6AI Score
0.001EPSS
5.1AI Score
0.001EPSS
Reflected XSS Vulnerability in Security Analytics Web UI
SUMMARY The Symantec Security Analytics (SA) Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other....
6.1CVSS
-0.2AI Score
0.002EPSS
kernel security, bug fix, and enhancement update
[3.10.0-957] - [mm] mlock: avoid increase mm->locked_vm on mlock() when already mlock2(, MLOCK_ONFAULT) (Rafael Aquini) [1633059] [3.10.0-956] - [block] blk-mq: fix hctx debugfs entry related race between update hw queues and cpu hotplug (Ming Lei) [1619988] - [nvme] nvme-pci: unquiesce dead...
7.8CVSS
-0.4AI Score
0.016EPSS
MonstraCMS Authenticated Arbitrary File Upload Exploit
Monstra CMS 3.0.4 allows users to upload arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against Monstra CMS...
8.9AI Score
0.919EPSS
0.2AI Score
0.919EPSS
Monstra CMS Authenticated Arbitrary File Upload
MonstraCMS 3.0.4 allows users to upload Arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This module was tested against MonstraCMS...
0.8AI Score
kernel security and bug fix update
[2.6.32-754.OL6] - Update genkey [bug 25599697] [2.6.32-754] - [powerpc] 64s: Add support for a store forwarding barrier at kernel entry/exit (Mauricio Oliveira) [1581053] {CVE-2018-3639} - [x86] amd: Disable AMD SSBD mitigation in a VM (Waiman Long) [1580360] - [x86] spec_ctrl: Fix late microcode....
9.8CVSS
-0.1AI Score
0.976EPSS
kernel security, bug fix, and enhancement update
[3.10.0-862.OL7] Oracle Linux certificates (Alexey Petrenko) Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) Update x509.genkey [bug 24817676] [3.10.0-862] [netdrv] i40e: Fix attach VF to VM issue (Stefan Assmann) [1528123]...
9.8CVSS
0.1AI Score
0.975EPSS
U.S. Charges 9 Iranians With Hacking Universities to Steal Research Data
The United States Department of Justice has announced criminal charges and sanctions against 9 Iranians involved in hacking universities, tech companies, and government organisations worldwide to steal scientific research resources and academic papers. According to the FBI officials, the...
6.8AI Score
SilverStripe CMS 3.6.2 - CSV Excel Macro Injection Vulnerability
Exploit for php platform in category web...
0.1AI Score
SilverStripe CMS 3.6.2 - CSV Excel Macro Injection
SilverStripe CMS 3.6.2 - CSV Excel Macro...
AI Score
7.4AI Score
AI Score
Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload Remote Code Execution
Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload Remote Code...
0.5AI Score
7.4AI Score
0.1AI Score
Monstra CMS 3.0.4 Remote Shell Upload Vulnerability
Monstra CMS version 3.0.4 suffers from a remote shell upload vulnerability that allows for remote code...
7.8AI Score
Monstra CMS - Remote Code Execution
Monstra CMS - Remote Code Execution. CVE-2017-18048. Webapps exploit for PHP...
8.8CVSS
9AI Score
0.929EPSS
kernel security and bug fix update
[3.10.0-693.11.1.OL7] Oracle Linux certificates (Alexey Petrenko) Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) Update x509.genkey [bug 24817676] [3.10.0-693.11.1] [powerpc] perf: Fix book3s kernel to userspace backtraces...
5.5CVSS
0.3AI Score
0.0004EPSS
Kirby CMS < 2.5.7 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web...
5.8AI Score
0.001EPSS
5.4CVSS
AI Score
5.9AI Score
0.001EPSS
5.5AI Score
0.001EPSS
6AI Score
0.003EPSS
KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection
KeystoneJS 4.0.0-beta.5 - CSV Excel Macro...
8.8CVSS
-0.4AI Score
KeystoneJS 4.0.0-beta.5 Unauthenticated Stored Cross Site Scripting Vulnerability
Exploit for jsp platform in category web...
5.9AI Score
0.003EPSS
6.1CVSS
-0.5AI Score
8.8AI Score
0.014EPSS
8.7AI Score
0.014EPSS
5.7AI Score
0.003EPSS
KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vulnerability
KeystoneJS version 4.0.0-beta.5 suffers from an unauthenticated CSV injection vulnerability in admin/server/api/download.js and...
0.1AI Score
0.014EPSS
6.4AI Score
0.006EPSS
6.1CVSS
AI Score
AI Score
0.006EPSS
6.6AI Score
0.006EPSS
5.5AI Score
0.003EPSS
5.8AI Score
0.003EPSS
OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting
OctoberCMS 1.0.425 (Build 425) - Cross-Site...
5.4CVSS
-0.5AI Score
-0.4AI Score
0.003EPSS
5.5AI Score
0.007EPSS
-0.1AI Score
0.007EPSS
6.1AI Score
0.007EPSS
4.8CVSS
AI Score
WordPress: Clickjacking mercantile.wordpress.org
A Clickjaking Issue had been previously reported by "giantfire" on Aug 9th (19 days ago) and the issue was fixed by "iandunn" on Aug 25th (3 days ago) and the same disclosed on Aug 28th. Here the affected URL is- https://mercantile.wordpress.org/ "iandunn closed the report and changed the status...
-0.1AI Score
7AI Score
WinSCP 5.9.4 - LIST Denial of Service (Metasploit)
WinSCP 5.9.4 - LIST Denial of Service...
0.2AI Score
7.4AI Score
Schneider Electric homeLYnk Controller (Update A)
CVSS V3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Schneider Electric Equipment: homeLYnk Controller, LSS100100 Vulnerability: Cross-site Scripting, Command Injection UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-019-01.....
6.9AI Score
0.004EPSS
Threat Outbreak Alert RuleID28187: Email Messages Distributing Malicious Software on March 8, 2017
Medium Alert ID: 52961 First Published: 2017 March 8 16:44 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID28187) may contain the following...
AI Score