179] Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara on 2020-10-10 [1161357] High CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler...
9.2AI Score
Debian DSA-4846-1 : chromium - security update
Several vulnerabilities have been discovered in the chromium web browser. CVE-2020-16044 Ned Williamson discovered a use-after-free issue in the WebRTC implementation. CVE-2021-21117 Rory McNamara discovered a policy enforcement issue in Cryptohome. CVE-2021-21118 Tyler...
8.7AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through...
5.4CVSS
7.2AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through...
5.4CVSS
7AI Score
0.0004EPSS
Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin
A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. "Authentication bypass in Fortra's GoAnywhere MFT prior to...
9.8CVSS
7.5AI Score
0.968EPSS
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1. The vulnerability is remotely exploitable and allows an unauthorized user to create an admin user...
9.8CVSS
7.6AI Score
0.968EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through...
6.5AI Score
0.0004EPSS
Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <=...
4.8CVSS
5.1AI Score
0.001EPSS
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin <=...
4.8CVSS
4.8AI Score
0.001EPSS
Intel® Server Configuration Utility Software Installer Advisory
Summary: Potential security vulnerabilities in the Intel® Server Configuration Utility software installer may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-25075 Description: Unquoted search...
7.4AI Score
Summary: Potential security vulnerabilities in some Intel® QuickAssist Technology (QAT) software may allow information disclsoure or escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-28741 Description:...
7.6AI Score
7.1AI Score
7.1AI Score
7.4AI Score
Summary: A potential security vulnerability in some Intel® VCUST Tool software may allow escalation of privilege. Intel is releasing a software update to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-25944 Description: Uncontrolled search path element in some...
7.2AI Score
Intel® Server Boards and Server System Firmware Update Utility Advisory
Summary: A potential security vulnerability in the System Firmware Update Utility for some Intel® Server Boards and Server System may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-22841...
7.2AI Score
Intel® RST Software Installer Advisory
Summary: A potential security vulnerability in some Intel® Rapid Storage Technology (RST) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-43456 Description: Uncontrolled search path in.....
7.2AI Score
Killer - Is A Tool Created To Evade AVs And EDRs Or Security Tools
It's a AV/EDR Evasion tool created to bypass security tools for learning, until now the tool is FUD. Features: Module Stomping for Memory scanning evasion DLL Unhooking by fresh ntdll copy IAT Hiding and Obfuscation & API Unhooking ETW Patchnig for bypassing some security controls Included...
7AI Score
Unbreakable Enterprise kernel security update
[5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final() (Alexandre Ghiti) - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (Liu Jian) - riscv: mm: remove redundant parameter of create_fdt_early_page_table (Song Shuai) - kernfs:...
7.8CVSS
8.5AI Score
0.0004EPSS
Intel® NUC Pro Software Suite Advisory
Summary: Potential security vulnerabilities in the Intel® NUC Pro Software Suite may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-46656 Description: Insecure inherited permissions for the...
7.6AI Score
7.5CVSS
7.6AI Score
7.7AI Score
0.001EPSS
7.6AI Score
0.001EPSS
6.1CVSS
6.4AI Score
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
...
6.5AI Score
0.002EPSS
6.1CVSS
6.4AI Score
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting Vulnerab
...
6.1CVSS
6.4AI Score
0.003EPSS
kernel security, bug fix, and enhancement update
[4.18.0-425.19.2_7.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with.....
7.8CVSS
7.4AI Score
0.001EPSS
6.1CVSS
6.4AI Score
0.001EPSS
6.6AI Score
0.001EPSS
kernel security and bug fix update
[5.14.0-162.18.1_1.OL9] Update Oracle Linux certificates (Kevin Lyons) Disable signing for aarch64 (Ilya Okomin) Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] Update x509.genkey [Orabug: 24817676] Conflict with shim-ia32.....
7.8CVSS
-0.2AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence. This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability...
8.8CVSS
0.1AI Score
kernel security and bug fix update
[4.18.0-425.13.1_7.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with.....
7.5CVSS
7.8AI Score
0.001EPSS
WordPress Metform Elementor Contact Form Builder 3.1.2 Cross Site Scripting Vulnerability
WordPress Metform Elementor Contact Form Builder plugin versions 3.1.2 and below suffer from a persistent cross site scripting...
6.1CVSS
6.7AI Score
0.001EPSS
Metform Elementor Contact Form Builder < 3.2.0 - Unauthenticated Stored XSS
The plugin does not sanitize and escape some of its submitted entry data when outputting them back in the admin dashboard, which could allow unauthenticated attackers to perform Stored XSS attacks against an admin viewing the malicious...
6.1CVSS
6.5AI Score
0.001EPSS
Metform Elementor Contact Form Builder < 3.2.0 - Unauthenticated Stored XSS
The plugin does not sanitize and escape some of its submitted entry data when outputting them back in the admin dashboard, which could allow unauthenticated attackers to perform Stored XSS attacks against an admin viewing the malicious entry PoC Setup (as admin): Create a new form (using MetForm...
6.1CVSS
6.2AI Score
0.001EPSS
High-Severity XSS Vulnerability in Metform Elementor Contact Form Builder
On January 4, 2023, independent security researcher Mohammed Chemouri reached out to the Wordfence Vulnerability Disclosure program to responsibly disclose and request a CVE ID for a vulnerability in Metform Elementor Contact Form Builder, a WordPress plugin with over 100,000 installations. The...
-0.2AI Score
Wordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)
In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme and, plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfence's highly...
8.8CVSS
AI Score
kernel security and bug fix update
[5.14.0-162.12.1_1.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with.....
7.8CVSS
7.7AI Score
0.001EPSS
Node v18.13.0 (LTS) By Danielle Adams, Jan 06, 2023 Notable changes Add support for externally shared js builtins By default Node.js is built so that all dependencies are bundled into the Node.js binary itself. Some Node.js distributions prefer to manage dependencies externally. There are existing....
7.3AI Score
Watch Out! These Android Keyboard Apps With 2 Million Installs Can be Hacked Remotely
Multiple unpatched vulnerabilities have been discovered in three Android apps that allow a smartphone to be used as a remote keyboard and mouse. The apps in question are Lazy Mouse, PC Keyboard, and Telepad, which have been cumulatively downloaded over two million times from the Google Play Store.....
1.2AI Score
Summary: A potential security vulnerability in the Intel® Server Debug and Provisioning (SDP) Tool may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-26508 Description: Improper authentication in...
0.8AI Score
0.1AI Score
0.52EPSS
9.4CVSS
AI Score
6.8AI Score
0.52EPSS